17 Installing Microsoft Active Directory 2008

This chapter includes the following sections:

17.1 Installing Active Directory 2008

  1. Install the Operating System:

    1. Install Windows Server 2008 (any Windows server except Web).

    2. When the installation is complete, leave the installation disc in the drive, you will need it to complete the installation of ADS.

    3. Set the Computer's Name and Suffix.

  2. Open the "System Properties" dialog box. Click Start, then right-click the computer icon.

  3. In the "System" window select Advanced system settings (Figure 17-1).

    Figure 17-1 Advanced System Settings

    Description of Figure 17-1 follows
    Description of ''Figure 17-1 Advanced System Settings''

  4. Select the Computer Name tab (Figure 17-2), click Change.

    Figure 17-2 System Properties Dialog Box

    Description of Figure 17-2 follows
    Description of ''Figure 17-2 System Properties Dialog Box''

  5. In the pop-up window that appears (Figure 17-3), fill in the following fields:

    • Computer name: Enter the name you wish to designated for your computer. (Make a record of this name).

    • Member of: Select the Workgroup radio button, then enter a unique workgroup name. (Make a record of this name).

      Figure 17-3 Computer Name/Domain Changes Dialog Box

      Description of Figure 17-3 follows
      Description of ''Figure 17-3 Computer Name/Domain Changes Dialog Box''

      • Click More...

      • In the "DNS Suffix and NetBIOS Computer Name" dialog box (Figure 17-4), do the following:

        Primary DNS suffix of this computer: Enter the DNS suffix of your computer (Make a record of this suffix).

        Change primary DNS suffix when domain membership changes: If check box is selected, deselect it.

        Figure 17-4 DNS Suffix and NetBIOS Computer Name Dialog Box

        Description of Figure 17-4 follows
        Description of ''Figure 17-4 DNS Suffix and NetBIOS Computer Name Dialog Box''

      • Click OK to close the dialog box.

  6. In the "Computer Name/Domain Changes" dialog box, click OK.

  7. In the "System Properties" window click Close.

  8. In the reboot dialog box (Figure 17-5) click Restart Later.

    Figure 17-5 Microsoft Windows Dialog Box

    Description of Figure 17-5 follows
    Description of ''Figure 17-5 Microsoft Windows Dialog Box''

17.2 Configuring the Network Settings

To configure the network settings: 

  1. Open "Network Properties."

    1. Select Start > Control Panel.

    2. Click the Network and Sharing Center icon.

    3. Select the Network Connection (Figure 17-6) to edit (if you have more than one see ipconfig result, make sure to select the correct one).

      Figure 17-6 Network Connection

      Description of Figure 17-6 follows
      Description of ''Figure 17-6 Network Connection''

  2. Select View Status, located next to the network connection you have selected.

  3. Click Properties (Figure 17-7).

    Figure 17-7 Properties Button

    Description of Figure 17-7 follows
    Description of ''Figure 17-7 Properties Button''

  4. Select Internet Protocol Version 4 (TCP/Iv4) (Figure 17-8).

    Figure 17-8 Internet Protocol Version 4 (TCP/Iv4)

    Description of Figure 17-8 follows
    Description of ''Figure 17-8 Internet Protocol Version 4 (TCP/Iv4)''

    1. Set the IP address to an unused, static IP address.

    2. Set the preferred DNS server to your computer's IP address.

    3. Click Advanced:

  5. Click on until you have exited the properties pane, then click Close.

  6. Restart the computer.

17.3 Installing Active Directory 2008 Services

  1. Select Start > Server Manger.

  2. In the "Roles" section (Figure 17-10) click Add Roles.

    Figure 17-10 Roles Section - Add Roles

    Description of Figure 17-10 follows
    Description of ''Figure 17-10 Roles Section - Add Roles''

  3. In the "Add Roles Wizard" (Figure 17-11) click Next.

    Figure 17-11 Add Roles Wizard - Before You Begin

    Description of Figure 17-11 follows
    Description of ''Figure 17-11 Add Roles Wizard - Before You Begin''

  4. Select Active Directory Domain Services (Figure 17-12) and click Next.

    Figure 17-12 Add Roles Wizard - Select Server Roles

    Description of Figure 17-12 follows
    Description of ''Figure 17-12 Add Roles Wizard - Select Server Roles''

  5. Review the list of additional services to be installed along with Active Directory (Figure 17-13) and click Next.

    Figure 17-13 Add Roles Wizard - Active Directory Domain Services

    Description of Figure 17-13 follows
    Description of ''Figure 17-13 Add Roles Wizard - Active Directory Domain Services''

