Recently, there is a question about password complexity in Windows 2008 Domain.
Windows 2008 is disabled by default and domain is enabled by default.
Now, the complextiy means:
1) Passwords must contain characters from three of the following four categories:
a. English uppercase characters (A through Z).
b. English lowercase characters (a through z).
c. Base 10 digits (0 through 9).
d. Non-alphabetic characters (for example, !, $, #, %).
It is smart enough to get three out of four...it puzzled me for a while.
Showing posts with label Active Directory. Show all posts
Showing posts with label Active Directory. Show all posts
Tuesday, March 17, 2009
Sunday, April 6, 2008
Windows 2008 - Setup your first Domain Controller
Same in Windows 2000 and 2003, Active Directory is also be able to setup in Windows Server 2008.
In Windows Server 2008, there are more features in AD, eg: RODC +++ which we will covers more in this blog.
In this session, we would like to share on setting up your first Active Directory for Windows Server 2008.
Before setting up AD, please ensure:
1) You already configured a static IP for your NIC
2) Given a meaningful name to the computer, knowing your domain name to assign
3) An available DNS server (Can be the same server as the AD)
4) ADDS role installed in that particular server to shorten the time for the installation.
Once those mentioned things done, what you need to do is just click Start-> Run -> DCPROMO
Attached the video for you guys to enjoy.
In Windows Server 2008, there are more features in AD, eg: RODC +++ which we will covers more in this blog.
In this session, we would like to share on setting up your first Active Directory for Windows Server 2008.
Before setting up AD, please ensure:
1) You already configured a static IP for your NIC
2) Given a meaningful name to the computer, knowing your domain name to assign
3) An available DNS server (Can be the same server as the AD)
4) ADDS role installed in that particular server to shorten the time for the installation.
Once those mentioned things done, what you need to do is just click Start-> Run -> DCPROMO
Attached the video for you guys to enjoy.
Saturday, April 5, 2008
Setting up DC roles in Server Core
One of the new features in Windows 2008 is Server Core - the "thin" layer of Windows operating system which bring benefits of:
1) Less resource hungry
2) More secure
3) Easier to manage (Patch management+++)
Yes, it is in a command shell, but still be able to do major and cools stuff, eg:
1) Domain Controller
2) DNS
3) Hyper-V
4) File Services
5) DHCP and more.
Its definately a great deals for branch office deployment.
However, after setting up Server Core, its only a command shell. How are we going to setup a DC?
In this post, we will like to share:
First of all, we will need to configure the IP Address and put in DNS configuration:
netsh int ip show config will show you the existing configuration.
To configure static IP address on an interface:
netsh int ip set addressstatic
eg: netsh int ip set address "Local Area Connection" static 10.10.100.10 255.255.255.0 10.10.100.254 1
To configure DNS server: (let say pointing DNS to HQ DNS server)
set dnsserver "Local Area Connection" static 10.10.10.10 primary
After configure TCP/IP configuration, its the time to install AD.
Since this is Server Core, DCPROMO GUI will not prompt for you. You will need to prepare the answer file.
NOTE: Please ensure you make ness testing before the deployment. In this scenario, we are setting up additional DC (With same forest, domain with existing AD setup. This is a replica).
EG of the answer file
; dcpromo.exe /unattend:C:\AdditionalDC.txt
; You may need to fill in password fields prior to using the unattend file.
; If you leave the values for "Password"
; as "*", then you will be asked for credentials
[DCInstall]
ReplicaDomainDNSName=MyDomain.local
SiteName=Default-First-Site-Name
InstallDNS=No
ConfirmGc=Yes
CreateDNSDelegation=No
UserDomain=MyDomain.local
UserName=MyDomain\administrator
Password=*
DatabasePath="C:\Windows\NTDS"
LogPath="C:\Windows\NTDS"
SYSVOLPath="C:\Windows\SYSVOL"
SafeModeAdminPassword=MyP@ss123
; Run-time flags (optional)
; CriticalReplicationOnly=Yes
; RebootOnCompletion=Yes
Copy After theand before the . Save it into a file, eg: MyUnattend.txt in to the ServerCore C:\
Then you will need to run the following command to setup the additional DC replica in Server Core:
c:\dcpromo /unattend:MyUnattend.txt
You will then see the results. Happy DCing.
1) Less resource hungry
2) More secure
3) Easier to manage (Patch management+++)
Yes, it is in a command shell, but still be able to do major and cools stuff, eg:
1) Domain Controller
2) DNS
3) Hyper-V
4) File Services
5) DHCP and more.
Its definately a great deals for branch office deployment.
However, after setting up Server Core, its only a command shell. How are we going to setup a DC?
In this post, we will like to share:
First of all, we will need to configure the IP Address and put in DNS configuration:
netsh int ip show config will show you the existing configuration.
To configure static IP address on an interface:
netsh int ip set address
eg: netsh int ip set address "Local Area Connection" static 10.10.100.10 255.255.255.0 10.10.100.254 1
To configure DNS server: (let say pointing DNS to HQ DNS server)
set dnsserver "Local Area Connection" static 10.10.10.10 primary
After configure TCP/IP configuration, its the time to install AD.
Since this is Server Core, DCPROMO GUI will not prompt for you. You will need to prepare the answer file.
NOTE: Please ensure you make ness testing before the deployment. In this scenario, we are setting up additional DC (With same forest, domain with existing AD setup. This is a replica).
EG of the answer file
; You may need to fill in password fields prior to using the unattend file.
