Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Active Directory and DNS

advertisement 
IST346: Lab
Last Update: 3/20/2016 12:02 AM
LAB – NAMESPACES , ACTIVE D IRECTORY , DNS
O VERVIEW
In this lab you will have to configure your computers in your virtual machine network to use Active Directory. With
the computers and users being managed by Active directory, you will no longer need to create the same user
accounts on each computer on your network. Through Active directory you will discover how name spacing and
DNS are applied in practice.
L EARNING O BJECTIVES
Upon completion of this lab, you should be able to



Install and configure Windows Active directory and the DNS service.
Understand how DNS works and how to add hosts to DNS.
Configure your windows computers to join the active directory domain.
L AB B REAKDOWN
This lab consists of 4 parts:
1.
2.
3.
4.
Lab overview and the namespace plan
Prepare the network for Active Directory’s DNS
Learn more about DNS
Bind the Win7 virtual machine to Active Directory
R EQUIREMENTS
Before you start this lab you will need:
1.
2.
These virtual machines,
a. Win2008 (Windows Server 2008) – acting as a server
b. Centos5 (Centos Linux 5) – acting as a server
c. Win 7 (Windows 7) – acting as a workstation
Startup the Win2008, Centos5 and Win7 virtual machines:
a. Logon to Win2008dc as Administrator (the account with the most access on the Windows
platform)
b. Logon to Centos5 as root (the account with the most access on a *nix platform)
c. Logon to Win7 as user (a non-privileged account)
d. Remember, in all cases, the password is SU2orange!
Page 1
IST346: Lab
P ART 1 – L AB
Last Update: 3/20/2016 12:02 AM
OVERVIEW AND THE NAMESPACE PLAN
O VERVIEW
I MPORTANT I NFORMATION – P LEASE
READ !
The goal of this lab is to install and configure Microsoft Active Directory on our virtual machine network. In order
to do this, we must host our own DNS service on our network. If you recall the DNS service resolves names to IP
addresses, and is a key factor in making the Internet useable. For example when you want to search the web you
enter http://www.google.com you don’t enter http://66.249.81.104. Without DNS we’d have to consume services
by IP address rather than by name! U-G-L-Y!
For example up until this point we have been exposing services by IP address or hostname. For example, in a
previous lab you setup the SMB protocol on Linux and Windows. To access the remote file share we needed to
know the IP address of the Windows 2008 and Linux computers to connect to the remote file share. This is not
how services are configured in the real world where we use names to represent the service. Names make services
easier to identify, remember, and troubleshoot.
N AMESPACE P LAN
You’re building this Active Directory setup for a company known as fauxco.com. Active Directory provides a unified
account store for both users and computers. This means a user is created one time but can log-on to any domainbound computer with that account. This is a good thing because without it we’d have to create the same account
on each workstation!
Here’s our namespace plan: (Nothing to do at this point but simply review the plan.)
D OMAIN C ONTROLLER C ONFIGURATION
Domain Controller Win2008
IP v4 Address of Active directory / DNS Domain Controller 192.168.80.10
Active Directory Domain  ad.fauxco.com
W ORKSTATION C ONFIGURATION
Workstations  win7 (etc…)
Name of a Workstation (on domain)  win7.ad.fauxco.com
P ART 2 - S ETUP A CTIVE D IRECTORY IN THE W IN 2008 VM
I NSTALLING A CTIVE D IRECTORY D OMAIN S ERVICES
Now it is time to install Active Directory. This process is fairly straightforward. From the Win2008 virtual machine:
Page 2
IST346: Lab
Last Update: 3/20/2016 12:02 AM
1.
Let’s verify the computer name is what we want. Open the Server Manager utility from the Start menu.
The server name should be WIN2008 like so. The IP address should be 192.168.80.10 this is also
important because the other computers in our network will use this computer for DNS.
2.
Use the Add roles wizard in the Server Manager utility to setup Active Directory Domain Services. Click
Roles  Add Roles then select Active Directory Domain Services like so:
3.
4.
Click next and follow the dialogs. Be sure to read the information on the dialogs as it’s quite informative!
Also you might need to know this information for a quiz or Exam 
When ready, click Install. The server will be configured for Active Directory. All that is being done at this
point is setting up the required software.
After the configuration is complete, click close.
