Promote the Windows 2003 Server domain controller (Active Directory)

From the window "Manage your server" can make various tasks for Windows Server 2003, by clicking on "Add / Remove function". This window will show it each time we want to 'Start' – 'settings' – 'control Panel' – 'Administrative tools' – "Manage your server":

Continue reading Promote the Windows 2003 Server domain controller (Active Directory)

Windows Server 2012 Hyper-V Cluster – Part 2: Hyper-V cluster nodes

With all the prerequisites covered in Part 1 of this series, it’s time to get technical. In this article, I’ll show you how to set up your domain controller, how to set up your Hyper-V cluster nodes, and how to join those nodes to the domain.

Continue reading Windows Server 2012 Hyper-V Cluster – Part 2: Hyper-V cluster nodes

Creation of network drive via GPO Windows 2012

Creation of network drive via GPO Windows 2012

Within the server administrator select Tools and group policy management:  gpo01

  1. Appear the domain GPO.
  2. To create a new GPO from scratch, click right-click Group Policy objects, and select new: gpo02
  3. Do not select any source GPO. Clicking OK:gpo04
  4. Click the new GPO with the right button and select Edit… gpo09

Once inside the GPO editing should assign the network drive that users must mount, following the appropriate policies.

  1. Navigate to user configuration-> preferences-> settings on Windows-> drive mappings and edit unit that is assigned in the GPO by clicking on it with the right button and select properties: gpo10
  2. Select the location, the name with which you want to show unity, the letter that will be assigned and the user to be connected: gpo11

Creation of Active Directory

Using Active Directory, we will be able to create a management infrastructure of centralized resources, both in regards to user accounts, computer accounts, privileges or permissions in our Organization, all in a centralized way.

There are several services or roles related to Active Directory. The most important, no doubt, is going to allow the promotion of a server to domain controller. This will be the "Services of domain from Active Directory" (ADDS) role.

There are several services or roles related to Active Directory. The most important, no doubt, is going to allow the promotion of a server to domain controller. This will be the "Services of domain from Active Directory" (ADDS) role.

Let's look at the steps to define the Active Directory in our Organization.

Before promoting a server to domain controller we must be confident in assigning his name because, once installed and assigned domain controller you cannot switch, unless we previously despromocionemos this server.

If there is no other driver in our Organization, the above would be to lose the Active Directory database.

If there at least another domain controller in the domain, it could be such operations without fear of losing accounts and information.

To change the name of the computer we need to go to 'System' within 'Control Panel'.

If we are going to change the name to a domain controller (DC) an Assistant will appear for your despromocion (passage of Server CD to a normal server).

The DCPROMO command is not used for those who have worked with earlier versions of the Server, Windows Server 2012 already.

Assign the name to our server.

Once assigned the correct name, open "Server Manager" and go to "Add Roles and features":

Choose the features and roles-based Setup:

And choose the server on which to install the DA:

Select "Active Directory domain services" and continued:

It now shows us the features that you need to install to promote the server to domain controller (DC):

Then we it is reported the different requirements that are needed to install this role.

A summary of the tasks to be carried out will appear. We will give to "Install" and start the installation process.

The process will conclude with the DA installed, with their corresponding management console. Will be pending promote the server to CD. This option appears in the window of the domain controller installation or we can go to "Server Manager" and the AD DS tab select the server you want to promote.

Select "promote this server to domain controller" and will be shown us another window in which we will have to define in what location you will find our driver (new or existing forest) and if this driver is new in the domain or in an existing domain:

In our case, we will create a tree in a new forest.

We need to define the directory services restore mode password:

We invites you to indicate what functional level are going to give to our new domain in the forest.

This section is very important if we had other domains already installed in our Organization, i.e., domain controllers already existing, supported by versions of Windows Server earlier than Windows Server 2012.

Choose the functional level Windows Server 2012, gives advantages to using versions improved (latest) protocols (Kerberos) authentication and transport of data, among others. It will always be convenient to choose the highest functional level.

You can set independently of the domain and forest functional level. As we start a new forest, install both the forest and the domains in the higher functional level (Windows Server 2012).

We see that, by default, the Global catalog will be installed. The Global Catalog (GC) is the set of all the objects in an Active Directory (AD DS) domain services forest. A global catalog server is a domain controller that stores a full copy of all objects in the directory for your domain host and a partial copy of read-only for all objects in other domains in the forest. Global catalog servers respond to global catalog queries.

A global catalog server allows:

  • Search objects.
  • It provides authentication of the user principal name.
  • It validates a forest object references.
  • Provides information on the membership of universal groups in a multiple domain environment.

Then appears a window that will allow you to choose if we admit the DNS delegation. This option is available in the event that we had an active DNS server with the DNS delegation enabled, i.e., be allowed to have another additional server DNS enabled. In our case it is disabled.

He then asks us to indicate the NetBIOS name of the new domain. We see, although it would not be necessary to operate our network using these names, Windows Server 2012 still asking it to keep compatibility with older computers.

It will show the locations which will store the database of the domain, the log files folder and the folder SYSVOL.

These locations are modified even if there is no important reason they should leave in those locations.

NTDS folder

This folder is stored in the Data Base of the Active Directory, i.e., all the public attributes of the domain together with your records.

NETLOGON folder

The NetLogon folder is maintained for compatibility with legacy clients

Windows NT4 / 98 going to find policies and "login script".

SYSVOL folder

The volume of the system (Sysvol) is a shared directory that stores the server copy of the public files of the domain that must be shared for common access and replication throughout a domain tasks.

The folder Sysvol on a controller of domain contains the following elements:

‐ Network login scripts: these tend to stay the scripts of login and the GPOs for computers network client.

Scripts logon user domain that uses the Active Directory administrator.

Windows group policy.

File replication service (FRS), folders, and files that must be available and synchronized between domain controllers.

‐ The description of volumes in the domain file systems.

This folder should not be 'never' manipulated or modified.

The NETLOGON and SYSVOL folders are folders shared so visible on the network and located on each domain controller. They must be always present, as if they were missing, users could not validated on the domain.

Once accepted these options, appears a window with choices.

It allows us to generate a "script" if we were willing to perform this function automatically in more servers, using the "PowerShell", i.e., by using commands.

Then, the system will check all the prerequisites. If all goes well, we will give to "Install". If you are missing setup, selecting the corresponding warning.

After completing the installation and reboot the system, the typical login screen will appear. You will have to enter the domain administrator account.

We will see now are two roles in "ServerManager" the of the DA (AD DS) and DNS:

The first thing is to see if everything works fine, if we have network and do not appear "critical errors" in the "Server Manager".

In the event that any service appeared in red, you should study what is the reason that causes it. "Event Viewer" is an option, although the "recommended procedures Analyzer" located in the same "Server Manager" recommended is a good tool to check demand and find the reason for the failure.