This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Reference LAB Book
TA201: LAB Active Directory Professional Implementation
ขอบคุณพ่ีนองทีมงาน TA จาก CSI Groups ที่เสียสละเวลามาชวยอํานวยการสอน..มาดวยใจโดยไมหวังผลตอบแทน...........รายชื่อดานบนอะครับ
ขอบคุณทีมงานไทยแอดมินที่อยูเบ้ืองหลงัทุกทานโดยเฉพาะพ่ีดอท....ที่มุงมั่นกระจายความรูในวงการ IT และเปนแรงบันดาลใจในการเกิดเทรนนี่งครัง้นี้ ............ทายสุด
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ii
Table of Contents LAB 1: Professional Install and Design Windows 2003 infrastructure .................................................................................... 1
1.4.1 step 1: Single Domain (Root Domain) ............................................................................................... 3 Verify Status of Domain Controller.................................................................................................................20 Recommend Add-On after install...................................................................................................................20 Checklist Additional Domain (From System State) ...............................................................................................21 Table 2 Checklist of Additional Domain (from System state) ทํา additional โดยใช System state ............................................21
ทํา additional โดยใช System state ................................................................................................................22 AT AD 01 ............................................................................................................................................23 AT AD 02 ............................................................................................................................................24 AT AD 01 ............................................................................................................................................25 AT AD 02 ............................................................................................................................................25 ทําการสราง Secondary DNS ......................................................................................................................34
LAB 2: (DNS, WINS, DHCP, AD Database) management and Network Configuration ................................................................80 2.1 Domain Name System (DNS) ................................................................................................................80
2.2 Windows Internet Name Service (WINS) ..................................................................................................102 2.2.1 Scenario .............................................................................................................................102 แอดมินจะทําการ setup ใหเครื่อง AD03 ใหบริการ windows internet name service หรือ WINS ใหกับเครื่อง client2 ดังรูป .....102 2.2.2 Checklist.............................................................................................................................103 2.2.3 Step Guide ..........................................................................................................................103
4.3 ข้ันตอนการ Recovery Root Domain Controller...........................................................................................133 4.3.1 Unplug all network cable ...........................................................................................................133 4.3.2 Select the server to be restored. ..................................................................................................133 4.3.3 Restore system state with force primary restore option. .........................................................................133 4.3.4 Edit Registry, modify blurFlags to “D4”............................................................................................139 4.3.5 Verify RPC Client Protocols configuration in Registry............................................................................142 4.3.6 Recreate Junction point for SYSVOL .............................................................................................143 4.3.7 Restart Computer ...................................................................................................................145 4.3.8 Check DNS Zone ...................................................................................................................146 4.3.9 Check “SYSVOL” and “NETLOGON” should be shared .........................................................................146 4.3.10 Disable Global Catalog .............................................................................................................147 4.3.11 Remove damaged servers .........................................................................................................151 4.3.12 Raise RIDAvaliablePool ............................................................................................................157 4.3.13 Check FSMO Roles ................................................................................................................165 4.3.14 Seize FSMO ........................................................................................................................166 4.3.15 Reset Computer Account of Domain controller 2 times..........................................................................166 4.3.16 Reset Password “Krbtgt” 2 times ..................................................................................................167 4.3.17 Enable GC ..........................................................................................................................169 4.3.18 Clear all logs in Event Viewer and Restart .......................................................................................169 4.3.19 Check “dcdiag” Result ..............................................................................................................169 4.3.20 Check EventViewer log.............................................................................................................170
4.4 ข้ันตอนการ Recovery Child Domain Controller ..........................................................................................170 4.4.1 Select the server to be restored ...................................................................................................170
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
iv
List of Figures Figure 1 Active Directory Infrastructure ........................................................................................................................ 1 Figure 2 Roadmap for DCpromo ............................................................................................................................... 2 Figure 3 Networking Service component ...................................................................................................................... 3 Figure 4 Install DNS server Service ............................................................................................................................ 4 Figure 5 : Access to DNS Console in Administrative Tools .................................................................................................. 4 Figure 6 Use DNS console to create new zone ............................................................................................................... 5 Figure 7 Welcome to New Zone Wizard ....................................................................................................................... 5 Figure 8 Zone name............................................................................................................................................. 6 Figure 9 Zone File ............................................................................................................................................... 6 Figure 10 Dynamic update ...................................................................................................................................... 7 Figure 11 Create Reverse lookup zone with DNS Console .................................................................................................. 7 Figure 12 Welcome to New Zone Wizard...................................................................................................................... 8 Figure 13 Zone Type ............................................................................................................................................ 8 Figure 14 Reverse Lookup Zone Name........................................................................................................................ 9 Figure 15 Dynamic Update ..................................................................................................................................... 9 Figure 16 Create PTR Record .................................................................................................................................10 Figure 17 Specify information for PTR Record ...............................................................................................................10 Figure 18 Registery DNS Record .............................................................................................................................11 Figure 19 Register DNS Suffix.................................................................................................................................11 Figure 20 DNS Console After Reboot.........................................................................................................................12 Figure 21 Start “DCPromo .....................................................................................................................................12 Figure 22 Welcome to Active Directory Installation Wizard..................................................................................................13 Figure 23 Operating System Compatibility....................................................................................................................13 Figure 24 Domain Controller Type ............................................................................................................................14 Figure 25 Create New Domain ................................................................................................................................14 Figure 26 New Domain Name .................................................................................................................................15 Figure 27 NetBIOS Domain Name ............................................................................................................................15 Figure 28 Database and Log Folders .........................................................................................................................16 Figure 29 Shared System Volume ............................................................................................................................16 Figure 30 DNS Registration Diagnostics......................................................................................................................17 Figure 31 Permissions .........................................................................................................................................17 Figure 32 Directory Services Restore mode Administrator Password ......................................................................................18 Figure 33 Summary ............................................................................................................................................18 Figure 34 Installation Progress ................................................................................................................................19 Figure 35 Completing the Active Directory Installation Wizard ..............................................................................................19 Figure 36 DNS Console After reboot..........................................................................................................................20 Figure 37 Schema Management Console ....................................................................................................................21 Figure 38 Using NT backup to backup system state.........................................................................................................22 Figure 39 DNS zone properties................................................................................................................................23 Figure 40 Register DNS suffix .................................................................................................................................24 Figure 41 Forward Lookup Zone ..............................................................................................................................25
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v