  6. Click Install to begin installation of "Active Directory 2008" (Figure 17-14).

    Figure 17-14 Add Roles Wizard - Confirm Installation Selections

    Description of Figure 17-14 follows
    Description of ''Figure 17-14 Add Roles Wizard - Confirm Installation Selections''

  7. Allow the installation to complete (Figure 17-15).

    Figure 17-15 Add Roles Wizard - Installation Progress

    Description of Figure 17-15 follows
    Description of ''Figure 17-15 Add Roles Wizard - Installation Progress''

  8. Review the results of the "Add Roles Wizard" page (Figure 17-16). Click: Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).

    Figure 17-16 Add Roles Wizard - Installation Results

    Description of Figure 17-16 follows
    Description of ''Figure 17-16 Add Roles Wizard - Installation Results''

17.4 Installing Active Directory 2008 Installation Wizard

  1. In the welcome screen (Figure 17-17) click Next.

    Figure 17-17 Active Directory Domain Services Installation Wizard - Welcome

    Description of Figure 17-17 follows
    Description of ''Figure 17-17 Active Directory Domain Services Installation Wizard - Welcome''

  2. In the "Operating System Compitibility" screen (Figure 17-18) click Next.

    Figure 17-18 Operating System Compatibility

    Description of Figure 17-18 follows
    Description of ''Figure 17-18 Operating System Compatibility''

  3. In the "Choose a Deployment Configuration" screen (Figure 17-19) select Create a new Domain in a forest, then click Next.

    Figure 17-19 Choose a Deployment Configuration

    Description of Figure 17-19 follows
    Description of ''Figure 17-19 Choose a Deployment Configuration''

  4. Name the "Forest Root Domain" (Figure 17-20):

    1. Enter the name of the new forest, which is the DNS root domain that you created previously. Click Next.

      Figure 17-20 Name the Forest Root Domain

      Description of Figure 17-20 follows
      Description of ''Figure 17-20 Name the Forest Root Domain''

    2. Allow the check dialog to complete (Figure 17-21).

      Figure 17-21 Checking in Progress

      Description of Figure 17-21 follows
      Description of ''Figure 17-21 Checking in Progress''

  5. In the "Set Forest Functional Level" screen (Figure 17-22), select Windows Server 2008, then click Next.

    Figure 17-22 Set Forest Functional Level

    Description of Figure 17-22 follows
    Description of ''Figure 17-22 Set Forest Functional Level''

  6. In the "Additional Domain Controller Options" screen (Figure 17-23), ensure that DNS Server is selected, then click Next.

    Figure 17-23 Additional Domain Controller Options

    Description of Figure 17-23 follows
    Description of ''Figure 17-23 Additional Domain Controller Options''

    If you have a DHCP based adapter you will see the following pop-up message (Figure 17-24):

    Figure 17-24 Static IP Assignment

    Description of Figure 17-24 follows
    Description of ''Figure 17-24 Static IP Assignment''

    Select No, I will assign static IP addresses to all physical adapters to continue with the installation. After the installation completes you can change any DHCP adapter back.

  7. If the DNS zone you are creating does not have an authoritative parent zone, the following pop-up message may be displayed (Figure 17-25):

    Figure 17-25 Active Directory Domain Services Installation Wizard

    Description of Figure 17-25 follows
    Description of ''Figure 17-25 Active Directory Domain Services Installation Wizard''

    Select Yes to continue with the installation.

  8. In the "Location for Database, Log Files, and SYSVOL" screen (Figure 17-26) select the default in the Database folder field or change it as required by your system, then click Next.

    Figure 17-26 Location for Database, Log Files, and SYSVOL

    Description of Figure 17-26 follows
    Description of ''Figure 17-26 Location for Database, Log Files, and SYSVOL''

  9. In the "Directory Services Restore Mode Administrator Password" screen (Figure 17-27), enter a password and make a record of it.

    Figure 17-27 Directory Services Restore Mode Administrator Password

    Description of Figure 17-27 follows
    Description of ''Figure 17-27 Directory Services Restore Mode Administrator Password''

  10. In the "Summary" screen (Figure 17-28):

    1. Review your settings.

    2. Export your settings.

    3. Click Next.

  11. Wait for the installation to complete (Figure 17-29).

    Figure 17-29 Waiting for DNS Installation to Finish

    Description of Figure 17-29 follows
    Description of ''Figure 17-29 Waiting for DNS Installation to Finish''

  12. In the Active Directory Domain Services Installation Wizard (Figure 17-30), click Finish to complete the installation.

