Sei sulla pagina 1di 36

Instalarea Active Directory pe Windows Server 2008

7 martie 2012 suntitpro Las un comentariu Mergi la comentarii.

Rate This Microsoft Active Directory ofer o structura pentru a centraliza gestionare reelei i de a stoca informaii despre resursele de reea n ntregul domeniu. Active Directory folosete Domain Controllers pentru a menine, acest storage centralizat, disponibil utilizatorilor reelei. Pentru a configura o maina Windows Server 2008 de a gzdui un Domain Controller, mai multe condiii ar trebui s fie luate n considerare, i mai multe etape ar trebui s fie efectuate. n acest articol am s va ghidez pentru ndeplinirea acestor condiii si de a urma paii pentru a crea un Windows Server Domain Controller pentru un nou domeniu Active Directory ntr-un forest nou. Consideraii pentru instalarea unui nou Windows Server 2008 forest Cnd instalai AD pentru a crea primul controler de domeniu ntr-un nou Windows 2008 Server forest, trebuie s inem cont de urmtoarele considerente:

Trebuie s se fac decizii asupra domain functional level, pentru a stabili dac forest-ul i domeniu poate conine controlerele de domeniu care ruleaz pe Windows 2000 Server, Windows Server 2003, sau ambele. Domain controllers care ruleaz pe Microsoft Windows NT Server 4.0 NU sunt suportate pe Windows Server 2008. Serverele pe care se ruleaz Windows NT Server 4.0 NU sunt suportate de controlerele de domeniu pe care se execut Windows Server 2008, ceea ce nseamn c trebuie s avem DCs suplimentare care ruleaz pe Windows 2000/2003 pentru suporta NT 4.0 mai vechi. Primul Windows Server 2008 controler de domeniu ntr-un forest trebuie s fie un global catalog server i nu poate fi un RODC.

Consideraii pentru instalarea unui domeniu Windows Server 2008 nou intr-un forest Windows 2000/2003 existent Cnd instalai AD pentru a crea primul controler de domeniu intr-un domeniu Windows 2008 Server nou, trebuie s inem cont de urmtoarele considerente:

nainte de a crea un domeniul Windows Server 2008 nou ntr-un forest Windows 2000/2003, trebuie s se pregtii forest-ul pentru Windows Server 2008 prin extinderea schemei (prin rularea ADPREP / forestprep). Pentru a citi mai multe despre ADPREP v rog s consultai linkurile de mai jos. Trebuie s se fac decizii asupra domain functional level , care s stabileasc dac domeniul Dvs. poate s conin controlerele de domeniu care ruleaz Windows 2000

Server, Windows Server 2003, sau ambele. Pentru a citi mai multe despre domain functional levels v rog s consultai linkurile de mai jos. V recomand ca sa gzduii PDC emulator operations master role n forest-ul root domain pe un domain controller care ruleaz Windows Server 2008.

Instalarea Active Directory Domain Services (AD-DS) n Windows Server 2008, spre deosebire de sistemele de operare pentru servere anterioare, exist un pas suplimentar, care trebuie s fie efectuat nainte de a rula DCPROMO pentru a promova serverul la Domain Controller i de instalarea Active Directory pe el. Acest pas este instalarea Active Directory Domain Services (AD-DS) role pe server. De fapt, rolul AD-DS este ceea ce permite serverului de a aciona ca Domain Controller, dar va trebui in continuare s rulam DCPROMO dup procedura regulata. AD-DS poate fi instalat prin unul dintre metodele: Metoda 1 Server Manager/Initial Configuration Tasks Rolurile pot i ar trebui s fie adugate prin Server Manager (dar ele pot fi, de asemenea, adaugate si prin expertul de configurare iniial, care se auto-deschide prima dat cnd v conectai la server). 1. Deschidei Server Manager fcnd clic pe pictograma din bara de instrumente Quick Launch toolbar, sau din folderul Administrative Tools. 2. Ateptai pn se termin de ncrcare, apoi facei clic pe Roles > Add Roles.

3. Apsm Next. 4. n fereastra Select Server Role, bifm Active Directory Domain Services, i apoi clic

pe Next.

5. n fereastra Active Directory Domain Services dac dorim citim informaiile furnizate

i apoi apsm Next. 6. n Confirm Installation Selections, citim informaia furnizat i apoi clic pe Next.

7. Ateptm finisarea procesului.

8. Cnd acesta sfrete, apsm Close

9. Mergem napoi la Server Manager, clic pe link-ul Active Directory Domain Services, depistm c nu este nici o informaie legat de acesta, pentru c comanda DCPROMO

nc nu a fost executat.

