Active directory

[ajishb03]

I am very new to active directory. Hence I need to make my basics strong. Hence if any one could answer this for me please.
If I run a company, say 'a financial', If I have 10 users. I have also installed windows server 2008 in one of my computers and
given windows vista to the client computers. How will I make the client computers connect to my server? If I install DHCP server
will it give private IP or APIPA(169.X.X.X). With APIPA could I communicate? Also I dont have ISP becuase I am not hosting a webste.
Is it possible to have active directory in this environment? Or to have active directory I should always be conected to the internet?

 

[Lemur]

Welcome to SF.

On the client, right click on computer. Left click on properties. Under computer name, domain, and workgroup settings -> select "change settings".

I typically select "Change" to specify the domain. You might want to use the wizard.

 

[2xg]

Hi ajishb03,

If you are up for a big challenge, you may configure your Windows 2008 Server as a Domain Controller, AD will be created automatically. It is always a good practice to configure DHCP and don't forget the DNS from the Server, then you may create/add all 10 Users in AD Users & Computers - see Lemur's Post on how to join a computer in your Domain Controller.

If you decide not to configure DHCP in your Server, you may enable DHCP from your Router (it will create conflict if your have both enabled). Make sure that all your 10 PC's have DHCP or Auto IP Enabled, they will have to receive the IP Addresses from your Router or Server. You will get the IPIPA Addressing if the IP is not configured properly from your network.

If this is the first time that you are setting up a Domain Network, you will need to do a lot of reading and training. A few others will go through some professional In-Person training, I was one of those.

A good Tutorial here on how to configure a Windows 2008 Server as your first DC.

You don't have to have a Domain Network, Workgroup will also do.

Hope this helps.

 

[pparks1]

You don't have to be on the Internet for Active Directory. If you setup a DHCP server, you can have the server hand out IP's on any range you like, APIPA is just what is used when a DHCP server cannot be found. If the machines all got APIPA addresses, they could talk to one another as they are technically on the same subnet.

I question why you would ever put Vista on the workstations though. Windows 7 is a much better choice, and often times easier on less capable hardware.

 

[Ahven2001]

One thing of note: I see that at least your listed system is home premium.

Remember that not all versions of vista will be able to join a domain. (in vista home premium and basic can not join)

 

[ajishb03]

Welcome to SF.

On the client, right click on computer. Left click on properties. Under computer name, domain, and workgroup settings -> select "change settings".

I typically select "Change" to specify the domain. You might want to use the wizard.

Thanks

 

[ajishb03]

You don't have to be on the Internet for Active Directory. If you setup a DHCP server, you can have the server hand out IP's on any range you like, APIPA is just what is used when a DHCP server cannot be found. If the machines all got APIPA addresses, they could talk to one another as they are technically on the same subnet.

I question why you would ever put Vista on the workstations though. Windows 7 is a much better choice, and often times easier on less capable hardware.

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

 

[ajishb03]

One thing of note: I see that at least your listed system is home premium.

Remember that not all versions of vista will be able to join a domain. (in vista home premium and basic can not join)

sure mate

 

[ajishb03]

Hi ajishb03,

If you are up for a big challenge, you may configure your Windows 2008 Server as a Domain Controller, AD will be created automatically. It is always a good practice to configure DHCP and don't forget the DNS from the Server, then you may create/add all 10 Users in AD Users & Computers - see Lemur's Post on how to join a computer in your Domain Controller.

If you decide not to configure DHCP in your Server, you may enable DHCP from your Router (it will create conflict if your have both enabled). Make sure that all your 10 PC's have DHCP or Auto IP Enabled, they will have to receive the IP Addresses from your Router or Server. You will get the IPIPA Addressing if the IP is not configured properly from your network.

If this is the first time that you are setting up a Domain Network, you will need to do a lot of reading and training. A few others will go through some professional In-Person training, I was one of those.

A good Tutorial here on how to configure a Windows 2008 Server as your first DC.

You don't have to have a Domain Network, Workgroup will also do.

Hope this helps.