Figure 42 Catalog File with NT Backup .......................................................................................................................25 Figure 43 Restore Catalog File ................................................................................................................................26 Figure 44 Step Restoring ......................................................................................................................................27 Figure 45 Promote Advance Active directory .................................................................................................................27 Figure 46 Configuring Additional Domain .....................................................................................................................28 Figure 47 Browse Restore System State .....................................................................................................................28 Figure 48 Setting GC on Additional domain ..................................................................................................................29 Figure 49 Setting Network Credentials........................................................................................................................29 Figure 50 Changing domain membership.....................................................................................................................30 Figure 51 Login domain ........................................................................................................................................30 Figure 52 Checking GUID for DNS............................................................................................................................31 Figure 53 Checking automatic generated .....................................................................................................................31 Figure 54 Checking Using Replicate Now ....................................................................................................................32 Figure 55 Checking replicate result ...........................................................................................................................32 Figure 56 Query FSMO by using netdom cmd ...............................................................................................................33 Figure 57 Setting Zone Transfers .............................................................................................................................34 Figure 58 New Forward Lookup Zone ........................................................................................................................35 Figure 59 Choose zone type...................................................................................................................................35 Figure 60 Create zone name ..................................................................................................................................36 Figure 61 Configure Master DNS server......................................................................................................................36 Figure 62 After Configure DNS server ........................................................................................................................37 Figure 63 Transfer row .........................................................................................................................................37 Figure 64 Changing Operation Masters role..................................................................................................................38 Figure 65 Changing Operation Masters role..................................................................................................................39 Figure 66 Changing Domain Controller .......................................................................................................................40 Figure 67 Query FSMO by using netdom cmd ...............................................................................................................41 Figure 68 Check time diff cmd.................................................................................................................................42 Figure 69 Stop sync time service..............................................................................................................................42 Figure 70 Stop sync time service..............................................................................................................................43 Figure 71 Step Client sync time with server ..................................................................................................................43 Figure 72 Check DNS Configuration ..........................................................................................................................44 Figure 73 Checking DNS Suffix ...............................................................................................................................45 Figure 74 Checking Computer name..........................................................................................................................45 Figure 75 Check primary DNS Suffix..........................................................................................................................46 Figure 76 Check CM Folder ...................................................................................................................................46 Figure 77 Promote Active Directory ...........................................................................................................................47 Figure 78 Choose new domain controller .....................................................................................................................47 Figure 79 Create Child domain ................................................................................................................................48 Figure 80 Configuration Network Credentials.................................................................................................................48 Figure 81 Configuration domain name ........................................................................................................................49 Figure 82 Configuration NetBIOS name ......................................................................................................................49 Figure 83 Setting Active directory Configuring ...............................................................................................................50 Figure 84 Finish Promote Active directory ....................................................................................................................50 Figure 85 Checking File configuration.........................................................................................................................51 Figure 86 Query FSMO by using netdom cmd ...............................................................................................................52
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
vi
Figure 87 Choose Directory Services Restore Mode ........................................................................................................52 Figure 88 Choose Windows Server 2003, Standard .........................................................................................................53 Figure 89 Maintenance Database .............................................................................................................................53 Figure 90 Checking File configuration.........................................................................................................................54 Figure 91 Stop service FRS ...................................................................................................................................56 Figure 92 Run adsiedit.msc ....................................................................................................................................56 Figure 93 Check AD03 Domain ...............................................................................................................................57 Figure 94 Reconfiguration Frsrootpath ........................................................................................................................57 Figure 95 Reconfiguration Frsstagingpath ....................................................................................................................58 Figure 96 Edit Regedit key string..............................................................................................................................58 Figure 97 Edit BlurFlags registry key..........................................................................................................................59 Figure 98 Run secedit cmd ....................................................................................................................................59 Figure 99 Reconfiguration junction point ......................................................................................................................60 Figure 100 Check path file .....................................................................................................................................60 Figure 101 Check Event log ...................................................................................................................................61 Figure 102 Check state using net share ......................................................................................................................61 Figure 103 Create Primary Zone ..............................................................................................................................62 Figure 104 Configuration Zone name .........................................................................................................................63 Figure 105 Configuration Zone file ............................................................................................................................63 Figure 106 Configuration Dynamic update....................................................................................................................64 Figure 107 Finish create zone .................................................................................................................................64 Figure 108 Configuration stub zone ...........................................................................................................................65 Figure 109 Configuration Zone name .........................................................................................................................65 Figure 110 Configuration Zone file ............................................................................................................................66 Figure 111 Configuration Master DNS Server ................................................................................................................66 Figure 112 Check DNS Zone ..................................................................................................................................67 Figure 113 Check DNS ........................................................................................................................................67 Figure 114 Check DNS suffix..................................................................................................................................68 Figure 115 Check Computer name............................................................................................................................68 Figure 116 Check Primary DNS suffix ........................................................................................................................69 Figure 117 Configuration Stub Zone ..........................................................................................................................70 Figure 118 Configuration Zone name .........................................................................................................................70 Figure 119 Configuration Zone file ............................................................................................................................71 Figure 120 Configuration Master DNS Zone..................................................................................................................71 Figure 121 Promote Domain ...................................................................................................................................72 Figure 122 Configuration Network Credentials ...............................................................................................................72 Figure 123 Configuration Zone name .........................................................................................................................73 Figure 124 Configuration NetBIOS domain name ............................................................................................................73 Figure 125 Dialog box show error .............................................................................................................................74 Figure 126 Configuration SEIZE Step.........................................................................................................................75 Figure 127 Configuration SEIZE command ...................................................................................................................75 Figure 128 Promote domain tree ..............................................................................................................................76 Figure 129 Check AD forest ...................................................................................................................................76 Figure 130 Domain Structure ..................................................................................................................................76 Figure 131 Clean System ......................................................................................................................................78