P ROMOTING
THIS
S ERVER
TO A
D OMAIN C ONTROLLER – DCP ROMO
In this next section will run the DCPromo utility to configure this server to run as a domain controller. This process
will configure DNS and the Other Utilities required by Active Directory.
1.
Run dcpromo.exe (Click Start and type dcpromo, then click on the dcpromo icon. This will promote this
server to a domain controller.
Page 3
IST346: Lab
Last Update: 3/20/2016 12:02 AM
2.
Dcpromo.exe starts a wizard to walk you through the process:
3.
4.
Do NOT choose advanced mode, click next.
Next you will see an information dialog concerning compatibility with older versions of windows. After
reading the information, click next.
From the deployment configuration screen, click the radio button to Create a new domain in a new
forest This is the simplest method for configuring Active Directory.
5.
6.
When you’re ready, click Next.
For the FQDN of the Forest Root Domain, enter the name ad.fauxco.com and then click next. Windows
will check DNS to make sure the domain isn’t already in use.
Page 4
IST346: Lab
Last Update: 3/20/2016 12:02 AM
7.
When ready, click next.
Set the forest functional level to Windows Server 2008. This will provide the most current set of features
for our environment.
8.
When ready, click next.
Windows will investigate your current DNS configuration. When asked about additional domain
controller options, check the DNS server checkbox,
Page 5
IST346: Lab
9.
Last Update: 3/20/2016 12:02 AM
and when you’re ready, choose next.
You will see the following warning message:
10. Select Yes, the computer will use a dynamically assigned IP address.
11. You will see the following warning message:
This message is informing you that the domain fauxco.com is not an “official” registered DNS name. Since
we will only use fauxco.com for our internal network of virtual machines, this is sufficient. Select yes.
Page 6
IST346: Lab
Last Update: 3/20/2016 12:02 AM
12. For the locations of the database, log files and system volume,
keep the defaults and click next.
13. IMPORTANT! For the restore mode password, enter SU2orange! and click next. We will need this
password should we ever wish to uninstall Active Directory or recover from a serious error. In real life this
would be a different password but for the sake of simplicity make it the same password used by all
accounts in the labs.
14. At the summary screen click next (for the last time) to begin the configuration process.
15. As the final step in the process, everything will be configured you can watch the progress from this dialog:
As the process continues, check reboot on completion. Once everything is configured, your Win2008
virtual machine will reboot.
L OVE
AT FIRST BOOT …
( I <3 U A CTIVE D IRECTORY !)
Page 7
IST346: Lab
Last Update: 3/20/2016 12:02 AM
After your Win2008 server restarts, you will notice the logon prompt looks a little different (Now says
AD\Administrator, which means you are logging in as the Domain Administrator.
1.
2.
At this screen, logon with the same password SU2orange!
In Server Manager, the Full Computer Name should now be win2008.ad.fauxco.com
3.
As a last step we should make sure DNS is working on our domain controller. If it is then we’re in good
shape! The FQDN (Fully qualified domain name) for computers on our domain should be computer name
+ domain name, so for example the FQDN Win2008 virtual machine should be Win2008.ad.fauxco.com.
To put this information in context with this week’s lecture, the FQDN is a hierarchical name space that is
globally unique. 
From the command prompt on Win2008 type:
ping –a 192.168.80.10 (The –a will resolve the IP address to its DNS name. We call this a “reverse
lookup.”) You should see output like the following:
4.
5.
You can also perform a forward lookup, type:
nslookup Win2008.ad.fauxco.com and you should see:
6.
If both the ping and nslookup commands are working, then you’ve got everything working properly. Time
to move on!
C REATING
A
D OMAIN U SER A CCOUNT
Page 8
IST346: Lab
Last Update: 3/20/2016 12:02 AM
As I alluded to earlier one benefit of a directory service, such as Active Directory is that the objects you add to the
directory can be used by all of the computers bound to the directory. For example in this next part we will create a
user account called testing which we will use to logon to the Win7 virtual machine in a subsequent step.
Let’s create a user in Active Directory.
1.
From the command prompt, create a new user, testing with password SU2orange!.
c:\users\Administrator> net user testing /add *
then enter the password SU2orange! twice:
2.
Now let’s check out how you can manager users, computers and groups in Active Directory from the GUI.
