Installing Windows Server 2008

Exercise 4 : Installing Active Directory

In this exercise you will install active directory services (ADS) and change to native mode
(where the server acts purely with ADS). Once ADS is installed, you will be able to take
advantage of many of the new features of Windows 2008 in managing users, computers and
sites.

Adding Active Directory Domain Services Role

In this section, you’ll learn how to adding Active Directory Domain Services Role.
EXERCISE 4.1
Adding Active Directory Domain Services Role

1. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager (Figure
0082).

Figure 0082 : Launch Server Manager

2. In Server Manager, select Roles (Figure 0083).

Figure 0083 : Roles
3. Select Add Roles (Figure 0084).

Figure 0084 : Add Roles
4. On the Before You Begin page, review the requirements, and click Next (Figure 0085).

Figure 0085 : Add Roles – Before You Begin

5. On the Select Server Role page, select the check box next to Active Directory Domain
Services, and click Next (Figure 0086).

Figure 0086 : Server Roles
6. On the Active Directory Domain Services page, review the information, and click Next

(Figure 0087).

Figure 0087 : Active Directory Domain Services

7. On the Confirm Installation Selections page, click Install (Figure 0088).

Figure 0088 : Confirm Installation Selections
Please wait. This operation will take a few minutes.

Figure 0089 : Installation Progress

8. On the Installation Result page, review the information.
Click Close (Figure 0090).

Figure 0090 : Installation Result
Note : You still must run the Active Directory Domain Services Installation Wizard
(DCPromo) to make the server a fully functional domain controller.

Installing Active Directory Domain Services

In this section, you’ll learn how to installing Active Directory Domain Services.
EXERCISE 4.2
Installing Active Directory Domain Services

9. Logon into a Windows Server 2008 server as Administrator.
10. Click Start ►Run. At the Run line, enter DCPromo, and click OK (Figure 0091).

Figure 0091 : Run dcpromo
11. On the Welcome screen, click Next (Figure 0092).

Figure 0092 : Welcome Screen
12. On the Operating System Compatibility screen, review the information, and click Next

(Figure 0093).

Figure 0093 : Operating System Compatibility Screen
13. On the Choose a Deployment Configuration screen, select Create a New Domain in a

New Forest.
Click Next (Figure 0094).

Figure 0094 : Choose a Deployment Configuration Screen

If your computer were part of an existing forest, you could create a replica domain
controller within an existing domain. However, this exercise is assuming your server will
be the first domain controller in the forest.
14. On the Name the Forest Root Domain screen, enter MYServer.com as the fully qualified
domain name.
Click Next (Figure 0095).

Figure 0095 : Name the Forest Root Domain Screen
15. If Domain NetBIOS Name page appears, accept the default of MYSERVER.
16. On the Set Forest Functional Level screen, select the Forest functional level of

Windows Server 2008. This ensures that any new domains created in this forest will
automatically operate at the Windows Server 2008 domain functional level, which does
provide unique features. If you had a network that has a Windows 2000 Remote Access
Server, you would select the compatible option (Figure 0096).

Figure 0096 : Set Forest Functional Level Screen

17. Click Next to continue.
18. On the Additional Domain Controller Options screen, note that both the DNS server and

the global catalog are selected as options. Active Directory Domain Services requires
DNS, and if not available on the network, DCPromo will give you the option of installing
it. Additionally, the first domain controller within a domain is a global catalog server.

Figure 0097 : Additional Domain Controller Options Screen
Note : If you have dynamically assigned IP addresses, a warning will appear indicating
you must assign static IP addresses for both IPv4 and IPv6. Either assign static IP
addresses or click Yes; the computer will use a dynamically assigned IP address and
configure static IP addresses later. As a best practice, domain controllers should use
statically assigned IP addresses.
Click Next to continue (Figure 0097).

19. If this server is on an isolated network without other DNS servers, a warning dialog box
will appear indicating that a delegation for this DNS server can’t be created and other
hosts may not be able to communicate with your domain from outside the domain. This
is normal when installing DNS for the first domain controller in a forest.
Click Yes to continue (Figure 0098).

Figure 0098 : Warning Dialog Box
20. On the Location for Database, Log Files, and SYSVOL screen, accept the defaults.

Click Next (Figure 0099).

Figure 0099 : Location for Database, Log Files, and SYSVOL Screen
21. On the Directory Services Restore Mode Administrator Password screen, enter

@xercisE in both the Password and Confirm password boxes. This password is needed

if you need to restore Active Directory Domain Services. On a production domain
controller, a more secure password would be required.
Click Next (Figure 0100).

Figure 0100 : Directory Services Restore Mode Administrator Password Screen
22. On the Summary screen, review your selections, and click Next (Figure 0101). Active

Directory Domain Services will be installed.