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
vii
Figure 132 Clean Active Directory Data ......................................................................................................................79 Figure 133 Structure of Domain Name System ..............................................................................................................80 Figure 134 step guide for install DNS service component (step 1) ........................................................................................81 Figure 135 step guide for install DNS service component (step 2) .........................................................................................81 Figure 136 step guide for install DNS service component (step 3) .........................................................................................82 Figure 137 step guide for install DNS service component (step 4) ........................................................................................82 Figure 138 step guide for install DNS service component (step 5) ........................................................................................83 Figure 139 step การสราง Primary Zone ใน Forward lookup zone (step 1) ...............................................................................83
Figure 140 step การสราง Primary Zone ใน Forward lookup zone (step 2) ...............................................................................84
Figure 141 step การสราง Primary Zone ใน Forward lookup zone (step 3) ...............................................................................84
Figure 142 step การสราง Primary Zone ใน Forward lookup zone (step 4) ...............................................................................85
Figure 143 step การสราง Primary Zone ใน Forward lookup zone (step 5) ...............................................................................85
Figure 144 step การสราง Primary Zone ใน Forward lookup zone (step 6) ...............................................................................86
Figure 145 step การสราง Primary Zone ใน Forward lookup zone (step 7) ...............................................................................86
Figure 146 step การสราง Primary Zone ใน Forward lookup zone (step 8) ...............................................................................87
Figure 147 step การสราง Primary Zone ใน Forward lookup zone (step 9) ...............................................................................87
Figure 148 step การสราง Primary Zone ใน Forward lookup zone (step 10)..............................................................................88
Figure 149 step การสราง Primary Zone ใน Reverse lookup zone (step 1) ...............................................................................88
Figure 150 step การสราง Primary Zone ใน Reverse lookup zone (step 2) ..............................................................................89
Figure 151 step การสราง Primary Zone ใน Reverse lookup zone (step 3) ...............................................................................89
Figure 152 step การสราง Primary Zone ใน Reverse lookup zone (step 4) ..............................................................................90
Figure 153 step การสราง Primary Zone ใน Reverse lookup zone (step 5) ..............................................................................90
Figure 154 step การสราง Primary Zone ใน Reverse lookup zone (step 6) ..............................................................................91
Figure 155 step การสราง Primary Zone ใน Reverse lookup zone (step 7) ..............................................................................91
Figure 156 step การสราง Primary Zone ใน Reverse lookup zone (step 8) ..............................................................................92
Figure 157 step การสราง Secondary Zone (step 1). ........................................................................................................92
Figure 158 step การสราง Secondary Zone (step 2). ........................................................................................................93
Figure 159 step การสราง Secondary Zone (step 3). ........................................................................................................93
Figure 160 step การสราง Secondary Zone (step 4). ........................................................................................................94
Figure 161 step การสราง Secondary Zone (step 5). ........................................................................................................94
Figure 162 step การสราง Secondary Zone (step 6). ........................................................................................................95
Figure 163 step การสราง Secondary Zone (step 7). ........................................................................................................95
Figure 164 step การสราง Secondary Zone (step 8). ........................................................................................................96
Figure 165 step การสราง Secondary Zone (step 9). ........................................................................................................96
Figure 166 step การสราง Stub Zone (step 1)................................................................................................................97
Figure 167 step การสราง Stub Zone (step 2)................................................................................................................97
Figure 168 step การสราง Stub Zone (step 3)................................................................................................................98
Figure 169 step การสราง Stub Zone (step 4)................................................................................................................98
Figure 170 step การสราง Stub Zone (step 5)................................................................................................................99
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
viii
Figure 171 step การสราง Stub Zone (step 6)................................................................................................................99
Figure 172 step การสราง Stub Zone (step 7)..............................................................................................................100
Figure 173 step การสราง Stub Zone (step 8)..............................................................................................................100
Figure 174 step การสราง Stub Zone (step 9)..............................................................................................................101
Figure 175 step การสราง Stub Zone (step 10). ...........................................................................................................101
Figure 176 step การสราง Stub Zone (step 11). ...........................................................................................................102 Figure 177 scenario of WINS server with client ............................................................................................................102 Figure 178 step guide for install WINS service component (step 1) .....................................................................................103 Figure 179 step guide for install WINS service component (step 2) .....................................................................................103 Figure 180 step guide for install WINS service component (step 3) .....................................................................................104 Figure 181 step guide for install WINS service component (step 4) .....................................................................................104 Figure 182 step guide for install WINS service component (step 5) .....................................................................................105 Figure 183 step guide for install WINS service component (step 6) .....................................................................................105 Figure 184 step guide for setup WINS at client (step 1) ..................................................................................................106 Figure 185 step guide for setup WINS at client (step 2) ..................................................................................................106 Figure 186 step guide for setup WINS at client (step 3) ..................................................................................................106 Figure 187 step guide for setup WINS at client (step 4) ..................................................................................................107 Figure 188 step guide for setup WINS at client (step 5) ..................................................................................................107 Figure 189 step guide for setup WINS at client (step 6) ..................................................................................................108 Figure 190 step guide for setup WINS at client (step 7) ..................................................................................................108 Figure 191 step guide for Display WINS Console at AD03 (step 1) .....................................................................................109 Figure 192 step guide for Display WINS Console at AD03 (step 2) .....................................................................................109 Figure 193 step guide for Display WINS Console at AD03 (step 3) .....................................................................................110 Figure 194 step guide for Display WINS Console at AD03 (step 4) .....................................................................................110 Figure 195 Scenario for DHCP Lab .........................................................................................................................111 Figure 196 step guide for install DHCP service component (step 1).....................................................................................112 Figure 197 step guide for install DHCP service component (step 2).....................................................................................112 Figure 198 step guide for install DHCP service component (step 3).....................................................................................113 Figure 199 step guide for install DHCP service component (step 4).....................................................................................113 Figure 200 step guide for install DHCP service component (step 5).....................................................................................114 Figure 201 step guide for create scope (step 1) ..........................................................................................................114 Figure 202 step guide for create scope (step 2) ..........................................................................................................115 Figure 203 step guide for create scope (step 3) ..........................................................................................................115 Figure 204 step guide for create scope (step 4) ..........................................................................................................116 Figure 205 step guide for create scope (step 5) ..........................................................................................................116 Figure 206 step guide for create scope (step 6) ..........................................................................................................117 Figure 207 step guide for create scope (step 7) ..........................................................................................................117 Figure 208 step guide for create scope (step 8) ..........................................................................................................118 Figure 209 step guide for create scope (step 9) ..........................................................................................................118 Figure 210 step guide for create scope (step 10) .........................................................................................................119 Figure 211 step guide for create scope (step 11) .........................................................................................................119 Figure 212 step guide for create scope (step 12) .........................................................................................................120 Figure 213 step guide for create scope (step 13) .........................................................................................................120 Figure 214 step guide for create scope (step 14) .........................................................................................................121