Thank you so much... so do you mean we could set an active directory on a work group as well. ??

 

[ajishb03]

Welcome to SF.

On the client, right click on computer. Left click on properties. Under computer name, domain, and workgroup settings -> select "change settings".

I typically select "Change" to specify the domain. You might want to use the wizard.

you guys make learning easier...please contribute more....

 

[cluberti]

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

Woah, hold on there .

So, what you had heard is partially correct - Active Directory (any server version, any domain or forest level) absolutely requires DNS to work. Everything in active directory itself relies on DNS in some way, shape, or form, and without it AD doesn't work, computers can't authenticate, join the domain, etc. So, yes, DNS is required for Active Directory to work, and that is why you really want to install the DNS server role on your server before you install and enable the Active Directory role (the AD installation wizard will configure DNS properly for you after asking you a few questions about your domain).

However, having a DNS domain does not have anything to do with the internet - in fact, almost every AD domain out there in existence doesn't have any integration with internet-facing DNS servers short of forwarding or discovery. Also, using a root-level DNS domain for an internal domain structure, unless you are using it specifically for that purpose, is neither recommended nor a good/best practice. For example, if you owned the domain "mydomain.com", and you wanted to use that for Active Directory, that would break things like www.mydomain.com, unless you added an A record into DNS manually (or actually had a host called www in your domain - also not a good idea, in either case ).

What you should be doing, is using the name of a new subdomain of "mydomain.com", perhaps called "ad.mydomain.com", when you set up your AD infrastructure. That will create an Active Directory Forest root called "ad.mydomain.com", and the netbios domain name (unless you changed it) would be "AD". You could then easily create child domains in this forest later (for example, "sales.ad.mydomain.com" or "marketing.ad.mydomain.com") as necessary. Again, NONE of this has anything to do with the public "mydomain.com" other than you are now using it as part of your DNS naming structure for AD.

Hopefully that makes some sense - if it doesn't, I strongly suggest doing a little more reading/research into AD itself, as these are pretty basic questions about the foundations of Active Directory.
How DNS Support for Active Directory Works: Active Directory

 

[Lemur]

Hi ajishb03,

If you are up for a big challenge, you may configure your Windows 2008 Server as a Domain Controller, AD will be created automatically. It is always a good practice to configure DHCP and don't forget the DNS from the Server, then you may create/add all 10 Users in AD Users & Computers - see Lemur's Post on how to join a computer in your Domain Controller.

If you decide not to configure DHCP in your Server, you may enable DHCP from your Router (it will create conflict if your have both enabled). Make sure that all your 10 PC's have DHCP or Auto IP Enabled, they will have to receive the IP Addresses from your Router or Server. You will get the IPIPA Addressing if the IP is not configured properly from your network.

If this is the first time that you are setting up a Domain Network, you will need to do a lot of reading and training. A few others will go through some professional In-Person training, I was one of those.

A good Tutorial here on how to configure a Windows 2008 Server as your first DC.

You don't have to have a Domain Network, Workgroup will also do.

Hope this helps.

Thank you so much... so do you mean we could set an active directory on a work group as well. ??

With a workgroup, all administration would be done at the local pc. Not appropriate for AD. The domain provides a single point of administration (e.g., login script, policies, accts, etc). Stay with the domain for active directory.

 

[pparks1]

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

It is true that Active Directory relies on DNS to work. And when you install a server and run dcpromo, it will allow you to install a DNS server as well. Even on a network without internet access, you will have an internal DNS namespace. For example, EXAMPLE.LOCAL. Therefore, if you named your server Pablo, you would have a host called pablo.example.local. And you might have a workstation named tiger and a workstation named lion, thus you would have tiger.example.local and lion.example.local. All DNS is is a way to resolve hostnames on a network, it doesn't matter whether that network is a small private network, a larger corporate network, or on the Internet.