Figure 0101 : Summary Screen
23. After a few minutes, the wizard will complete (Figure 0102).

Figure 0102 : AD Installation Progress
24. If a warning message appeared same as below, just click OK. This message appeared

because we already created the DNS zone before (Figure 0103).

Figure 0103 : Warning Message
25. On the Completion screen, click Finish (Figure 0104).

Figure 0104 : Completion Screen
26. On the Active Directory Domain Services dialog box, click Restart Now (Figure 0105).

Once your system reboots, Active Directory Domain Services will be installed.

Figure 0105 : Restart Confirmation Screen
27. After restart, login your server as Administrator (Figure 0106).

Figure 0106 : Login
EXERCISE 4.3
Recheck Network Configuration

Now you need to recheck your network configuration because sometime after installing
Active Directory Domain Services, the network configurations change to localhost setting.
28. Launch Network and Sharing Center. Click Start ► Right click Network ► Properties

(Figure 0107).

Figure 0107 : Network Properties

29. Under myserver.com (Domain network), click View status (Figure 0108).

Figure 0108 : View Network Status
30. Click Properties button to open Local Area Connection Properties (Figure 0109).

Figure 0109 : Local Area Connection Status
31. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure

0110).

Figure 0110 : Local Area Connection Properties

Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties
32. Check your network configurations; make sure the configurations correct (Figure 0112).

Figure 0112 : Network Configurations

33. Now click the Advanced button (Figure 0112).
34. Select the DNS tab (Figure 0113).
35. Specify myserver.com as the DNS suffix for this connection (Figure 0113).
36. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0113).
37. Click OK (Figure 0113).
38. Click OK again.

Figure 0113 : Advanced TCP/IP Setting

39. Close all remaining windows.

Summary

Windows Server 2008 brings a lot of new features and benefits that will drive a lot of
migrations to the new operating system. This chapter presented many of these new additions.

One of the significant benefits of Windows Server 2008 is virtualization. Three editions
(Windows Server 2008 Standard with Hyper-V, Windows Server 2008 Enterprise with Hyper-V,
and Windows Server 2008 Datacenter with Hyper-V) support virtualization.

Each edition can be purchased with or without Hyper-V, which is the technology that
supports virtualization. The Standard edition supports one virtual server, the Enterprise edition
supports as many as four virtual servers, and the Datacenter edition supports an unlimited
number of virtual servers. Virtualization is supported only on 64-bit operating systems.

In this chapter, you learned about the new features of Windows Server 2008. These
included Server Manager, Server Core, PowerShell, Windows Deployment Services, and read-
only domain controllers.

Exercises led you through the process of installing Windows Server 2008 on a PC. After
reviewing many of the basics of Active Directory Domain Services, you learned how to promote
the server to a domain controller.

Exercise 5

Creating Organization
Units And Users

Exercise 5 : Creating Organizational Units And Users

In this section, you’ll use active directory to view the default settings that apply to user accounts
when they are created. These settings can be overridden for a particular user, a group of users,
or all users.
You will create a number of organizational units. An OU acts as a container that holds objects
such as users.

Creating Organization Units

In the following exercise, you will create some organizational units that will act as containers for
some users. These organizational units model the departments within a small organization.
EXERCISE 5.1
Creating Organization Units

1. Logon server as administrator.
2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ►

Active Directory Users and Computers (Figure 0114)

Figure 0114 : Run Active Directory Users and Computers
3. Click on the myserver.com icon to select it (Figure 0115).

Figure 0115 : Expand Domain
4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).

Figure 0116 : Create New Organization Unit

5. Enter Stkm as the name for the new organizational unit (Figure 0117).

6. Uncheck Protect container from accidental deletion (Figure 0117).
7. Click OK (Figure 0117).

Figure 0117 : Create Organization Unit
8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure 0118).

Figure 0118 : Organization Unit
Creating organizational units lets you place users directly into units and assign
permissions and rights based on these units. This leads to better administration and
delegation control than if you placed users directly into the user container.
When users move from one department to another, it is a simple matter to move the
user to the corresponding organizational unit. In this way, they inherit all the new
features and rights and of the new organizational unit, ensuring they have full access to
all the resources they are entitled to.
EXERCISE 5.2
Creating Users within Organizational Units

For proper control, it is better to create users within an OU rather than the Users container. In
the following exercise you will create a number of users, modify their properties, and move them
from one organizational unit to another.

9. Click the Stkm OU to highlight it (Figure 0119).

Figure 0119 : Stkm OU

Creating new user accounts for Zul
10. Right click Stkm and select New ► User from the menu (Figure 0120).

Figure 0120 : Stkm OU

11. Enter the following details for Zul (Figure 0121). User logon name
First Name Last Name Full Name

Zul Zcomby Zul Zcomby zul.zcomby

Figure 0121 : Create New User
12. Click Next.
13. Enter the password as comby. Check the boxes “User cannot change password” and

“Password never expires”, then click Next (Figure 0122).