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 224 เลือก File system state ท่ีตองการ .............................................................................................................137
Figure 225 เริ่มตนการ Restore System state ..............................................................................................................138 Figure 226 Confirm Restore system state ..................................................................................................................138 Figure 227 Advanced Option of ntbackup ..................................................................................................................138 Figure 228 Mark Primary restore of the system state......................................................................................................139 Figure 229 Confirm Restore .................................................................................................................................139 Figure 230 เรียกใชงาน Registry Editing Tool (Regedit) ...................................................................................................139
Figure 239 ตรวจสอบ Junction point ของ Sysvol .........................................................................................................144
Figure 240 Junction point ท่ีถูกตองของ c:\windows\sysvol\sysvol\<DNS domain name> ..............................................................144
Figure 241 ตรวจสอบ Junction point ของ staging Areas .................................................................................................144
Figure 242 Junction point ท่ีถูกตองของ C:\Windows\Sysvol\staging area\<DNS domain name>......................................................145
Figure 243 TCP/IP Configuration หลังจาก Restore System State........................................................................................145
Figure 244 DNS Zone หลังจาก Restore System State...................................................................................................146
Figure 250 Active Directory Site and Services Console ท่ี Add snap-ins เขามา ........................................................................149
Figure 251 Properties ของ AD02 ใน Active Directory Site and Services Console .....................................................................150
Figure 252 เอา Check mark ของ Global Catalog ออก ...................................................................................................151
Figure 299 การ Enable Advanced Features ใน Active Directory Users and Computers...............................................................167
Figure 300 User krbtgt ใน Users container................................................................................................................167
Figure 301 Reset password ของ user krbtgt ..............................................................................................................168
Figure 302 กรอก password ของ User krbtgt..............................................................................................................168
Figure 303 Reset password ของ User krbtgt เสร็จเรียบรอย ............................................................................................168
Figure 304 ผลการ dcdiag เม่ือทําการกู AD ครบถวนท้ัง Root และ child แลว.........................................................................170 Figure 305 step guide for install GPMC (step 1) ..........................................................................................................172 Figure 306 step guide for install GPMC (step 2) ..........................................................................................................172 Figure 307 step guide for install GPMC (step 3) ..........................................................................................................173 Figure 308 step guide for Create OU and user account at AD03 (step 1) ..............................................................................173 Figure 309 step guide for Create OU and user account at AD03 (step 2) ..............................................................................174 Figure 310 step guide for Create OU and user account at AD03 (step 3) ..............................................................................174 Figure 311 step guide for Create OU and user account at AD03 (step 4) ..............................................................................175 Figure 312 step guide for Create OU and user account at AD03 (step 5) ..............................................................................175 Figure 313 step guide for Create OU and user account at AD03 (step 6) ..............................................................................176 Figure 314 step guide for Create OU and user account at AD03 (step 7) ..............................................................................176 Figure 315 step guide for Create OU and user account at AD03 (step 8) ..............................................................................177 Figure 316 step guide for Prepare installer ppviewer.msi (step 1) .......................................................................................177 Figure 317 step guide for Prepare installer ppviewer.msi (step 2) .......................................................................................178 Figure 318 step guide for Setup GPO-deploy software (step 1) .........................................................................................178 Figure 319 step guide for Setup GPO-deploy software (step 2) .........................................................................................179 Figure 320 step guide for Setup GPO-deploy software (step 3) .........................................................................................179 Figure 321 step guide for Setup GPO-deploy software (step 4) .........................................................................................179 Figure 322 step guide for Setup GPO-deploy software (step 5) .........................................................................................180 Figure 323 step guide for Setup GPO-deploy software (step 6) .........................................................................................180 Figure 324 step guide for Setup GPO-deploy software (step 7) .........................................................................................181 Figure 325 step guide for Setup GPO-deploy software (step 8) .........................................................................................181 Figure 326 step guide for Setup GPO-deploy software (step 9) .........................................................................................182 Figure 327 step guide for Setup GPO-deploy software (step 10) ........................................................................................182 Figure 328 step guide for Setup GPO-deploy software (step 11) ........................................................................................183 Figure 329 step guide for Test client GPO-deploy software (step 1)....................................................................................183 Figure 330 step guide for Test client GPO-deploy software (step 2)....................................................................................184 Figure 331 step guide for Test client GPO-deploy software (step 3)....................................................................................184
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
xii
List of Tables Table 1 Checklist of Single Domain ............................................................................................................................ 3 Table 2 Checklist of Additional Domain (from System state) ................................................................................................21 Table 3 Checklist of Child Domain ............................................................................................................................44 Table 4 Checklist of DNS Structure ...........................................................................................................................80 Table 5 Checklist of Setup WINS Server ...................................................................................................................103 Table 6 Checklist of DHCP ..................................................................................................................................111 Table 7 Configurations ของ AD01 ..........................................................................................................................125
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 1 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
LAB 1: Professional Install and Design Windows 2003 infrastructure
1.1 Scenario
Figure 1 Active Directory Infrastructure
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 2 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
1.2 Road Map for Command “DCPROMO”
Figure 2 Roadmap for DCpromo
1
1
2
3
4
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 3 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
1.3 Checklist Single Domain (Root Domain) Result Step
Success Failure 1. Add DNS Service. 2. Create DNS Zone Forward and Reverse Zone 3. Register DNS Record 4. Register DNS Suffix 5. Promote Server to Domain Controller. (DCPROMO) 6. Verify status after install Domain Controller 7. Setup Support Tools. 8. Setup Resource Kit Tools. 9. Install Recovery Console. 10. Register Schema Console.
Table 1 Checklist of Single Domain
1.4 Step guide LAB 1
1.4.1 step 1: Single Domain (Root Domain) 1) On AD01 Add DNS Services
Install DNS Server Service v Enter to Networking Service component
Figure 3 Networking Service component
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 4 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 4 Install DNS server Service
v Open DNS console (start > program > Administrative tools > DNS)
Figure 5 : Access to DNS Console in Administrative Tools
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 5 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Create new forward lookup zone v Right click at “Forward lookup zone” and select “new zone”
Figure 6 Use DNS console to create new zone
v Click Next
Figure 7 Welcome to New Zone Wizard
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 6 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Enter domain DNS name and click “Next”
Figure 8 Zone name
v Select file name to store zone information
Figure 9 Zone File
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 7 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Select allow nonsecure and secure
Figure 10 Dynamic update
Create Reward lookup zone
Figure 11 Create Reverse lookup zone with DNS Console
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 8 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Create Newzone
Figure 12 Welcome to New Zone Wizard
v Select Primary
Figure 13 Zone Type
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 9 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Fill network address
Figure 14 Reverse Lookup Zone Name
v Allow Dynamic update
Figure 15 Dynamic Update
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 10 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Create new point (PTR)
Figure 16 Create PTR Record
v Select forward lookup zone
Figure 17 Specify information for PTR Record
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 11 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Register DNS Record
Figure 18 Registery DNS Record
v Register DNS Suffix
Figure 19 Register DNS Suffix
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 12 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v After reboot check DNS record:
Figure 20 DNS Console After Reboot
v Setup DC server by Command “dcpromo”
Figure 21 Start “DCPromo
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 13 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Stating Active Directory Installation Wizard
Figure 22 Welcome to Active Directory Installation Wizard
v Click Next
Figure 23 Operating System Compatibility
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 14 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Select “Domain controller v Seelct “domain controller for a new domain”
Figure 24 Domain Controller Type
v Select new domain in new forest
Figure 25 Create New Domain
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 15 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Fill DNS full name then Click Next
Figure 26 New Domain Name
v Click next
Figure 27 NetBIOS Domain Name
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 16 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Can change DB and log file location.
