Windows Server 2003 : Building an Active Directory Structure (part 2)

9/14/2012 12:55:08 AM

2. Using Active Directory Tools

Before we go any further, I'd like to discuss the three most common tools you will find yourself using as an Active Directory administrator. The first of these tools is Active Directory Users and Computers, the tool that allows you to create your Active Directory structure within a domain, add users and groups, adjust account properties, and generally administer the day-to-day operations of your directory. Figure 13 shows the default screen for Active Directory Users and Computers.

Next, there's Active Directory Domains and Trusts , a utility you can use to create trusts between domains and to eventually raise the domain functional level to enable new features for Active Directory. Figure 14 shows the default screen for Active Directory Domains and Trusts.

Finally, let's briefly glance at Active Directory Sites and Services , a graphical tool that allows you to design your Active Directory structure around how your business is geographically dispersed, making Active Directory replication traffic go across links that cost the least and are the fastest. You also can delineate how your organization's computers are addressed via outlining different subnets, thereby increasing the likelihood that clients will log on to domain controllers that are the closest distance to them. Figure 15 shows the default screen for Active Directory Sites and Services.

We'll use each tool in time as we proceed through the remainder of this chapter. For now, let's move on.

Figure 13. Active Directory Users and Computers

Figure 14. Active Directory Domains and Trusts

Figure 15. Active Directory Sites and Services

3. Adding Another Domain Controller to a Domain

Promoting another machine to domain controller status within an existing domain is even easier than promoting the first machine in a new domain. You can use the DCPROMO Wizard to do the job for you in this case, as well.

To begin, start DCPROMO as before, and on the screen asking you what action you want to perform, select Additional domain controller for an existing domain, and click Next. The Network Credentials screen will appear, asking you to type in the username and password for a domain administrator account. Do so, and then click Next. Enter the full DNS canonical name of the domain for which you want this machine to become a domain controller, and then click Next. From there, proceed through the wizard starting from the Database and Log Files screen as indicated in the previous section. Once the wizard is finished and your machine has restarted, it is an official domain controller for your domain.

4. Adding Another Domain

Adding a child domain is equally simple: you use DCPROMO and you tell it to create a new domain, but not a new tree. This will add a "subdomain" to the existing domain tree. Then the Network Credentials screen will appear, asking for a domain administrator account. After that, the Child Domain Installation screen will appear, as shown in Figure 16.

Here, you can select to install a domain controller into a new domain. Click Next, and then you will be prompted to provide a name for the domain, as shown in Figure 5-18.

Next, you need to tell Active Directory which domain you want to add on to, and then the name of the child domain to add on to the parent tree. You can use the Browse button to scroll around the directory or simply type the name in. In the second box, enter just the first portion of the new child domain's name. The box at the bottom will adjust automatically to show the full name of the new child domain.

Now you can proceed through the wizard, as shown in the previous section. One note of interest, though: if the domain has a lot of information to replicate out to its new domain controller, this promotion process can take a long time. An option is available on the final screen of this wizard that allows you to finish replication later, and you might be tempted to take advantage of this option. Although it does decrease the amount of time it takes to bring a new domain controller in an existing domain online, I prefer to let replication happen immediately. The only instance in which I wouldn't want to do this is if I were bringing up a new domain controller in a branch office with a very slow connection to the home office. In that case, it's OK to wait until off hours and let the replication happen then. In all other cases, I recommend moving ahead with replication and simply waiting it out.

Figure 16. Selecting to install a domain controller into a new domain
  •  Windows Server 2003 : Active Directory Objects and Concepts
  •  Connecting To A Virtual Private Network From Your MAC
  •  Tips, Tricks And Tweaks For Microsoft's Mighty, Windows 7
  •  Maintaining Your Windows XP System : Backing Up Your Files
  •  Maintaining Your Windows XP System : Defragmenting Your Hard Disk
  •  Asus P8Z77-V Premium : Loads Up Every Conceivable Feature
  •  Brother DCP-J140W
  •  Intel 330 Series – SSD For Mid-rang Market
  •  Iomega StorCenter PX4-300D 4TB - New Small Business NAS Box
  •  Install Android on Your PC
  •  Ivy League All Stars : Acer Aspire S5, Apple MacBook Air, Samsung 900X4C
  •  Linux from Scratch
  •  Meet The New Benchmarks : Adobe Premiere Pro CS6, Gigapan Stitch.EFX 2.0, Techarp X264 HD 5.0, Proshow Producer 5.0
  •  Reliving the Commodore 64 Glory Days (Part 1)
  •  Reliving the Commodore 64 Glory Days (Part 2)
  •  SAM PowerPC With AmigaOS 4.1
  •  Speed Up Boot Times with Startup Delayer
  •  File Grinder - Rename Files Easily
  •  Back Up With Clonezilla (Part 1) - Prepare For Backup
  •  Back Up With Clonezilla (Part 2) - Start Clonezilla, Select The Backup Device
    Top 10
    Windows Vista : Installing and Running Applications - Launching Applications
    Windows Vista : Installing and Running Applications - Applications and the Registry, Understanding Application Compatibility
    Windows Vista : Installing and Running Applications - Practicing Safe Setups
    Windows Server 2003 : Domain Name System - Command-Line Utilities
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 2)
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 1)
    Brother MFC-J4510DW - An Innovative All-In-One A3 Printer
    Computer Planet I7 Extreme Gaming PC
    All We Need To Know About Green Computing (Part 4)
    All We Need To Know About Green Computing (Part 3)
    Most View
    Troubleshooting Reference: Printers
    Booting on HP 9000 Servers (part 2) - The setboot Command, Boot Console Handler (BCH) and Processor Dependent Code (PDC)
    SQL Server 2005 : Dynamic T-SQL - Supporting Optional Parameters (part 4) - sp_executesql: A Better EXECUTE
    Programming the iPhone User : UX Anti-Patterns - Memory Lapse
    BenQ XL2420T : Holy Swivelling Monitor!
    OLED Technology Casts A Spell On Big Screen TV
    Best Of The Year 2012 (Part 3)
    Active Directory Domain Services 2008 : Block & Remove Block Inheritance of Group Policy Objects, Change the Order of Group Policy Object Links
    Group Policy Basics : Creating Additional GPOs
    Windows 7 : Getting Help and Giving Others Assistance
    BizTalk 2006 : Managing Exceptions in Orchestrations (part 3) - Running the EAIProcess
    Web Security : Attacking AJAX - Observing Live AJAX Requests
    The Ubuntu Server Project (Part 2) - Web access
    SQL Server 2008 : Explaining Advanced Query Techniques - Controlling Execution Plans (part 1)
    Building Your First Windows Phone 7 Application (part 2) - Using Your First Windows Phone Silverlight Controls
    Windows Server 2008 : Active Directory Federation Services
    Home Security On A Budget (Part 2)
    Which MacBook Is Right For You (Part 3)
    SQL Server 2005 : Working with SQL Server Management Objects in Visual Studio (part 2) - Retrieving Server Settings
    IIS 7.0 : Managing Application Pools (part 2) - Managing Application Pool Identities