; If you leave the values for "Password"
; as "*", then you will be asked for credentials
[DCInstall]
ReplicaDomainDNSName=MyDomain.local
SiteName=Default-First-Site-Name
InstallDNS=No
ConfirmGc=Yes
CreateDNSDelegation=No
UserDomain=MyDomain.local
UserName=MyDomain\administrator
Password=*
DatabasePath="C:\Windows\NTDS"
LogPath="C:\Windows\NTDS"
SYSVOLPath="C:\Windows\SYSVOL"
SafeModeAdminPassword=MyP@ss123
; Run-time flags (optional)
; CriticalReplicationOnly=Yes
; RebootOnCompletion=Yes
Copy After the
Then you will need to run the following command to setup the additional DC replica in Server Core:
c:\dcpromo /unattend:MyUnattend.txt
You will then see the results. Happy DCing.
Friday, October 26, 2007
Removing Domain Services in Windows 2008
To remove Windows 2008 ADS, basically, the concept is still the same, ensure that this is not a certificate authority, GC. Perform a backupu before you are doing so. However, if you are running this on a lab and would like to wipe it off, just click Run, dcpromo. Its the same command in Windows 2003.
W2K8 will then check on if you have ADS installed.
Select "Delete all application directory..." if you want to delete the application partition, click Next.
W2K8 will then check on if you have ADS installed.
Once detected, the ADDS installation Wizard will then start.
When you click next, and if this is the GC, it will then prompt for your attention.
If this is the last DC like mine, click on "Delete the domain because the Server...", Click Next.
Select "Delete all application directory..." if you want to delete the application partition, click Next.
Key in the passowrd for the administrator when the machine boot up.
Review the summary, click Next. One thing good about Windows 2008,you will be able to export the steps configured to a file, which you can use in the future, with the same configuration setup.
After click Next, check on reboot if the instalaltion wizard is done or just leave it if you would like to restart manually.
Thats it.
Wednesday, July 25, 2007
Active Directory Service Server Roles
Guys, a share on Windows 2008 Active Directory - you can now break down to roles, just setup whatever you need for Directory Services. Below are the breakdown. We will share more, this is only intro :)
ADCS (Active Directory Certificate Services)
This server role enables creation and management of digitalcertificates for users, computers, and organizationsas part of a public key infrastructure.
ADDS (Active Directory Domain Services)
It's functionality has been carried forward into Windows Server 2008, along with an improved setup wizard. This also provide new management options for ADDS features such as read-only domain controllers (RODCs) - the hot topic in Windows 2008 AD.
ADFS (Active Directory Federation Services)
A feature that provides an identity access solution giving browser-based clients (inside or outside your network) single sign-on access to protected, Internet-facing applications.
ADLDS (Active Directory Lightweight Directory Services)
A LDAP directory service provide the functionality that was provided byActive Directory Application Mode (ADAM), and provides data storage and retrieval for directory enabled applications, without the dependencies thatare required for ADDS. It also do not store security principle, which store by ADDS.
ADRMS (Active Directory Rights Management Services)
Works with Rights Management Services applications to help safeguard digital information from unauthorized use. Organization can define exactly how a recipientcan use the information, such as who can open, modify, print, forward, or take other actions with the information. It can be applied directly to information such as financial reports, customer data, and e-mail messages!
RODC (Read Only Domain Controller)
A new type of domain controller in the Windows Server 2008 operating system. With an RODC, organizations can easily deploya domain controller in locations where physical security cannot be guaranteed. This solved lots of issues where we consult/discuss with our customer, which do not have security in branches offices. An RODC hosts a read-only replica of the database in Active Directory Domain Services (AD DS) for a given domain. The RODC is also capable of running the Global Catalog Role! Cool huh? We will focus only to RODC in next few postings.
Happy Reading.
ADCS (Active Directory Certificate Services)
This server role enables creation and management of digitalcertificates for users, computers, and organizationsas part of a public key infrastructure.
ADDS (Active Directory Domain Services)
It's functionality has been carried forward into Windows Server 2008, along with an improved setup wizard. This also provide new management options for ADDS features such as read-only domain controllers (RODCs) - the hot topic in Windows 2008 AD.
ADFS (Active Directory Federation Services)
A feature that provides an identity access solution giving browser-based clients (inside or outside your network) single sign-on access to protected, Internet-facing applications.
ADLDS (Active Directory Lightweight Directory Services)
A LDAP directory service provide the functionality that was provided byActive Directory Application Mode (ADAM), and provides data storage and retrieval for directory enabled applications, without the dependencies thatare required for ADDS. It also do not store security principle, which store by ADDS.
ADRMS (Active Directory Rights Management Services)
Works with Rights Management Services applications to help safeguard digital information from unauthorized use. Organization can define exactly how a recipientcan use the information, such as who can open, modify, print, forward, or take other actions with the information. It can be applied directly to information such as financial reports, customer data, and e-mail messages!
RODC (Read Only Domain Controller)
A new type of domain controller in the Windows Server 2008 operating system. With an RODC, organizations can easily deploya domain controller in locations where physical security cannot be guaranteed. This solved lots of issues where we consult/discuss with our customer, which do not have security in branches offices. An RODC hosts a read-only replica of the database in Active Directory Domain Services (AD DS) for a given domain. The RODC is also capable of running the Global Catalog Role! Cool huh? We will focus only to RODC in next few postings.
Happy Reading.
Subscribe to:
Posts (Atom)