Figure 28 Database and Log Folders
v Can change SYSVOL Folder location (Default limit at 630 MB ;
Can modify registry up to 2 TB)
Figure 29 Shared System Volume
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 17 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Click Next
Figure 30 DNS Registration Diagnostics
v Select permission
Figure 31 Permissions
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 18 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 19 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Installation In progress
Figure 34 Installation Progress
v Finish Installation and reboot Server.
Figure 35 Completing the Active Directory Installation Wizard
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 20 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
v Check DNS Service for DNS console
Figure 36 DNS Console After reboot
v Verify Status of DNS Server
Verify Status of Domain Controller Verify Status of Domain controller
AD Database (C:\WINDOWS\NTDS\ntds.dit) SYSVOL / NETLOGON (Check Shared status) Administrative Tools (Test Open Every Console) DNS Record(on 2003 Server)= 6 Folder (_msdcs , _sites , _tcp , _udp , DomainDNSZone , ForestDNSZone)
Logs Checked box for GC on "Administrative tools > Active Directory Sites and Services"
Recommend Add-On after install.
Install Support Tools (CD windows 2003 SVR). Install Recovery console.
v \i386\ winnt32.exe /cmdcons Install Resource kit tools.
v Download Install Add lib for Schema master run following command >> Regsvr32 schmmgmt.dll
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 21 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Open Active directory schema >> run > mmc > add snap in “Active directory schema”
Figure 37 Schema Management Console
View Operation master by following command >> netdom query fsmo
Checklist Additional Domain (From System State) Result Step
Success Failure 1. Test Communicate between AD01 and AD02, Test Time Zone. 2. Backup System State form AD01. 3. Restore System State to Another location on AD02 4. Register DNS Suffix 5. Register DNS Record to AD01 6. Promote Server AD02 to Domain Controller. (DCPROMO / ADV) 7. Verify status after install Domain Controller 8. Setup Support Tools. 9. Setup Resource Kit Tools. 10. Install Recovery Console. 11. Register Schema Console.
Table 2 Checklist of Additional Domain (from System state)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 22 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ทํา additional โดยใช System state backup system state (check option verify data)
Figure 38 Using NT backup to backup system state
test ping AD02 to AD01 check time zone
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 23 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
AT AD 01 บน DNS
DNS at AD01 open Non secure & Secure Dynamic update
Figure 39 DNS zone properties
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 24 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
AT AD 02 Register DNS Record / Register DNS suffix
Figure 40 Register DNS suffix
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 25 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
AT AD 01
Figure 41 Forward Lookup Zone
copy system state at AD01 to AD02 and restore on AD02
AT AD 02
click ขวา แลวทําการ catalog ที่
Figure 42 Catalog File with NT Backup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 26 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 42 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
1.4.3 Step 5: Windows Times Services. จากนั้นใชคําสั่ง dcdiag เพื่อเช็ค สถานะตางๆจะเจอสถานะ เก่ียวกับ Time error เนื่องจากเมื่อ ยาย domain
controller Time server จะไมตามมาดวยจะตองทําการ add Time server ที่เครื่องใหมดวย Stratum คือ การ sync time Stratum เปนทอดๆจะตองไมเกิน 4 Stratum เพราะจะเกิดการ lost ในระยะทางที่ใช
v การ ปด services ของการ sync time ที่ AD01 ใชคําสั่ง
- W32tm /config /syncfromflags:domhier /reliable:NO /update - Net stop w32time - Net start w32time
Figure 69 Stop sync time service
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 43 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
AT AD 02
- W32tm /config /reliable:yes /update - Net stop w32time - Net start w32time
Figure 70 Stop sync time service
เม่ือ client ตองการsync time กับ server
- Net time /setsntp:[ช่ือเคร่ืองท่ีตองการจะ sync ดวย] [1] - Net time /querysntp (เพื่อ query ดู วา sync กับใคร) [2] - Net time \\ad01.Demo.com /set /y - Net use \\ad01.Demo.com /U:administrator pass
Figure 71 Step Client sync time with server
[1]
[2]
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 44 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
1.4.4 step 7: Child Domain
Check List Child Domain
Result Step Success Failure
12. Test Communicate between AD01 and AD02, Test Time Zone. 13. Add DNS Services on AD03 14. Create Stub Zone between AD01 and AD03 15. Register DNS Suffix 16. Register DNS Record to AD03 17. Promote Server AD02 to Domain Controller. (DCPROMO / ADV) 18. Verify status after install Domain Controller 19. Setup Support Tools. 20. Setup Resource Kit Tools. 21. Install Recovery Console. 22. Register Schema Console.
Table 3 Checklist of Child Domain
สราง Child Domain AT AD 03
เปด AD03 แลว Check การติดตอกับทั้ง AD01 และ AD02
Figure 72 Check DNS Configuration
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 45 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 73 Checking DNS Suffix
Figure 74 Checking Computer name
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 46 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 75 Check primary DNS Suffix
จากนั้นทําการ restart
AT AD 01
- เช็ความ ีfolder CM (child domain) ดังรูปหรือเปลา
Figure 76 Check CM Folder
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 47 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 77 Promote Active Directory
Figure 78 Choose new domain controller
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 48 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 79 Create Child domain
Figure 80 Configuration Network Credentials
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 49 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 81 Configuration domain name
Figure 82 Configuration NetBIOS name
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 50 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Next จนเจอหนาดังรูป
Figure 83 Setting Active directory Configuring
Figure 84 Finish Promote Active directory
จากนั้นทําการ restart ที่ AD03 ลง toolkit และ support ใหเรียบรอย
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 51 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
AT AD 01 เช็ควาเปนดังรปูหรือไม
Figure 85 Checking File configuration
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 52 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 76 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 128 Promote domain tree
5) ท่ี AD01 จะตองเห็น เปนดังรูป
Figure 129 Check AD forest
Figure 130 Domain Structure
AD1 Domain tree
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 77 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
1.4.9 Step 12: FSMO Maintenance (Metadata Cleanup). AT AD01
6) จะตองทําการ ลบ AD02 ออกเนื่องจากไมมีอยูจริง จากนั้นทําการ Run คําสั่งดังนี้
v Ntdsutil v Metadata cleanup v Connections v Connect to server AD01 v q v Select operation target v List domains v Select domain 0 v List sites v Select site 0 v List server in sites v Select server 1 v q v Remove select server
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 78 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Figure 131 Clean System
7) ระบบจะใหทําการ Confirm ใหเลือกท่ี yes
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 79 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
8) ทําการ ลบ ขอมูลท่ีเก่ียวกะ AD02
Figure 132 Clean Active Directory Data
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 80 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
LAB 2: (DNS, WINS, DHCP, AD Database) management and Network Configuration
2.1 Domain Name System (DNS)
2.1.1 Scenario แอดมินตองการจะทําการติดตั้ง DNS โดยให AD01 เปน primary DNS server เพื่อทําหนาที่เปน Name server หลัก
ของระบบ และทํา AD02 ใหเปน Secondary DNS Server เพื่อทําการ Backup database ของ DNS จาก AD01 ดังรูป
Figure 133 Structure of Domain Name System
2.1.2 Checklist Result
Step Success Failure
23. 1.ติดตั้ง DNS Service Component. 24. 2.สราง Primary zone ใน Forward lookup zone ของ
AD01.
