Upload
samnang-leap
View
34
Download
0
Embed Size (px)
Citation preview
Domain Controller
“Information Technology”
2016PAssewrelles numeriques cambodia
Songkat Tek thla, Khan Sen Sok, Phnom Penh, Cambodia
Passerelles Numériques Cambodia
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Contents:I. Install Active Directory and DNS Windows Server 2008 R2:........................................................1
A. Assign IP address on server 192.168.ID.1 and subnet mask /24 (My ID is 42):.........................1
B. Assign hostname’s DomainID (Domain42):................................................................................2
C. Install Active Directory: Domain’s name samnang42.lan (nameID.lan):....................................3
II. Create Organizational Unit (OU) of each department:................................................................9
III. Create group account and users account of each department without required strong password:............................................................................................................................................10
A. Add membership to group in their department:.........................................................................19
IV. Computer Create Account: Right click on OU (Computers) > New > Computer > Put the name of Computer Account > OK..................................................................................................................21
V. Create users account template on each department: We just do the same following of creating user account and put the name as Template......................................................................................22
A. Department (Department Finance):............................................................................................22
B. Add user account template into group (Finance Group): Double click on group that we want to add member > Select tab Members > add user with the same to the following of adding membership as the..........................................................................................................................23
VI. Enable and Disable Account User:..........................................................................................23
A. Enable Account User: Right click on user that we want to enable > Enable Account..................23
B. Disable Account User: Right click on user that we want to enable > Disable Account................24
VII. Unlock User Account:..............................................................................................................24
A. From Monday to Friday period 8:00 AM to 5:00 PM allow, other deny:.....................................25
B. Only User name “samnang.leap” can loin only computer name “Win-Client”:...........................27
VIII. How to reset password of user:..............................................................................................27
IX. Create multiple users with introduction below:....................................................................28
A. Create Organizational Unit name “SNA-B”:.................................................................................28
B. Create Multiple User Account (Do on Excel):..............................................................................28
X. Take windows client joins domain: “Before take windows client joins domain we must install DNS service and AD and take them (Server & Client) in the same network........................................32
A. Take one user to logon your computer client that joined to domain:.........................................40
XI. Make sure that manager can do the following task in each OU department by delegate control:................................................................................................................................................42
XII. Make sure manger can access from his/her computer to domain service (AD):...................45
To make sure manager can access to domain service in windows client we must do with the following below:..............................................................................................................................45
Make sure that manager (samnang.leap) can access to domain service (AD):........................49
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Domain Controller I. Install Active Directory and DNS Windows Server 2008 R2:
A. Assign IP address on server 192.168.ID.1 and subnet mask /24 (My ID is 42):
Run > type: ncpa.cpl > double click on Local Area Connection > …> input IP > OK.
Run > cmd > ipconfig > see the IP and Subnet Mask.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
B. Assign hostname’s DomainID (Domain42): Run > type: sysdm.cpl > Click on Change > Input the computer’s name
> Click on OK.
Run > cmd > type: hostname > see the host name.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
C. Install Active Directory: Domain’s name samnang42.lan (nameID.lan):
Click on Server Manager > Click on Roles > Click on Add Roles.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Tick on Active Directory Domain Services > Next > Next > Install.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Click on Active Directory Domain Services >
Click on Run the Active Directory Domain Services Installation Wizard.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Select Create a new domain in a new forest.
Assign Domain’s name (samnang42.lan) > Next.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Tick o DNS server (If you want to install it) > Next.
Assign password > Next > Computer will restart machine.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Check system properties > See Domain’s name.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
II. Create Organizational Unit (OU) of each department: Click on Start > Click on Active Directory.
Select domain’s name (samnang42.lan) > Click on OU icon (2) > Type the name (IT_Admin) > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Create OU of each department’s name such as IT_Admin, Finance and Sale (Just do with the following above).
III. Create group account and users account of each department without required strong password:
To create users account without required strong password we must change group policy. Please, do with the following below:
o Click on Start > Click on Group Policy Management > Double click on Domains > Double click on samnang42.lan > Right click on Default domain Policy > Click on Edit…
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Double click on Policies > Double click on Windows Settings > Double click on Security Policy > Double click on Password must meet complexity requirements…
o Click on Disabled > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
After changed group policy we must update group policy by use command line (gpupdate):
o Run > cmd > type: gpupdate.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Create users in department’s name IT_Admin: o Go to Active Directory Users and Computers > Select OU that we want to create users
(IT_Admin) > Click on user icon > Put first name, last name > Put user logon name > Next > Put password > Next > Click on Finish.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Do the same following above (These are users in department’s name IT_Admin).
Create users in department’s name Finance:o Go to Active Directory Users and Computers > Select OU that we want to create user
(Finance) > Click on user icon > Put first name, last name > Put user logon name > Next…
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Put password > Next > Click on Finish.
o Do the same following above (These are users in department’s name Finance).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Create users in department’s name Sale:o Go to Active Directory Users and Computers > Select OU that we want to create user (Sale)
> Click on user icon > Put first name, last name > Put user logon name > Next…
o Put password > Next > Click on Finish.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Do the same following above (These are users in department’s name Sale).
Create Group Account for each department:o Go to Active Directory Users and Computers > Select OU that we want to create user
(IT_Admin) > Click on group icon > Put the name of group(Group_A > OK
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Do the same following above (These are groups in each departments such as IT_Admin, Finance, and Sale).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
A. Add membership to group in their department: Double click on group that we want to add memberships (Group_A) >
Select tap Members > Click on Add… (3) > Type user name > OK (5).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Do the same following above. These are memberships in Group_A (IT_Admin Group).
