This post will show you how to install Active Directory schema configuration snap in for your Microsoft management console. For that you have two ways.
1. Install Windows server 2003 support tools package (supptools.msi) . It is located inyour OS CD Support\Tools directory.
ADSI Edit will be automatically installed and registered by doing that.
2. If you want to install only ADSI Edit tool copy adsiedit.dll file from support tools into %systemroot% directory (default C:\Windows) .
Then click Start>Run and type regsvr32 adsiedit.dll
Press “OK”
This post will show you how to create new computer account in active directory using command line.
Lets say, in our scenario, we want to create new computer account named “TestPC1″ in default Computers container. Also note that our domain is named “testdomain.com” in this case.
To do it open command line on your Windows server 2008 and type:
dsadd computer cn=TestPC1,cn=Computers,dc=testdomain,dc=com
This post will show how to list all Organizational Units in your domain using command line tool netdom. To list all OU in domain named “testdomain.com” type:
netdom query /d:testdomain.com OU
Note that netdom is part of Windows server 2003 support tools. They can be found on your OS CD (Support\Tools directory).
Additional Account Info addon will help you gather some usefull information about your active directory users.
User properties in AD users and computers
In order to have this add on your Windows server 2003 based active directory download “Account Lockout and Management Tools” from here .
Extract contents of the package and copy “acctinfo.dll” file to %systemroot%/system32 directory.
Then press Start > Run and type:
regsvr32 acctinfo.dll
Press OK.
Thats it, now you have additional tab under user properties in your active directory.
Open Active directory users and computers snap in and check it.
Cheers !
Quick tip for you how to find all DNS servers for your domain. Lets say that we want to list all DNS servers for domain named testdomain.lan . To do it open command line on your Windows server 2003 or Windows XP machine and type:
nslookup testdomain.lan
This post will show you how to test DNS configuration using command line on your Windows server. To do it open command line and type:
netsh diag show test
This command will perform quick network configuration test by pinging all DNS servers and gateways in your TCP/IP configuration.
Also you can test DNS by runing netdiag tool which is part of Windows Resourse Kit. To diagnose your DNS problems with this tool open command line and type:
netdiag /test:dns
This post will help you to create first domain controller in your domain. Lets say we have Windows Server 2003 named “testserver” and our task is to create first domain controller for our domain named “testdomain.lan”.
***
1 STEP – TCP/IP SETUP
***
First of all we need to asign static IP address to our future domain controller. To do it go to “Network Connections”, select Network card and open TCP/IP properties. In my example i`ll assign these values:
IP address: 10.0.0.2
Subnet mask: 255.255.255.0
Default gateway: 10.0.0.1
Preferred DNS server: 10.0.0.2
Make sure that Preferred DNS server points to your IP address:
***
2 STEP – DNS SERVICE SETUP
***
Next step is to configure DNS server for your future domain. For that press Start and click Run. Type appwiz.cpl and press OK. Click “Add/Remove Windows Components”.
In “Windows Components Wizard” windows select “Networking Services” and press “Details…”.
In “Networking Services” window check “Domain Name System (DNS)” and press OK.
Wait for DNS install to finish its work. When setup is over press Start>Programs>Administrative Tools>DNS. In DNS management right click “Forward Lookup Zones” and select “New Zone”.
Select “Primary Zone” as zone type and press “Next”. In “Zone name:” window type your domain name. In our example it is testdomain.lan.
Press “Next” two times. In “Dynamic Update” section select “Allow both nonsecure and secure updates” option and press “Next”. Press “Finish” to complete new zone creation.
After you succesfully created Forward lookup zone lets create new Reverse lookup zone for you domain. For that right click on “Reverse Lookup Zones” in DNS management and select “New zone”.
In “Zone type” section leave “Primary Zone” selected and press “Next”.
