Day 6: Active Directory

This week started with installing active directory on our server. This was fairly straightforward, actually. This can be done through the Server Manager (found in Administration Tools) by adding a role. Okay, that is not straightforward ... why it is called a role, I am not sure!

However, after clicking the 'Add Role' link, an 'Add Roles Wizard' opens and you can pretty much click through it. The first menu has a few suggestions about what you need to complete the task. In the following window, you will have to select what roles you wish to install. In this case, it is 'Active Directory Domain Services'. Click the box beside this and then click next.

The next window describes what you will be doing to set-up the active directory. Click next when you have read that screen. Then confirm that this is what you what you want to do by clicking next in the confirmation window. Now you have to wait until the installation process is complete. You will get a message of success when the process has completed correctly.

Back in the Server Manager, you will notice that there is a red X beside the Active Directory Domain Services. Click the link to go through the steps necessary to rectify this, which starts with running the 'dcpromo' command. This will open the 'Active Directory Domain Services Installation Wizard'. You have to appreciate when you get to go through a wizard!

Once again, there is a cautionary screen about some of the heightened security in this version of Window. When you go past this window, you have to determine whether you are creating a domain controller for an existing forest or creating a new forest. This terminology is derived from the term 'root', which the main network's active directory is called. Once you have created a root in your network, you have started the tree, which then connects with other trees creating a forest. The network we are creating will be one tree in the forest! Anyway, we are joining a forest, so we choose 'Existing Forest' and 'Add a domain controller to an existing domain'.

We had a little trouble here. We tried to join the network5769.local domain, using the Admin username and password, but we couldn't. It wasn't allowed for some reason. We played around with it for quite a while changing names and domains, etc. We took comfort knowing that the other teams were having the same issue and we all tried various troubleshooting measures and checked back and forth to see what worked. Finally one of us (certainly not me!) figured out that we were still routing through the University's network and this was causing all the problems for identification and authorization. This makes sense as the University network would not recognize our domain, administration passwords, servers or switches as we are not part of their network! So we had to direct our network through our mini-network for DNS services. This image shows the correct preferred DNS server with the alternate still accessing the incorrect server.

Once we were added successfully to the domain, we could then add our workstations to our tree in the forest. We had a little fun pondering whether or not a DNS request denial would be heard if our forest was empty ...

The next task was to add our workstations to the forest through our server's container in the Active Directory. This is where something strange happened. We went through the set up, which is pretty simple: Right click computer in the start menu > select properties > select 'change settings' in the 'Computer name, domain and workgroup settings' section > [you will get the system properties menu] under the computer name tab, select 'change' to the right of 'To rename this computer or change its domain or workgroup click change' > select 'Domain' and add the name of the domain you are adding to (we are using Network5769.local). Click 'okay' and we were indeed okay!

However, although other teams could see our workstations in the network's active directory, we could not see them on our server's active directory. This was odd as it simply seemed that our server's active directory was not updating. My partner worked on this for an extended time while I used another server to complete the next task. Finally he, by chance, clicked on the authorize option for ipv4 and then reauthorized it. Suddenlyour workstations appeared! Was this the trouble all along? Why?

 While he was troubleshooting, once it became obvious that it would only take one of us and we were nearly out of time, I used a neighboring computer to access our tree and add the containers 'Teachers', 'Students', 'Computers' and 'Groups'. I dragged and dropped the workstations into the 'Computers' folder. We were also to set rules for these, but we simply ran out of time. So that will be completed tomorrow.