25. 3.สราง Primary zone ใน Reverse lookup zone ของ AD01 .
26. 4.สราง Secondary Zone ที่ AD02. 27. 5.สราง Stub zone ที่ Primary Zone ที่ AD03.
Table 4 Checklist of DNS Structure
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 81 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
2.1.3 Step Guide 9) ติดตั้ง DNS Service Component. เขาไปที่ property ของ My Network Places
Figure 134 step guide for install DNS service component (step 1)
ที่ Advanced เลือก Option Networking Components
Figure 135 step guide for install DNS service component (step 2)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 82 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 120 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
เลือก Active Scope Now แลวคลิก Next
Figure 212 step guide for create scope (step 12)
คลิกเลือก Finish
Figure 213 step guide for create scope (step 13)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 121 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ที่ Console ของ DHCP คลิกขวาเลือก Authorize
Figure 214 step guide for create scope (step 14)
3) Setup DHCP client ท่ีเครื่อง client2 เขามา Set IP ของ Client2 โดยเลือกเปน Obtain an IP addres automatically และ Obtain DNS server address automatically
Figure 215 step guide for Setup Client (step 1)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 122 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ลองทดสอบดูจะเห็นไดวา Client2 ไดรับ IP หรือไม
Figure 216 step guide for Setup Client (step 2)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 123 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
LAB 3: Active Directory Migration. (Options)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 124 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
LAB 4: Advance Backup and Recovery Forest Infrastructure.
4.1 Scenario ในบทนี้จะไดพูดถึงการ Recovery Active Directory Domain ซึ่งเปน Windows Server 2003 ซึ่งในเบ้ืองตนจะไดพูด
ดังตอไปนี้ Operating System โดยเฉพาะอยางยิ่ง Version และ Service pack Hardware โดยเฉพาะอยางยิ่ง Disk configurations TCP/IP Configurations ไดแก IP Address, subnet mask และ default gateway Roles ของ Server แตละตัวเชน Schema master, RID master, GC เปนตน DNS Zone Location ของ Sysvol และ AD Database
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 125 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Server AD01 (Domain name:DEMO.COM) Configurations Value
1. Operating System Windows Server 2003 R2 Enterprise Edition. Evaluation Version
2. Hardware Virtual PC 2007
3. Service Pack Level Service Pack 1
4. TCP/IP Configurations IP Address: 192.168.0.1
Subnet mask: 225.255.0.0
DNS Server: 192.168.0.1, 192.168.0.2
5. Disk drive C: NTFS
6. NTDS Database C:\Windows\NTDS
7. NTDS Log file C:\Windows\NTDS
8. System Volume
(SYSVOL)
C:\Windows\SYSVOL
10. DNS Server configurations DNS Server contain the following zones:
• DEMO.COM
11. Active Directory roles Schema master
Naming master
PDC Emulator
RID
Infrastructure
Global Catalog
Table 7 Configurations ของ AD01
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 126 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Server AD02 (Domain Name: DEMO.COM) Configurations Value
1. Operating System Windows Server 2003 R2 Enterprise Edition. Evaluation Version
2. Hardware Virtual PC 2007
3. Service Pack Level Service Pack 1
4. TCP/IP Configurations IP Address: 192.168.0.2
Subnet mask: 225.255.0.0
Default Gateway:
DNS Server: 192.168.0.1, 192.168.0.2
5. Disk drive C: NTFS
6. NTDS Database C:\Windows\NTDS
7. NTDS Log file C:\Windows\NTDS
8. System Volume
(SYSVOL)
C:\Windows\SYSVOL
10. DNS Server configurations DNS Server contain the following zones:
• DEMO.COM
11. Active Directory roles None
Table 8 Configurations ของ AD02
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 127 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Server AD03 (Domain Name: CM.DEMO.COM) Configurations Value
1. Operating System Windows Server 2003 R2 Enterprise Edition. Evaluation Version
2. Hardware Virtual PC 2007
3. Service Pack Level Service Pack 1
4. TCP/IP Configurations IP Address: 192.168.0.3
Subnet mask: 225.255.0.0
Default Gateway:
DNS Server: 192.168.0.3
5. Disk drive C: NTFS
6. NTDS Database C:\Windows\NTDS
7. NTDS Log file C:\Windows\NTDS
8. System Volume
(SYSVOL)
C:\Windows\SYSVOL
10. DNS Server configurations DNS Server contain the following zones:
• CM.DEMO.COM
11. Active Directory roles PDC Emulator
RID
Infrastructure
Global Catalog
Table 9 Configurations ของ AD03
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 128 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Server AD04 (Domain Name: CM.DEMO.COM) Configurations Value
1. Operating System Windows Server 2003 R2 Enterprise Edition. Evaluation Version
2. Hardware Virtual PC 2007
3. Service Pack Level Service Pack 1
4. TCP/IP Configurations IP Address: 192.168.0.4
Subnet mask: 225.255.0.0
Default Gateway:
DNS Server: 192.168.0.3
5. Disk drive C: NTFS
6. NTDS Database C:\Windows\NTDS
7. NTDS Log file C:\Windows\NTDS
8. System Volume
(SYSVOL)
C:\Windows\SYSVOL
10. DNS Server configurations No DNS
11. Active Directory roles None
Table 10 Configurations ของ AD04
ซึ่งในการ Recovery นั้น Hardware ที่จะ Recovery มาแทนนั้น จะตองมีคุณสมบัติเหมือนกันบางอยาง เชน Operating System and Service Pack Operating System Directory Disk partition Windows Components DNS Services Installed Tools
v Windows Server 2003 Support Tools v Windows Server 2003 Resource Kits v Windows Server 2003 Recovery Console
Hardware Compatible with the damaged machine especially the following devices (for minimum time recovery
v Processor architecture v Disk controller
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 129 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4.2 Recovery Checklist
4.2.1 Recovery Checklist สําหรับ Root Domain Status Operations
Successes Failed
1. Unplug all network cable.
2. Select the server to be restored. (Restore only one server in each domain)
3. Restore system state with force primary restore option. (Don’t restart after restore
finished)
4. Edit registry, modify blurflags to “D4”.
5. Verify rpc ClientsProtocols configuration in registry.
6. Re-create junction point for SYSVOL.
7. Re-start the computer.
8. Check DNS zone named “DEMO.COM” exists and allow dynamic update.
With the following records.