Figure 0122 : Create Password
14. Click Finish to create the new user Zul (Figure 0123).

Figure 0123 : New User Account Confirmation
15. The warning below will appear. This warning appears because your password does not

meet the password policy requirements. Click OK to continue (Figure 0124).

Figure 0124 : Password Policy Warning
16. Click Cancel to close new user account confirmation window (Figure 0125).

Figure 0125 : New User Account Confirmation

EXERCISE 5.2

Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management. Click
Start ► Administrative Tools ► Group Policy Management (Figure 0126)

Figure 0126 : Launch Group Policy Management

18. Double click to expand Forest: myserver.com.

19. Expand Domains.
20. Expand myserver.com.
21. Click Default Domain Policy (Figure 0127).

Figure 0127 : Group Policy Management
22. If any warning box appeared; just click OK (Figure 0128).

Figure 0128 : Group Policy Management Console Warning

23. Right click Default Domain Policy and select Edit (Figure 0129).

Figure 0129 : Group Policy Management – Default Domain Policy
24. Double click to expand Policies (Figure 0130).
25. Expand Windows Settings.
26. Expand Security Settings (Figure 0130).

Figure 0130 : Group Policy Management – Security Settings

27. Double click to expand Account Policies (Figure 0131).

Figure 0131 : Group Policy Management – Password Policy
28. Click Password Policy (Figure 0132).
29. Double click Password must meet complexity requirements under Password Policy

to open Password must meet complexity requirements Properties.

Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements

30. Select Disabled under Security Policy Setting tab (Figure 0133).

Figure 0133 : Password Must Meet Complexity Requirements Properties
31. Click OK.
32. Double click Minimum password length under Password Policy to open Minimum

password length Properties (Figure 0134).

Figure 0134 : Group Policy Management - Minimum Password Length

33. Set No password required to 0 characters (Figure 0135).

Figure 0135 : Minimum Password Length Properties
34. Click OK.
35. Recheck your configuration. Your configuration should be same as figure below (Figure

0136).

Figure 0136 : Group Policy Management - Password Policy
36. Close all windows and RESTART your server.

After restarting server, login as Administrator and start create user Zul Zcomby again
(follow step 10 to 14). There should be no problem anymore.

Creating Users within Organizational Units (Continue)

37. Now create the new user Ocah in the Stkm OU using the following properties (Figure
0137).

First Name Ocah

Last Name Blue

Full Name Ocah Blue

User logon name ocah.blue

Password ocah

User cannot change password

Password never expires

Figure 0137 : Ocah Blue Properties

38. Create the following user account in the Sted OU (Figure 0138).

First Name Ahmad

Last Name Akmal

Full Name Ahmad Akmal

User logon name zul.akmal

Password akmal

User cannot change password

Password never expires

Figure 0138 : Ahmad Akmal Properties

39. Create the following user account in the Sklr OU.

First Name Ain

Last Name Syahmi

Full Name Ain Syahmi

User logon name ain.syahmi

Password ain

User cannot change password

Password never expires

Figure 0139 : Ain Syahmi Properties

First Name Ali

Last Name Uddin

Full Name Aliuddin

User logon name ali.zul

Password ali

User cannot change password

Password never expires

Figure 0140 : Aliuddin Properties

First Name Wan

Last Name Saad

Full Name Md Saad

User logon name wan.saad

Password masuri

User must change password at next logon

Account is disabled

Figure 0141 : Md Saad Properties

40. Note the down arrow that appears on the icon for the user Md Saad, indicating this
account has been disabled (Figure 0142).

Figure 0142 : AD Users and Computers – User Disabled
EXERCISE 5.3

Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In the above
exercise the user Md Saad was inadvertently placed in the wrong OU. Right-click the
user Md Saad and select move from the list (Figure 0143).

Figure 0143 : Move Users
42. Click Stkm as the destination OU (Figure 0144).

Figure 0144 : Move Users – Stkm OU

43. Click OK

44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm OU
(Figure 0145).

Figure 0145 : Stkm OU Members
You have now created a number of users within the organizational units created earlier.
At this stage, you cannot see the benefits of doing this. However, the later exercises will
start to illustrate why this has been done, by allocating resources to organizational units.
Thus, a user will get access to a resource based on their OU membership properties. If a
user moves from one organizational unit to another, they will inherit all the resources
associated with the new OU.

EXERCISE 5.4
Updating User Information

In this exercise we will look at default user properties such as logon times and how often they
need to change their passwords.

Active Directory allows organizations to store significantly more information than in previous
versions of Windows. For example, you can store telephone and office information in the Active
Directory with the user information.