In “Reverse Lookup Zone Name” window type your network ID. It is first three octets of your network IP address. In our example it will be 10.0.0
Press “Next” two times. In “Dynamic Update” section select “Allow both nonsecure and secure updates” option and press “Next”. Press “Finish” to complete new zone creation.
DNS server configuration is completed for now and we can proceed with domain controller set up.
***
3 STEP – DCPROMO
***
Last step is to run dcpromo command to setup your domain controller. Press Start>Run, type dcpromo and press OK. Press “Next” two times until you reach “Domain controller type” section. Make sure you select “Domain controller for a new domain” as you are setting up first domain controller. Press “Next”. In next window select “Domain in a new forest” option and press “Next”.
In “New Domain name” window enter your domain name as “Full DNS name for new domain”. In our example it will be testdomain.lan :
Press “Next”. In “NetBIOS domain name” section press “Next”. In “Database and Log Folders” windows leave defaults and press “Next”. In “Shared system volume” window press “Next”. If 1 and 2 STEPS were configured correctly you`ll get similar window:
Press “Next”. In “Permissions” section leave default “Permissions compatible only with Windows 2000 or Windows server 2003 operating systems” option unless you are planing to use legacy server systems in your domain. Press “Next”.
In “Directory Services Restore Mode Administrator password” section enter password for DSRM. This mode is needed when you want to troubleshoot active directory database problems or restoring deleted AD objects. Press “Next”.
In “Summary” screen review your domain configuration one more time and press “Next” to start Active Directory creation process.
After process is over you will get following window:
Press “Finish” and restart your server. Note that after restart from now on you have option to login to newly created domain.
WELL DONE !!!
This post will show you how to change default organizational units for newly created user or computer objects in Active Directory. By default all new computer accounts are being created in OU=computers,dc=mydomain,dc=com and all new user accounts in OU=users,dc=mydomain,dc=com . In order to change default locations make sure that:
* new default OU exist in AD
* your domain functional level is “Windows server 2003″
* your PDC is online (check FSMO)
Now we will use command line tools redircmp and redirusr to perform change. Lets say you created new OU for computers named “newCmp” and OU for users named “newUsr”.
To change default location for user accounts open command line and type:
redirusr ou=newUsr,dc=yourdomain,dc=com
To change default location for computer accounts open command line and type:
redircmp ou=newCmp,dc=yourdomain,dc=com
This post will show you how to access security tab under active directory users and computers snap in. To access it open active directory users and computers snap in (Start>Run, dsa.msc) on your Windows server 2003 or Windows XP computer with admin tools installed. Then click View and select Advanced Features.
Now you`ll be able to see Security tab when you open user account properties.
This post will show you how to edit Active Directory schema to change default computer account quota. This quota controls how many computers can domain user join to AD. Lets say we want to change quota in testdomain.com domain. To change quota:
1. Open ADSI Edit in microsoft management console
2. Right click, press “Connect to…” and OK
3. Right click on “DC=testdomain,DC=com” and choose properties
4. Browse to “ms-ds-MachineAccountQuota” attribute and modify it to your desired value
This post will show you how to test Kerberos authentication between server and your domain. Note that this operation must be run on server or workstation being tested and cannot run remotely. To perform Kerberos check on domain named “testdomain.com” open command line on your Windows server 2003 and type:
netdom trust /d:testdomain.com /verify /kerberos
Note that netdom is part of Windows server 2003 support tools. They can be found on your OS CD (Support\Tools directory) .
This post will show how to verify domain trust relationship in one-way and two-way trust cases. Lets say we have testdomain1.com and testdomain2.com domains with one-way trust established. To verify one-way domain trust open command line on your Windows server 2003 and type:
netdom trust /d:testdomain1.com testdomain2.com /verify
If we have two-way trust established to verify it type:
netdom trust /d:testdomain1.com testdomain2.com /verify /twoway
Note that netdom is part of Windows server 2003 support tools. They can be found on your OS CD (Support\Tools directory) .