_msdcs folder
_sites folder
_tcp folder
_udp folder
9. Check “SYSVOL” and “NETLOGON” should be shared.
10. In-case of computer started normally, skip to step 13
11. In case of computer started with blue screen,
- Start computer in Recovery console, disable acpi
- Start re-place repair Windows process
12. Configure TCP/IP to the original IP, subnet, and subnet mask.
13. Disable Global Catalog.
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 130 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Status Operations
Successes Failed
14. Disable services with is not working.
15. Remove damaged servers in ntdsutil, AD site and services and DNS.
16. Raise ridAvaliablePool
17. Check FSMO role ,if ALL FSMO is available skip to step 18.
18. Seize ALL FSMO.
19. Reset computer account of domain controller 2 time.
20. Reset password krbtgt 2 times
21. Enagle GC
22. Clear all logs in Event Viewer and restart
23. Check dcdiag result
24. Check EvenrViewer log
Table 11 Checklist for Recovery Root Domain Controllers
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 131 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4.2.2 Recovery Checklist สําหรับ Child Domain Status Operations
Successes Failed
1. Unplug all network cable.
2. Select the server to be restored. (Restore only one server in each domain)
3. Restore system state with force primary restore option. (Don’t restart after restore
finished)
4. Edit registry, modify blurflags to “D4”.
5. Verify rpc ClientsProtocols configuration in registry.
6. Re-create junction point for SYSVOL.
7. Re-start the computer.
8. Check DNS zone named “DEMO.COM” exists and allow dynamic update.
With the following records.
_msdcs folder
_sites folder
_tcp folder
_udp folder
9. Check “SYSVOL” and “NETLOGON” should be shared.
10. Disable Global Catalog.
11. Remove damaged servers in ntdsutil, AD site and services and DNS.
12. Raise ridAvaliablePool
13. Check FSMO role ,if ALL FSMO is available skip to step 18.
14. Seize ALL FSMO.
15. Reset computer account of domain controller 2 times.
16. Reset password krbtgt 2 times
17. Enagle GC
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 132 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Status Operations
Successes Failed
18. Clear all logs in Event Viewer and restart
19. Check dcdiag result
20. Check EvenrViewer log
Table 12 Checklist for Recovery Child Domain Controllers
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 133 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4.3 ขั้นตอนการ Recovery Root Domain Controller
4.3.1 Unplug all network cable เพื่อไมตองการให DC root และ Child ที่กําลังจะ Recovery กลับมา สามารถติดตอกันได ซึ่งจะทําใหทั้ง Root และ
Child พยายามทําการ Replicate ขอมูลกันอันจะทําใหการ Recovery มีปญหาได ดังนั้นจึงตองทําการถอดสาย LAN ออกใหหมด
4.3.2 Select the server to be restored. ในการ Recovery Domain Controller นั้น จะทําเพียง 1 Domain Controller เทานั้น ไมวา Domain นั้นจะมีก่ี
Additional Domain Controller ก็ตาม โดยจะเลือกจาก Domain Controller ที่มีคุณสมบัติตอไปนี้ DNS Service เปนหลัก ไมม ีGlobal Catalog
4.3.3 Restore system state with force primary restore option. ในการ Restore System State นั้นไมจําเปนตองกําหนด IP Address, subnet mask และ Default gateway ใหกับ
เครื่อง Server ที่จะ Recovery เพราะหลังจากเรา Restore System State แลวจะทําใหขอมูลในสวนนี้ถูก Restore กลับมาดวย 1) Start ntbackup utility by typing “ntbackup” at start-> run
Figure 218 เรียกใช ntbackup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 134 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
2) The first time of NTbackup will start in wizard mode.
Figure 219 NTbackup ครั้งแรกจะเปน Wizard mode
3) Un-check “Always start in Wizard mode” and Click [Cancel] for exit ntbackup.
Figure 220 ออกจากโปรแกรม NTbackup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 135 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4) Start ntbackup utility again by typing “ntbackup” at start-> run.
Figure 221 NTbackup ใน mode ปกติ
5) Select “[Restore and Manage Media]” Tab
Figure 222 Tab “Restore and Manage Media” ของ NTBackup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 136 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
6) Right Click at “[File]” and Select “[Catalog file]”
Figure 223 การ Catalog file ของ NTBackup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 137 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
7) Open Backup File appear. Select the file to be restored. By clicking [Browse]
Figure 224 เลือก File system state ท่ีตองการ
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 138 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
8) Select “System State”. And Click “[Start Restore]”
Figure 225 เริ่มตนการ Restore System state
9) Click “[OK]”. When dialog appears.
Figure 226 Confirm Restore system state
10) Click “[Advanced]”.
Figure 227 Advanced Option of ntbackup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 139 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
11) On Advanced Restore Options, Check for following Options is checked. “When restoring replicated data sets, mark the restored data as the primary data for all replicas”. Restore junction points, and restore file and folder data under junction points to the original location.
Click [OK] when finished.
Figure 228 Mark Primary restore of the system state
12) Click “[OK]”
Figure 229 Confirm Restore
4.3.4 Edit Registry, modify blurFlags to “D4” ขั้นตอนนี้เปนการทําการสั่งให Windows ทําการ Rebuild System Volume (SYSVOL) และ netlogon share ใหทํา
การ Share เปนปกติหลังจากที่ Restore กลับคืนมา มีขั้นตอนดังนี ้1) Start Registry Editing tools, by type “regedit” at Start -> run. Click OK
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 140 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
2) Registry Editing tools start.