45. Double click the user Md Saad in the Stkm OU (Figure 0146).

Figure 0146 : User Properties

46. Enter the following details (Figure 0147).

Office Integration

Telephone Number 012-5740157

E-Mail [email protected]

Job Title (Organization) Senior Instructor

Department Computer Technology

Company IKM

Figure 0147 : User Details

Figure 0148 : Md Saad Properties - General

Figure 0149 : Md Saad Properties - Organization
47. Click OK to apply the changes.
EXERCISE 5.5

Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).

Figure 0150 : Md Saad Properties
49. Click Account tab (Figure 0151).

Figure 0151 : Md Saad Properties - Account

50. Click the Logon Hours button (Figure 0152).
Figure 0152 : Logon Hours

51. Select all areas and click Logon Denied (Figure 0153).

Figure 0153 : Logon Hours for Md Saad – Logon Denied
Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.

52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).

Figure 0154 : Logon Hours for Md Saad – Select Areas
53. Select Logon Permitted (Figure 0155).

Figure 0155 : Logon Hours for Md Saad – Set Logon Permitted

54. Click OK.
55. Click OK again.

In the above exercise you assigned some organizational information to a user. You also
explored some of the properties that can be applied.

Exercise 6

Configuring Client
Computer

Exercise 6 : Configuring a Client Computer

In this section you will configure Windows XP Professional on the other computer that will be
part of your network. This computer will act as a client computer that users of your network can
use to access shared resources such as files, software and printers.

Make sure that the Windows Server 2008 previously installed is running.

Please refer to the following table for client configuration.

Name of This Computer clientxpSN

Name of Organization IKM

Role of This Computer Client Workstation

Name of Installer Administrator

Domain Name same domain name as you did for the Server

TCP/IP Address 192.168.2.SN

TCP/IP Subnet mask 255.255.255.0

TCP/IP Gateway 192.168.2.ServerNumber

Preferred DNS server 192.168.2.ServerNumber

Note : SN = Station Number
Use the same domain name as you did for the Server.

EXERCISE 6.1
Network Setting (Windows XP)

1. Run Network Connections application program. Click Start ► All Programs
►Accessories ►Communications ►Network Connections (Figure 0156).

Figure 0156 : Run Network Connections
2. Right click Local Area Connection (Figure 0157).

Figure 0157 : Local Area Connection
3. Select Properties (Figure 0157).

4. Double click Internet Protocol (TCP/IP) (Figure 0157).

Figure 0158 : Local Area Connection Properties

5. Now set your client (Windows XP) IP address, and ensure that you are using a static IP
address. For this exercise, I’m using number 61 as my Windows XP client station

number (Figure 0159).

Use the following IP address:

IP address : 192.168.2.SN (client station number)
Subnet mask : 255.255.255.0 (server IP address)
Default gateway : 192.168.2.ServerNumber

Use the following DNS server address:

Preferred DNS server : 192 . 168 . 2 . ServerNumber (1st server IP address)

Alternate DNS server : ___ . ___ . ___ . ___ (2nd server IP address)

Figure 0159 : Internet Protocol (TCP/IP) Properties
7. Click “OK” (Figure 0159).

Figure 0160 : Local Area Connection Properties
8. Click “OK” (Figure 0160) and close all remaining windows.

EXERCISE 6.2
Joining Domain (Windows XP client)

9. Click Start ►Right-click My Computer (Figure 0161).

Figure 0161 : My Computer
10. Select Properties. (Figure 0162).

Figure 0162 : My Computer - Properties

11. Click the Computer Name tab, and then click Change. (Figure 0163).

Figure 0163 : System Properties
12. Click More. (Figure 0164).

Figure 0164 : Computer Name Changes - Workgroup

13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure 0165).

Figure 0165 : DNS Suffix and NetBIOS Computer Name
14. Click OK.
15. Change Computer Name to clientxpSN (Figure 0166).
16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).

Figure 0166 : Computer Name Changes - Domain

17. Click OK.

18. Now Domain Server will prompt you for Username and Password. Enter any username
and password you have created before. (Figure 0167).

Figure 0167 : Join Domain Verification
19. If you get this welcome message : Windows : "Computer Name Changes" - Welcome to

the ....... domain"; it means you are successfully joining a domain. (Figure 0168).

Figure 0168 : Domain Welcome Message
20. Since joining a domain is a major change in the security configuration of your system,

you will be reminded that you have to restart your system. Click OK (Figure 0169).

Figure 0169 : Restart Reminder

21. You will be back in the System Properties, where you are now listed as being part of a
domain (Figure 0170).

Figure 0170 : System Properties – Computer Name
22. Click OK to close the remaining dialog boxes (Figure 0170).
23. Click YES to restart the computer. (Figure 0171).

Figure 0171 : Restart Confirmation