10. Acum putem clica pe link-ul DCPROMO, sau citim mai departe.

Pentru a executa DCPROMO, introducem comanda n Run, sau facem clic pe link-ul DCPROMO din Server Manager > Roles > Active Directory Domain Services.

n dependena dac AD-DS a fost sau nu anterior instalat, Active Directory Domain Services Installation Wizard va aprea imediat sau dup cteva clipe. Clic Next.

Not: Avantajele DCPROMO vor fi discutate alte articole.

n fereastra Operating System Compatibility, citim informaia propus i apsm Next.

n fereastra Choosing Deployment Configuration, clic pe Create a new domain in a

new forest i apoi Next. Introducem un nume pentru noul domeniu. Trebuie s fim precaui la alegerea numelui, pentru c odat stabilit, s nu avem nevoie de al redenumi pe viitor. Procedura de redenumire este foarte anevoioas i chiar nerecomandabil. Clic Next.

Not: NU utilizai un singur nume pentru domeniu ca domeniu sau ceva asemntor. Trebuie s alegei un nume de domeniu complet, de exemplu domeniu.local sau domeniu.com etc.

Wizard-ul va efectua un control pentru a verifica dac numele de domeniu nu este utilizat n

reeaua local.

Alegem forest function level. Windows 2000 este selectat implicit, dar mai sunt permise pentru forest-ul care l crem i Windows Server 2003 i Windows Server 2008.

Alegem domain function level. Windows 2000 Native este setat implicit, dar mai putem alege i Windows Server 2003 i Windows Server 2008 pentru domeniul care l crem

Not: Dac alegem Windows Server 2008 pentru forest function level, nu vom mai fi ntrebai care va fi domain function level. Se va seta automat Windows server 2008.

Wizard-ul va efectua un control pentru a vedea dac DNS-ul este configurat corect pe reeaua local. n cazul cnd DNS-ul nu este configurat, wizard-ul ne va oferi s instaleze automat DNS pe server.

Not: Primul DC trebuie s fie Global Catalog. De asemenea, primul DC n forest nu poate fi Read Only Domain Controller.

Este foarte probabil ca s avei un mesaj de avertisment, care va spune c avei unul sau mai multe adrese IP alocate dinamic. Executai IPCONFIG /all pentru a ne convinge c nu este aa, i avem setat un IP static. Deci, de ce apare acest mesaj? Rspunsul este IPv6, care nu e configurat manual. n reelele unde nu se folosete IPv6

vom ignora mesajul.

Probabil vei primi un mesaj despre DNS delegation. Deoarece DNS-ul nc nu a fost configurat, putem ignora mesajul i apsm Yes.

Apoi, setm cile pentru AD database, fiierele de log i a mapei SYSVOL. Clic Next.

Introducem o parol pentru Active Directory Recovery Mode. Aceast parol trebuie s fie confidenial, pentru c ea rmne constant, n timp ce alte parole pot expira n timp (implicit 42 zile), aceasta nu expir. Ea trebuie s fie ct mai complex, minim 7 caractere. Recomand ca s nu fie folosit aceeai parol ca i la administratori. Clic

Next.

n fereastra Summary revizuim alegerile fcute i dac e nevoie le salvm ntr-un fiier (unattend answer file). Clic Next.

Wizard-ul va ncepe crearea domeniului Active Directory, i la sfri va trebui s apsm pe Finish i de a reporni calculatorul.

Acum serverul funcioneaz ca un Domain Controller. Asigurai-v c avei setat backup pe acest server. Putem testa funcionalitile noului server cu ajutorul AD management tools, cum

ar fi Active Directory Users and Computers, de a examina Event Logs, serviciile i mapele care au fost create. Metoda 2 Servermanagercmd.exe Servermanagercmd.exe este o comand echivalent cu Add Roles i Add Features wizards n Server Manager. Prin utilizarea diverselor linii de comand, avem posibilitatea rapid i uor de a aduga sau elimina caracteristici i roluri noi pe server, inclusiv i AD-DS role. Pentru a instala AD-DS cu ajutorul comenzii Servermanagercmd.exe, pur i simplu introducem comanda urmtoare n fereastra Command Prompt: Servermanagercmd.exe I ADDS-Domain-Controller Lsm ca comanda s ruleze i atunci cnd se va termina vom avea instalat pe server AD-DS. Dup instalarea DC-DS role, trebuie s executm DCPROMO pentru a continua instalarea bazei de date Active Directory i a altor funcionaliti. Not: Acest ghid presupune c acesta este primul Domain controller n forest, crend astfel un domeniu nou ntr-un forest nou. Cu respect.

