Active Directory Complete Guide

Active Directory Complete Guide

Here I am sharing my knowledge on the complete Active Directory Guide in a single post and the topics covered here are listed below.

  • Active Directory Basics
  • Key Features of Active Directory
  • Active Directory Users and Computers
  • DNS Server
  • What is FSMO Roles
  • How To Transfer FSMO Roles
  • Active Directory Domain Controllers
  • Primary Domain Controller (PDC)
  • Additional Domain Controller (ADC)
  • Read Only Domain Controller (RODC)
  • Child Domain Controller (CDC)
  • Allow or Prevent Domain Users from Joining Workstations to Domain
  • Downgrade AD Domain And Forest Functional Level
  • Resetting the Directory Services Restore Mode (DSRM) Password
  • Remove Failed or Offline Domain Controller From Active Directory Manually
  • Security Groups
  • Group Policy Implementation

Apart from the above listed topics additionally will discuss about the Few Tips and Tricks in Windows.

Now let’s get into the topic one by one

What Is Active Directory

 

Active Directory is a database that keeps track of all the user accounts and passwords in your organization. It allows you to store your user accounts and passwords in one protected location, improving your organization’s security.

Active Directory (AD) is a directory service that was developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.

A server running Active Directory Domain Services (AD DS) is called a domain controller which authenticates and authorizes all users and computers in a Windows domain type network by assigning and enforcing security policies for all computers and installing or updating software.

Key Features of Active Directory

 

  • AD as a namespace that is integrated with the Internet’s Domain Name System (DNS).
  • AD – A new directory service central to the Windows Server operating system, runs only on domain controllers.
  • Operating system directory services, such as AD, provide user, computer, and shared resource management.

 

Active Directory Users and Computers

 

Active Directory Users and Computers is a Microsoft Management Console (MMC) snap-in that you can use to administer, Mange and publish information in the directory.

The following options can be manage through the Active Directory Users and Computers console.

  • Managing Users
  • Managing Computers
  • Managing Groups
  • Managing Domains
  • Managing Organizational Units

Active Directory Users and Computers

Read the Complete Article in below Link:

DNS Server

 

What is DNS server – It is a Computer Server which has all the information about IP Address and their Associated Hostnames. Generally DNS stands for Domain Name System which is used for Name to IP conversion and IP to Name Conversion.

In other terms, DNS server is converting human readable website names (DoubtsClear.Com) into computer readable numerical IP addresses (65.254.227.240).

DNS Server

Read the Complete Article in below Link:

What Is FSMO Roles

 

Flexible Single-Master Operations (FSMO) Roles Plays a very important role in the Active directory Environment.

Active Directory is a multi-master distributed database which means that any Domain Controller can assume the role of a master for some task and these roles are called FSMO Roles.

FSMO roles can classify into 2 categories.

Forest Wide Roles

  • Schema Master Role
  • Domain Naming Master

Domain Wide Roles

  • Primary Domain Controller (PDC) Role
  • Relative Identifier (RID) Role
  • Infrastructure Role

How To Transfer FSMO Roles 

 

How To Transfer FSMO Roles

 

Read the Complete Article in below Link:

What is Domain Controller

 

Active Directory is essential to any Microsoft network built on the client-server network model–it allows you to have a central sever called a Domain Controller (DC) that does authentication for your entire network.

Instead of people logging on to the local machines they authenticate against your DC

Types of Domain Controller

 

In the above topic we have seen about what is DC and now will see about the various types Domain controllers are available and its installation and Implementations methods.

1.Primary Domain Controller (PDC)

Primary Domain Controller – PDCs are usually the first designated domain controller.

If there are any others that exist they are typically referred to as BDCs, Backup domain Controllers or Additional Domain Controller will see about that in upcoming topics.

How-to-Install-Active-Directory-on-Windows-Server-2008-R2

Read the Complete Article in below Link:

Here the complete article about Step by Step Installation and Configuration  of Primary Domain Controller – PDC

2. Additional Domain Controller (ADC)

Having a single Domain Controller can be quite risky because in case of any kind of hardware or some other technical failure, the entire network can be destroyed.

If we have an ADC means that in case your primary Domain fails, it takes over the functions of the Primary Domain and keeps the network functional.