From Server Manager, open Roles  Active Directory Domain Services  Active Directory Users and
Computers. This is the primary utility for managing the entries in Active directory.
3.
Double-click on ad.fauxco.com to open the domain. And then double-click on the Users folder.You should
see the testing user you created (along with several other built in domain users and groups).
Page 9
IST346: Lab
Last Update: 3/20/2016 12:02 AM
Use of this graphical tool is fairly straightforward, and it is interesting to know the command line
commands have a graphical counterpart. 
P ART 3 – DNS
AND
A CTIVE D IRECTORY
A key technical requirement of Active Directory is the DNS service. As you already know, DNS is responsible for
name to IP address resolution. This section will explore the DNS service in greater detail.
V ERIFY
THE
DNS
CLIENT ON THE
W IN 7 C OMPUTER
First let’s make sure the Win7 virtual machine, can talk to our new DNS server and the ad.fauxco.com domain.
1.
2.
From the win7 virtual machine open a command prompt.
From the command prompt, see if you can resolve the domain, type:
nslookup ad.fauxco.com
3.
Page 10
IST346: Lab
Last Update: 3/20/2016 12:02 AM
4.
In addition, you should be able to ping Win2008, type:
ping win2008.ad.fauxco.com
5.
And finally you should still be able to access the internet, too:
ping www.syr.edu
6.
If both resolve properly, then you are in good shape.
T HE DNS S ERVER ( AKA . AN I MPORTANT T EACHING M OMENT
REGARDING OUR
DNS
SETUP .)
How does step nslookup work? I mean I understand how our Win2008 DNS service can resolve ad.fauxco.com
domains, but how can it ALSO resolve real domains? Well our DNS server was setup as a forwarder. Which
means when the DNS service running on Win2008 (192.168.80.10) cannot resolve a name (like www.syr.edu)
it then forwards the request to Its DNS server 10.1.1.1 (Part of Lab Manager). Any queries which are
forwarded are then cached on the Win2008 DNS server for future use.
In techno-speak, ad.fauxco.com is called an Intranet because it is only available inside the Fauxco “corporate”
network.
Wanna see it in action? Of course you do!  For a brief, but important tangent, go back to Win2008
1.
2.
Switch back to the Win2008 virtual machine
Inside the Server Manager utility, under Roles open the DNS server role. Select DNS.
Page 11
IST346: Lab
Last Update: 3/20/2016 12:02 AM
3.
Double-click on WIN2008
4.
From the menu, select View  Advanced You should now see a Cached Lookups folder, like so:
and inside the cached lookups folder, if you keep double-clicking you should be able to navigate to (root)
 edu  syr  www. Like this:
5.
The DNS cache, represents a copy of all of the name-to-IP address lookups which were asked of this DNS
server (192.168.80.10) and then forwarded to the next server (10.1.1.1) once a DNS server resolves the
name to an IP address, that record is stored in the DNS cache on 192.168.80.10. This ensures future
Page 12
IST346: Lab
Last Update: 3/20/2016 12:02 AM
requests can be handed by the same server (192.168.80.10) thereby speeding up the name resolution
process. DNS caching is a blessing and a curse. It’s a blessing because it speeds things up, it’s a curse
because if you change a DNS record you have to wait a while before that change propagates through all
of the cached DNS server on the internet!
A DDING
A
DNS
RECORD
In this next step, we will add a DNS record for our centos5 linux virtual machine. Once we add the record we’ll go
back to Win7 and see if we can get it to resolve properly.
1.
From the DNS utility in the Server Manager window of Win2008, double-click on Forward Lookup Zones.
You should see two zones:
2.
We would like to add a record to the domain ad.fauxco.com so double-click on that zone. You should see
the following:
3.
From the menu, choose Action  New Host. The new host dialog appears. Enter centos5 for the name,
and 192.168.80.11 for the IP address
Page 13
IST346: Lab
4.
5.
6.
Last Update: 3/20/2016 12:02 AM
when you’re ready, click Add Host.
You should now see a new A record for centos 5:
Now let’s test our new entry. Go back to the Win7 virtual machine.