    Figure 17-30 Completing the Active Directory Domain Services Installation Wizard

    Description of Figure 17-30 follows
    Description of ''Figure 17-30 Completing the Active Directory Domain Services Installation Wizard''

  13. Reboot the System.

17.5 Checking Group Policies

  1. Select Start > Run.

    1. Enter gpmc.msc in the available field.

    2. Click OK (Figure 17-31).

  2. "Group Policy Management" opens (Figure 17-32).

    Figure 17-32 Group Policy Management

    Description of Figure 17-32 follows
    Description of ''Figure 17-32 Group Policy Management''

    1. Expand the tree Domains > <your domain name>, then select Default Domain Policy, located in the left panel of the "Group Policy Management" screen (Figure 17-33).

      Figure 17-33 Domains: vm.example.com

      Description of Figure 17-33 follows
      Description of ''Figure 17-33 Domains: vm.example.com''

    2. Select the Settings tab (Figure 17-34).

      Figure 17-34 Group Policy Management - Settings Tab

      Description of Figure 17-34 follows
      Description of ''Figure 17-34 Group Policy Management - Settings Tab''

    3. Expand Security > Account Policy/Password Policy section (Figure 17-35), by clicking show.

      Figure 17-35 Security > Account Policy/Password Policy

      Description of Figure 17-35 follows
      Description of ''Figure 17-35 Security > Account Policy/Password Policy''

  3. Review the "Policy" list. The option Password must meet complexity requirements is set to true by default. Change this option to Disabled (default WebCenter Sites passwords do not meet these requirements).

17.6 Changing Group Policies

  1. Select Start > Run.

    1. Enter: gpmc.msc in the field provided.

    2. Click OK (Figure 17-36).

  2. In the "Group Policy Management" screen, expand the tree Domains > name of your domain. Select the Default Domain Policy, located on the right of the screen (Figure 17-37), then select edit.

    Figure 17-37 Default Domain Policy

    Description of Figure 17-37 follows
    Description of ''Figure 17-37 Default Domain Policy''

  3. The "Group Policy Management Editor" window opens (Figure 17-38).

    Figure 17-38 Group Policy Management Editor

    Description of Figure 17-38 follows
    Description of ''Figure 17-38 Group Policy Management Editor''

    1. In the left hand tree expand: Computer Configuration > Policies > Windows Settings > Security Settings > Account Settings > Password Policy (Figure 17-39).

      Figure 17-39 Security Settings Expanded

      Description of Figure 17-39 follows
      Description of ''Figure 17-39 Security Settings Expanded''

    2. Right-click Password must meet complexity requirements, located on the right side of the screen, then select Properties.

    3. In the "Password must meet complexity requirements Properties" dialog box (Figure 17-40) select the radio button Disabled, then click OK.

      Figure 17-40 Password Must Meet Complexity Requirements Properties Dialog Box

      Description of Figure 17-40 follows
      Description of ''Figure 17-40 Password Must Meet Complexity Requirements Properties Dialog Box''

    4. Close the "Group Policy Management Editor" and "Group Policy Management" windows.

  4. The domain will no longer check for password complexity. WebCenter Sites default passwords can now be used.

    When WebCenter Sites is installed you can reverse step 2 by clicking Enabled to re-engage the security settings.

17.7 Connecting to ADS Using an LDAP Browser

This section shows you how to connect to Active Directory Server using an LDAP browser.

Note:

You cannot add groups, set passwords, or activate accounts using an LDAP browser.

  1. Open the LDAP browser.

  2. Select the Quick Connect tab.

  3. Fill out the following information (Figure 17-41):

    • Host: localhost (if connecting remotely, enter the actual host name)

    • Base DN: <DNS_suffix> (the part of the DNS name after the host name)

    • Anonymous bind: deselect

    • User DN: administrator@<DNS_suffix>

    • Append base DN: deselect

    • Password: <ADS_password> (you created this password in step 9)

      Figure 17-41 Edit Session - Connection

      Description of Figure 17-41 follows
      Description of ''Figure 17-41 Edit Session - Connection''

  4. Click Connect.

  5. Show the default view on the LDAP tree (Figure 17-42).

    Figure 17-42 LDAP Browser\Editor

    Description of Figure 17-42 follows
    Description of ''Figure 17-42 LDAP Browser\Editor''