 

[ajishb03]

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

It is true that Active Directory relies on DNS to work. And when you install a server and run dcpromo, it will allow you to install a DNS server as well. Even on a network without internet access, you will have an internal DNS namespace. For example, EXAMPLE.LOCAL. Therefore, if you named your server Pablo, you would have a host called pablo.example.local. And you might have a workstation named tiger and a workstation named lion, thus you would have tiger.example.local and lion.example.local. All DNS is is a way to resolve hostnames on a network, it doesn't matter whether that network is a small private network, a larger corporate network, or on the Internet.

fabulous......cleared..thanks...

 

[ajishb03]

Hi ajishb03,

If you are up for a big challenge, you may configure your Windows 2008 Server as a Domain Controller, AD will be created automatically. It is always a good practice to configure DHCP and don't forget the DNS from the Server, then you may create/add all 10 Users in AD Users & Computers - see Lemur's Post on how to join a computer in your Domain Controller.

If you decide not to configure DHCP in your Server, you may enable DHCP from your Router (it will create conflict if your have both enabled). Make sure that all your 10 PC's have DHCP or Auto IP Enabled, they will have to receive the IP Addresses from your Router or Server. You will get the IPIPA Addressing if the IP is not configured properly from your network.

If this is the first time that you are setting up a Domain Network, you will need to do a lot of reading and training. A few others will go through some professional In-Person training, I was one of those.

A good Tutorial here on how to configure a Windows 2008 Server as your first DC.

You don't have to have a Domain Network, Workgroup will also do.

Hope this helps.

Thank you so much... so do you mean we could set an active directory on a work group as well. ??

With a workgroup, all administration would be done at the local pc. Not appropriate for AD. The domain provides a single point of administration (e.g., login script, policies, accts, etc). Stay with the domain for active directory.

thank you

 

[ajishb03]

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

Woah, hold on there .

So, what you had heard is partially correct - Active Directory (any server version, any domain or forest level) absolutely requires DNS to work. Everything in active directory itself relies on DNS in some way, shape, or form, and without it AD doesn't work, computers can't authenticate, join the domain, etc. So, yes, DNS is required for Active Directory to work, and that is why you really want to install the DNS server role on your server before you install and enable the Active Directory role (the AD installation wizard will configure DNS properly for you after asking you a few questions about your domain).

However, having a DNS domain does not have anything to do with the internet - in fact, almost every AD domain out there in existence doesn't have any integration with internet-facing DNS servers short of forwarding or discovery. Also, using a root-level DNS domain for an internal domain structure, unless you are using it specifically for that purpose, is neither recommended nor a good/best practice. For example, if you owned the domain "mydomain.com", and you wanted to use that for Active Directory, that would break things like www.mydomain.com, unless you added an A record into DNS manually (or actually had a host called www in your domain - also not a good idea, in either case ).

What you should be doing, is using the name of a new subdomain of "mydomain.com", perhaps called "ad.mydomain.com", when you set up your AD infrastructure. That will create an Active Directory Forest root called "ad.mydomain.com", and the netbios domain name (unless you changed it) would be "AD". You could then easily create child domains in this forest later (for example, "sales.ad.mydomain.com" or "marketing.ad.mydomain.com") as necessary. Again, NONE of this has anything to do with the public "mydomain.com" other than you are now using it as part of your DNS naming structure for AD.

Hopefully that makes some sense - if it doesn't, I strongly suggest doing a little more reading/research into AD itself, as these are pretty basic questions about the foundations of Active Directory.
How DNS Support for Active Directory Works: Active Directory

yup i am researching thanks...

 

[cluberti]

Good luck

 

[ajishb03]

why some domains have 2 domain controllers ? Is this for load balancing?

 

[Lemur]

Redundancy. If the primary DC fails, the other takes over. They both have copies of the AD.

 

[ajishb03]

I actually wanted to work out how active directory work in corporate world as I dont have any experience in working with active directory.
DNS has all the records for the domain which is distributed in different zones like primary and secondary. Now in the domain we have users. Now my question is what sort of records or resources are the user updating in the DNS for eg. the concept of dynamic update and non dynamic update. And why the updates should sometimes be secure?

If the user logins to the given credentials to him or her and if he uses internet to browse how this could be related to the DNS dynamic update??