Figure 231 หนาจอของ Regedit
3) ขยาย panel ดวยซายมือไปท่ี
“HKEY_LOCAL_MACINE\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at Startup”
Figure 232 HKEY_LOCAL_MACINE\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at
Startup
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 141 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4) Select a value named “BufFlags”. Right click and select “[Modify]” ท้ังนี้เพ่ือตองการขอมูลใน SYSVOL ท่ีเรามีอยูจากการ Restore System State นั้นเปน primary ของ AD ตัวตอๆ ไป (คือไมใหใครมาเปลี่ยนขอมูลใน SYSVOL ของเรานั่นเอง)
Figure 233 แก BlurFlags
5) Enter value to D4. Make sure that Base “Hexadecimal” option is selected. And click “[OK]”
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 142 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4.3.5 Verify RPC Client Protocols configuration in Registry 1) Start Registry Editing tools, by type “regedit” at Start -> run. Click OK 2) Navigate subtree on the left panel to, “HKEY_LOCAL_MACINE\Software\Microsoft\RPC\” ซ่ึง
4.3.6 Recreate Junction point for SYSVOL 1) ตรวจสอบวา AD Database ไดรับการ Restore มาแลว โดยใช Windows Explorer เปดไปท่ี
“C:\WINDOWS\NTDS”, ควรจะพบ File ชือ ntds.dit
Figure 237 Path ของ AD Database
2) ใหตรวจสอบดูวา SYSVOL ยังมีอยู Start Windows Explorer to “D:\WINDOWS\SYSVOL”, should
found the following directory structure.
Figure 238 โครงสรางท่ีถูกตองของ C:\windows\Sysvol
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 144 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
3) ใหตรวจสอบjunction point ท่ีถูกตองของ SYSVOL โดยการใช command prompt and ท่ี “C:\Windows\Sysvol\sysvol”. And use “dir” command. Should see DEMO.COM ซ่ึงเปนชื่อ Domain DNS name จะแสดงวา <JUNCTION>
โดยใชคําสั่ง “linkd <DNS Domain name>”. The correct path is: C:\windows\sysvol\domain.
Figure 240 Junction point ท่ีถูกตองของ c:\windows\sysvol\sysvol\<DNS domain name>
5) ตรวจสอบความถูกตองของ path ท่ี junction point ชี้ไปของ “D:\Windows\Sysvol\staging
area\<DNS domain name>”. ตองเห็นเปน <JUNCTION>
Figure 241 ตรวจสอบ Junction point ของ staging Areas
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 145 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
6) (ตองลง Resource Kit กอน) ใหตรวจสอบjunction point ท่ีถูกตองของ SYSVOL โดยการใช command prompt and ท่ี C:\Windows\Sysvol\staging area\<DNS domain name> โดยใชคําสั่ง “linkd <DNS Domain name>”. The correct path is: C:\windows\sysvol\staging\domain.
Figure 242 Junction point ท่ีถูกตองของ C:\Windows\Sysvol\staging area\<DNS domain name>
7) Make sure that there are a folder named “scripts” in “C:\windows\sysvol\sysvol\demo.com”.
If folder does not exist create it.
Note:
ในกรณีที่ตรวจพบวา Junction point ไมเปนไปตามปกต ิใหทําดังนี ้v ลบ folder ของ junction point ออก v ทําการสราง Junction point ใหม โดยใชคําสั่ง (สําหรับ Sysvol)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 147 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
4.3.10 Disable Global Catalog หลังจากการ Recovery แลว อาจทําให shortcut ของ Active Directory ที่มีอยูใน Administrative Tools หายไป
เนื่องจากวา Server ที่เราใชกูนั้นไมไดผานการ Promote มา แตเปนการเอา System state ของ AD มาสวมทับไป ดังนั้นขอ shortcut เหลานี้จึงหายไป แตตัว Tools จริงๆ นั้นยังอยูสามารถ Add มาไดโดยใช MMC
1) Start “Active Directory Sites and Services” in “Start -> programs -> Administrative Tools” Note:
If the tools is not available, type “mmc” at “start -> run”
Figure 246 เรียกใช MMC
Microsoft Management Console appears. Click “File->Add/Remove snappin”
Figure 247 Add/Remove Snap-in (1)
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 148 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Click “[ADD]”
Figure 248 Add/Remove Snap-ins (2)
The Add Standalone snap-in appears. Select “Active Directory Sites and Services”. Then click “[ADD]”
Figure 249 เลือก Snap-ins ท่ีจะ Add
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 149 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
Click “[CLOSE]” and “[OK]” “Active Directory Sites and Services” appears.
Figure 250 Active Directory Site and Services Console ท่ี Add snap-ins เขามา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 150 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
2) Expand “Active Directory Sites and Services” on the left panel to “Sites -> Default first site name -> Servers -> <SELECT_SERVER_NAME>”. Right click at “NTDS settings” and select “Properties”.
Figure 251 Properties ของ AD02 ใน Active Directory Site and Services Console
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 151 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 155 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
2) ใน Active Directory Site and Sevices ใหเปด Active Directory Site and Services และไปที่ Site/ Default-First-Site-Name/Server จะเห็นดังรูป ซึ่งจะเห็นไดวา AD01 โดนลบไปแลว ดังนั้นเราสามารถลบออกจาก Active Directory site and services ไดเลยโดยการคลิกขวาที ่AD01 แลวเลือก Delete
Figure 272 AD01 ไมมืชื่อ Domain
Figure 273 คลิกขวาท่ี AD01 เพ่ือลบออก
Figure 274 ยืนยันการลบ AD01 ออกจาก AD
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 156 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
3) ใน DNS ใหเปด DNS Console จะมีขั้นตอนการลบดังนี้ เมื่อเปด DNS Console / ไปที ่Forward Lookup Zone/ DEMO.COM จะเห็นดังนี ้
Figure 275 DNS Record ของ AD01 ท่ียังหลงเหลืออยูใน DNS
ใหลบทั้ง ad01 ที่เปน Host(A) Record ออกโดยการกด Delete สวน ad01.demo.com ที่เปน NS Record ทําไดโดยการ Double Click จะปรากฏ Dialog ดังรูป
Figure 276 NS Server ของ Demo.com
ThaiAdmin Training Document: TA201 LAB Active Directory Professional Implementation 157 / 196
Powered by ThaiAdmin Trainer Team แจกฟรี ! ไมสงวนลิขสิทธิ์.......... หามจําหนายโดยหวังผลทางการคา
ใหคลิกที่ AD01 และเลือก Remove และตอบ OK เพื่อยืนยันการลบ
จากนั้นใหทําตามขัน้ตอนดังกลาวใน 5.3.11 ใหมอีกครั้งหนึ่ง แตคราวนี้ใหเลือกลบ Server DC04 ออก