How To Create Additional Domain Controller (ADC) In Windows Server 2008

Read the Complete Article in below Link:

Here the complete article about Step by Step Installation and Configuration  of Additional Domain Controller – ADC

3. Child Domain Controller (CDC)

There are times when you need to separate or delegate some parts of your Active Directory infrastructure, and the best way in those cases is to simply create a new child domain in the existing AD forest.

This way you don’t have to create trusts between the two domains; trusts are created automatically and are created in a two-way direction, meaning domain A automatically trusts domain B, and vice versa.

Creating a New Child Domain in Windows Server 2008 R2

Read the Complete Article in below Link:

Here the complete article about Step by Step Installation and Configuration  of Child Domain Controller – CDC

4. Read-Only Domain Controller (RODC)

Read-only domain controllers are ideal in remote location where system security cannot be guaranteed. They allow the remote site to have local authentication point, without storing vulnerable data about every object in the domain. The only information stored on a read-only domain controller is that of users and computers it has been authorized to authenticate. Any other object that is queried or authorized against is forwarded by the read-only DC to writable domain controller.

  • Unidirectional replication
  • Special krbtgt account
  • Password Replication Policy (PRP)
  • RODC filtered attribute set (FAS).

Here the complete article about Step by Step Installation and Configuration  of Child Domain Controller – CDC

Steps for Deploying & Installing an Read-Only Domain Controller (RODC)

 

Read the Complete Article in below Link:

These are the various types of Domain Controllers which we can implement on the Active Directory Environment.

Allow or Prevent Domain Users from Joining Workstations to Domain

 

By default, Active Directory allows members of the Authenticated Users group to join up to 10 computer accounts to the default Computers container.

If a user tries to add more than 10 workstations, they are likely to receive one of the following error messages:

  • “The machine account for this computer either does not exist or is unavailable.”
  • “Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.”
  • “The following error occurred attempting to join the domain “domain.com”.

How to Allow or Prevent Domain Users from Join Workstations to Domain

Read the Complete Article in below Link:

Downgrade AD Domain And Forest Functional Level

In Windows Server 2008 R2 and Windows Server 2012, you can lower the Forest and Domain functional level from 2012 to 2008 R2, or from 2008 R2 to 2008. But you cannot lower it beyond 2008.

step-by-step-guide-to-lower-active-directory-functional-level

Read the Complete Article in below Link:

Also, this is not possible by GUI, you have to use PowerShell for doing this.

Resetting the Directory Services Restore Mode (DSRM) Password

 

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.

The password is initially set when a server is promoted to a domain controller. It’s important that this password is well documented and stored in a secure location.

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory

Here the complete article about Step by Step Procedure for Resetting DSRM Password.

Read the Complete Article in below Link:

If you forget the DSRM password, you can’t use the recovery console nor restore the Active Directory (AD) database.

Remove Failed or Offline Domain Controller From Active Directory Manually

 

In Active Directory infrastructure, if you want to remove a Domain Controller (DC) server the proper way is to run DCPROMO and remove it.

Read the Complete Article in below Link:

But there are situations such as server crash or failure of dcpromo option which will lead to manually remove the DC from the system (event of even recovery, repair option doesn’t work)

How To Remove Active Directory Server ManuallyClean Up Server Metadata

Security Groups

Windows Server introduced several new technologies designed to help protect privileged credentials, which includes the Active Directory Protected Users group

Protected Users Security Group in Active Directory

Read the Complete Article in below Link:

Group Policy

 

Group Policy is a hierarchical infrastructure that allows a network administrator in charge of Microsoft’s Active Directory to implement specific configurations for users and computers.

Group Policy can also be used to define user, security and networking policies at the machine level.

Below are the lists of very Important Group Policy Guide that Every Administrators Should know about.

 

I will keep updating this Complete Active Directory guide with various Topics and useful posts as they come in.

Also Read:

 

 

I have Shared my Knowledge and Spent so many Times for preparing this Post , if this Article found useful Don’t Forget to Like..!!! Share ..!!! Comment ..!!

 

Check Also

Linux Basic Commands

Linux Basic Commands: 18 Most Important Linux Commands You Must Know

Linux is a Unix-like operating system that was designed to provide personal computer users a free or very …

3 comments

  1. Crystal clear. Techie is a techie always

  2. It’s really helpful material.

    Thank you

  3. love u boss, like it

Leave a Reply

Your email address will not be published. Required fields are marked *