Open a command prompt, and type:
ping centos5.ad.fauxco.com
You should see this output:
If you do, then your DNS record is setup correctly (and your Centos5 VM is powered on, too) 
Page 14
IST346: Lab
Last Update: 3/20/2016 12:02 AM
P ART 4 - B IND
THE
W IN 7
VIRTUAL MACHINE TO
A CTIVE D IRECTORY
The directory service is only useful if computers bind to the directory for user and group information. In this final
phase we will bind the win7 virtual machine to our ad.fauxco.com domain. When we do this we will be able to
logon to the win7computer using the testing account we created in Active Directory, rather than the accounts
which are local to the computer. This is a huge benefit and the primary means that organizations scale support of
100’s or 1,000’s of computers.
B INDING
THE
W IN 7
COMPUTER TO THE AD . FAUXCO . COM DOMAIN
To bind the Win7 computer to the ad.fauxco.com domain:
1.
2.
Back at win7, Click on Start  control Panel  System and Security  System  Advanced System
Settings
You should see this dialog:
Click on the Computer Name tab.
Page 15
IST346: Lab
Last Update: 3/20/2016 12:02 AM
3.
You should see this dialog:
4.
Click on the Change… button.
The Computer Name dialog appears from here you can select Domain and then enter ad.fauxco.com for
the domain name.
Select Ok when you’re done.
Page 16
IST346: Lab
Last Update: 3/20/2016 12:02 AM
5.
You will be asked to authenticate to the Active directory Domain.
6.
Logon with the Domain account Administrator with password SU2orange!
If you are successful, you should see this message:
7.
Click Ok and you will be asked to restart the computer, click Ok to restart. Close all open windows and
restart Win7.
When the logon screen appears, let’s try to logon with a Domain Account.
8.
Click the Switch User button.
Click the Other User button and you will see the AD logon. Logon as user testing with password
SU2orange!
Page 17
IST346: Lab
9.
O NE
Last Update: 3/20/2016 12:02 AM
If you can logon successfully, then you’ve now bound the win7 computer to the Active Directory domain
on win2008. This means the directory trusts the win7 computer and users can now logon with domain
accounts!
MORE TRIP BACK TO
W IN 2008
If you go back to our domain controller, you can see the bound computer in the directory (and in DNS if you like).
1.
2.
Go back to Win2008 and to the Active Directory Users and Computers utilty.
Click on the Computers folder. You should see the Win7 computer. If you do not, click on the “Refresh”
3.
icon
to get a fresh copy from the directory.
You should see the following:
4.
If you navigate down to the DNS Server and look for forward lookup zones under ad.fauxco.com you
should see the DNS Host entry for win7 along with its IP address (again, if you don’t, click refresh).
5.
Neato. When you add a computer to the domain, the DNS record is updated automatically. The computer
name is used as the host record in DNS!
Page 18
IST346: Lab
Last Update: 3/20/2016 12:02 AM
L AST P ART – G ETTING THE L AB C HECKER S CRIPT W ORKING
This lab is handed in using the provided lab-checker script. This lab checker will execute from your Win2008
computer. Here are the instructions:
O NETIME P RE -S CRIPT S ETUP
The script is designed to be run from your Win2008 virtual machine. You will need to install PowerShell. Make sure
you are logged on as the Domain Administrator.
1.
2.
3.
4.
5.
6.
From Win2008 open Server Manager
Click on Features then Add Features
Select the Windows Powershell feature, click next. Click Install.
Click on Start  Run Type in PowerShell and click on Windows PowerShell.
At the Blue PowerShell prompt, type set-executionpolicy unrestricted
At the Blue PowerShell prompt, type get-executionpolicy and make sure it returns Unrestricted
E XECUTING
1.
2.
3.
4.
5.
6.
THE
S CRIPT
Make sure all the virtual machines you used in the lab are powered on and working properly.
Download the script: open Internet Explorer visit http://classes.ischool.syr.edu/ist346/ and right click on
the script and choose “save target as” save to your documents folder.
Open PowerShell command prompt. (A different one from the one-time setup)
Move into the documents folder (where you stored the script) type: cd documents
Execute the script by typing .\L02.ps1
When you think you’re got it correct, email the lab to yourself and it will cc your instructor.
Page 19
Related documents
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Assignment-2_old Paper
Assignment-2_old Paper
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Basic Server Roles: File Services Role: The File Services Role has
Basic Server Roles: File Services Role: The File Services Role has
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Matching game to review for Exam II
Matching game to review for Exam II
Download
advertisement