These are memberships in Group_B (Finance Group)
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
These are memberships in Group_C (Sale Group)
IV. Computer Create Account: Right click on OU (Computers) > New > Computer > Put the name of Computer Account > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
V. Create users account template on each department: We just do the same following of creating user account and put the name as Template.
A. Department (Department Finance): o Double click on account template that we created already > Click on tab
Organization > Put the name of department (Finance) > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
B. Add user account template into group (Finance Group): Double click on group that we want to add member > Select tab Members > add user with the same to the following of adding membership as the
VI. Enable and Disable Account User:A. Enable Account User: Right click on user that we want to enable > Enable Account.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
B. Disable Account User: Right click on user that we want to enable > Disable Account.
VII. Unlock User Account: Double click on a user that we want to unlock >…
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Select tab Account > Tick on Unlock account > OK
A. From Monday to Friday period 8:00 AM to 5:00 PM allow, other deny:o Double click on a user >…
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Select tab Account > Click on tab Logon Hours…
o Select the white part around the blue part as the picture below and then click on Logon Denied > OK (Please see the note).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
B. Only User name “samnang.leap” can loin only computer name “Win-Client”:
o Double click on user name samnang.leap > Select tab Account > Click on tab Log On To…> Select the following computers > Type: name of computer (Win-Client) > Click Add > OK.
VIII. How to reset password of user: Right click on a user that we want to reset password > Input password > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
IX. Create multiple users with introduction below:A. Create Organizational Unit name “SNA-B”:
o Click on samnang42.lan (Domain Name) > Click on OU icon > Put the name of OU (SNA-B) > OK.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
B. Create Multiple User Account (Do on Excel):o Name: firstname.lastname, Office: A21, Email Address: [email protected]
and Description: SNA-B.
o Password: 12345 and User must change password.
o Copy the formula of command line of creating users account into Notepad
o Save file in notepad with type as All Files and extension “.bat”
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Double click on this file to run command line of creating user account.
o This is the process of creating user account in cmd.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o The result of creating multi users.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
X. Take windows client joins domain: “Before take windows client joins domain we must install DNS service and AD and take them (Server & Client) in the same network.
Installing DNS:o Click on start > Click on DNS
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Double click on DOMAIN42 > Right click on Reverse Lookup Zones
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Click on Next.
o Select IPv4Reverse Lookup Zone.
o Put Network ID (192.168.42) > Click Finish.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Right click on 42.168.192,in-addr.arpa > Click on New Pointer(PTR) > Click on Browse
o Double click on DOMAIN42.
o Double click on Forward …
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Double click on samnang42.lan
o Double click on domain42 (hostname)
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Completed New Pointer > Click OK
o After installed DNS > Run > cmd > nslookup
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Figure windows client and windows server into the same network connection:
o Assign IP address and Subnet Mask and IP DNS (IP of DNS server) > OK.o Note: IP address of server (192.168.42.1) and IP of DNS server (192.168.42.1)
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Ping IP address of server (192.168.42.1)
o Test nslookup
o Run > sysdm.cpl > Click on Change.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Take client windows joins domain: o Click on Domain > Put domain name of server (samnang42.lan) > OK.
o Required username and password of windows server (Admin) > OK > PC will restart machine.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
A. Take one user to logon your computer client that joined to domain:o Take a user name hav.che to logon in windows client.
o User must change password > Click ok to change password.
o Input the new password > Enter to log in account user.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Password changed > Click ok
o User name hav.che could log on to client windows.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
XI. Make sure that manager can do the following task in each OU department by delegate control:
Delegate Control by a user who is a manager in a department:o Choose a user account as a manager in a department (User name’s samnang.leap is
a manager in department IT_Admin.
o Right click on a department that we want to do delegation control (IT_Admin department and user name’s samnang.leap is a manager).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Click Add > Type the username that we want to delegate > OK.
o Click Next…
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Tick the following tasks:a. Manager can modify the membership of a group.b. Manager can reset user passwords and force password change at next logon.c. Manager can create, delete, and manage user accounts.
o Click Finish.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
XII. Make sure manger can access from his/her computer to domain service (AD):
To make sure manager can access to domain service in windows client we must do with the following below:
a) First we must install RSAT (Remote Server Administration Tools) program in windows client:
o Double click on RSAT software > Type an administrator password, and then click yes.
o It is preparing the installation….
o It is already installed on the computer.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
b) After installed, we must open service by go to configure windows features on or off in control panel:
o Run > type: control panel > OK.
o Click on programs.
o Click on Turn Windows features on or off and then it will require username and password of administrator (Server Admin).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Type an administrator username and password, and then click Yes > Please wait >…
o Double click on Remote Server Administration Tools > Double click on Role Administration Tools > Click on AD DS and AD LDS Tools > Tick Active Directory Module for Windows PowerShell > Ok.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o It is making changes to features.
o After installed we can open Active Directory Users and Computers in windows client as windows server.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Make sure that manager (samnang.leap) can access to domain service (AD):
o Now we take user name’s samnang.leap to log on to windows client.
o So, he can access to domain service in windows client as windows server.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o Now, he can delete user in his department (Because we did delegate control for this user already)
o He can create user in his department (In department IT_Admin).
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
o He can reset password for user in his department (He is a user in department IT_Admin)
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
Note: He couldn’t delete user, create user, and reset password in another department beside his department (His department is IT_Admin).
o He couldn’t create user in department Finance.
o He couldn’t reset password for user name Template in department Finance.
P a g e | 52
By SamNang (SNA_B_2017) 2016
Passerelles Numériques Cambodia
P a g e | 52
By SamNang (SNA_B_2017) 2016
The End