How To Install Active Directory On Windows Server 2008


As you probably know Active Directory stores information about objects on the network and makes this information available to users and network administrators. AD uses domain controllers to give network users access to permitted resources anywhere on the network through a single logon process. In this article I will go through the installation of active directory on Windows server 2008.

Table of Contents

Things you need before installing Active Directory on Windows Server 2008 Things you should keep in mind Final preparations Installing Active Directory Domain Services Installing Active Directory Domain Controller

Things you need before installing Active Directory on Windows Server 2008

Have Windows server 2008 already installed. Have administrative privilege on the system be able to reboot the system any time. Have an NTFS partition with enough free space

Things you should keep in mind


If you are installing active directory on windows server 2008 for the first time, it must be a global catalog server, it cannot be RODC. NT 4.0 domain controllers are not supported on windows server 2008 anymore. if you still have NT domain controllers on your network, you need to have 2000/2003 DCs to support them. If you are making windows 2008 a domain controller on 2003 forest, you must prepare the forest for windows 2008 by running ADPREP.

Final preparations
the last thing I will do to start the installation of active directory is to change the name of the computer to reflect the new status. to do that, login to the server and click on the Start button and right-click on Computer and go to Properties. at the bottom under computer name, domain, and workgroup settings, click on the Change settings:

the System Property window will come up. click on the change tab, and change the computer name to whatever you want.

Click on the OK button. Windows Server 2008 will now reboot.

Installing Active Directory Domain Services


Now that we have renamed the computer to something that reflects the new role on windows server 2008, we will proceed with the installation of active directory. I always recommend using the server manager interface when installing active directory and other network services. to install active directory domain services, go to Start and click on Server Manager. the server manager window will come up:

The Select Server Role window will come up:

Make sure the Active Directory Domain Services option is checked. click on Next after checking the option.

Active directory domain services (AD DS) is something new on Windows Server 2008. on the following window you can read a small introduction about it. click next when you finish reading.

click Next on the above window. on the following window, you will be asked to confirm the installation of domain services:

click on Install to start the installation.

You should receive the Installation Results window after the installation completes.

Note: this only installs Active Directory domain services, it does not make Windows server 2008 a domain controller. for that we will need to run the DCPROMO wizard.

Installing Active Directory Domain Controller


after Active Directory Domain Services have been installed, you should return to the Server Role Interface. click on Active Directory Domain Services:

on the window that pops up, you will see a summary message that reads, This server is not yet running as a domain controller: Run Active Directory Domain Services Installation Wizard ( dcpromo.exe) Click on the blue link.

by clicking on the blue link, the dcpromo.exe wizard should come up:

make sure Use advanced mode installation option is checked and click Next. read the provided information on the next screen. that explains some new features on windows server 2008 domain services that might affect older Windows operating systems and non Microsoft SMB clients on an existing domain.

Click Next after you read the above warning. on the following screen, choose your deployment configuration.

because this is my first domain controller, I will choose the Create a new domain in a new forest option.

click on Next. Choose the name for your forest root domain on the following window.

click Next after choosing your fully qualified domain name. the wizard will check if that forest name is already in used:

after a few seconds, the wizard will ask you to enter the NetBIOS name:

the default NetBIOS name should be fine. click on the Next tab. on the following screen, choose the forest functional level:

I will choose Windows Server 2003 as my functional level. Choosing windows server 2008 functional level does not provide any new features over the Windows 2003 forest functional level. However, it ensures that any new domains created in this forest will automatically operate at the Windows Server 2008 domain functional level, which does provide unique features. click on Next.

Clicking next, the dcpromo wizard will check for DNS configurations. If DNS is not installed on your system, choose the DNS Server option on the following screen.

here you get the info that tells you: The first domain controller in a forest must be a global catalog server and cannot be an RODC. Click on Next. if your server does have static IP address assigned on the server, you might get the following warning:

as you can see, having dynamic assigned IP address is not recommended. use static IP addresses for servers whenever is possible. choose your option, and click Next. another warning:

if you get this warning, click on OK. choose the location of the AD database on the following screen:

Leave the default settings, and click on Next. Enter your the password for your Restore Mode Administrator on the following screen.

click Next after entering the password. on the following screen you should get the Summary page.

click on Next. damn it!! I got an error saying I need to install DNS manually.

An error occurred while the wizard was installing DNS, you will have to configure DNS for this domain manually. this is the first time I let the dcpromo.exe to configure DNS for me, and I kind of was expecting for this error. that will be the subject of the next article. click OK on the error for now. active directory installation should start installing. but it wont work perfect until DNS is install.

after awhile, you should get the completion window.

click on Finish. you will need to reboot the computer.

go ahead and restart the computer, and if you need to install DNS do so after the reboot.