What is Active Directory - how to install and configure

Active Directory provides systems management services. They are a much better alternative to local groups and allow you to create computer networks with efficient management and reliable data protection.

If you have not previously encountered the concept of Active Directory and do not know how such services work, this article is for you. Let's figure out what this concept means, what are the advantages of such databases and how to create and configure them for initial use.

Active Directory - what is it in simple words

Active Directory is a very convenient way of system management. Using Active Directory, you can effectively manage your data.

These services allow you to create a single database managed by domain controllers. If you own a business, manage an office, or generally control the activities of many people who need to be united, such a domain will be useful to you.

It includes all objects - computers, printers, faxes, user accounts, etc. The sum of domains on which data is located is called a “forest”. The Active Directory database is a domain environment where the number of objects can be up to 2 billion. Can you imagine these scales?

That is, with the help of such a “forest” or database, you can connect a large number of employees and equipment in the office, and without being tied to a location - other users can also be connected in the services, for example, from a company office in another city.

In addition, several domains are created and combined within Active Directory Services - the larger the company, the more tools are needed to control its equipment within the database.

Further, when such a network is created, one controlling domain is determined, and even with the subsequent presence of other domains, the original one still remains “parent” - that is, only it has full access to information management.

Where is this data stored, and what ensures the existence of domains? To create Active Directory, controllers are used. Usually there are two of them - if something happens to one, the information will be saved on the second controller.

Another option for using the database is if, for example, your company cooperates with another, and you have to complete a common project. In this case, unauthorized persons may need access to domain files, and here you can set up a kind of “relationship” between two different “forests”, allowing access to the required information without risking the security of the remaining data.

In general, Active Directory is a tool for creating a database within a certain structure, regardless of its size. Users and all equipment are united into one “forest”, domains are created and placed on controllers.

It is also advisable to clarify that services can only operate on devices with Windows server systems. In addition, 3-4 DNS servers are created on the controllers. They serve the main zone of the domain, and if one of them fails, other servers replace it.

After a brief overview of Active Directory for Dummies, you are naturally interested in the question - why change a local group for an entire database? Naturally, the field of possibilities here is many times wider, and in order to find out other differences between these services for system management, let’s take a closer look at their advantages.

Benefits of Active Directory

The advantages of Active Directory are:

1. Using a single resource for authentication. In this situation, you need to add all accounts on each PC that require access to general information. The more users and equipment there are, the more difficult it is to synchronize this data between them.

Next, to change the password on one account, you need to change it on other PCs and servers. It is logical that with a larger number of users a more thoughtful solution is required.

And so, when using services with a database, accounts are stored in one point, and changes take effect immediately on all computers.

How it works? Each employee, coming to the office, launches the system and logs into his account. The login request will be automatically submitted to the server and authentication will take place through it.

As for a certain order in keeping records, you can always divide users into groups - “HR Department” or “Accounting”.

In this case, it is even easier to provide access to information - if you need to open a folder for employees from one department, you do this through the database. Together they gain access to the required folder with data, while for others the documents remain closed.

1. Control over each database participant.

If in a local group each member is independent and difficult to control from another computer, then in domains you can set certain rules that comply with company policy.

As a system administrator, you can set access settings and security settings, and then apply them to each user group. Naturally, depending on the hierarchy, some groups can be given more stringent settings, while others can be given access to other files and actions in the system.

In addition, when a new person joins the company, his computer will immediately receive the necessary set of settings, which includes components for work.

1. Versatility in software installation.

Speaking of components, using Active Directory you can assign printers, install the necessary programs for all employees at once, and set privacy settings. In general, creating a database will significantly optimize work, monitor security and unite users for maximum work efficiency.

And if a company operates a separate utility or special services, they can be synchronized with domains and simplified access to them. How? If you combine all the products used in the company, the employee will not need to enter different logins and passwords to enter each program - this information will be common.

Now that the benefits and meaning of using Active Directory become clear, let's look at the process of installing these services.

What is AD delegation

Delegation itself is the transfer of some of the permissions and control from a parent object to another responsible party.

It is known that every organization has several system administrators at its headquarters. Different tasks should be assigned to different shoulders. In order to apply changes, you must have rights and permissions, which are divided into standard and special. Specific permissions apply to a specific object, while standard permissions are a set of existing permissions that make specific features available or unavailable.

The best online services and programs for downloading videos from Rutube

Establishing trust

There are two types of trust relationships in AD: "unidirectional" and "bidirectional". In the first case, one domain trusts the other, but not vice versa; accordingly, the first has access to the resources of the second, but the second does not have access. In the second type, trust is “mutual”. There are also “outgoing” and “incoming” relationships. In outgoing, the first domain trusts the second, thus allowing users of the second to use the resources of the first.

During installation, the following procedures should be followed:

• Check network connections between controllers.
• Check settings.
• Configure name resolutions for external domains.
• Create a connection from the trusting domain.
• Create a connection from the side of the controller to which the trust is addressed.
• Check the created one-way relationships.
• If there is a need to establish bilateral relations, make the installation.

We use a database on Windows Server 2012

Installing and configuring Active Directory is not a difficult task, and is also easier than it seems at first glance.

To load services, you first need to do the following:

1. Change the computer name: click on “Start”, open Control Panel, select “System”. Select “Change settings” and in Properties, opposite the “Computer name” line, click “Change”, enter a new value for the main PC.
2. Reboot your PC as required.
3. Set the network settings like this:
   Through the control panel, open the menu with networks and sharing.
4. Adjust the adapter settings. Right-click “Properties” and open the “Network” tab.
5. In the window from the list, click on Internet protocol number 4, again click on “Properties”.
6. Enter the required settings, for example: IP address - 192.168.10.252, subnet mask - 255.255.255.0, main gateway - 192.168.10.1.
7. In the “Preferred DNS server” line, specify the address of the local server, in “Alternative...” - other DNS server addresses.
8. Save your changes and close the windows.

Set up Active Directory roles like this:

1. Through Start, open Server Manager.
2. From the menu, select Add Roles and Features.
3. The wizard will launch, but you can skip the first window with a description.
4. Oh, move on.
5. Select your computer to install Active Directory on it.
6. From the list, select the role that you need to load - in your case it is “Active Directory Domain Services”.
7. A small window will appear asking you to download the components required for the services - accept it.
8. You will then be prompted to install other components - if you don’t need them, just skip this step by clicking “Next”.
9. The setup wizard will display a window with descriptions of the services you are installing - read and move on.
10. A list of components that we are going to install will appear - check if everything is correct, and if so, press the appropriate button.
11. When the process is complete, close the window.
12. That's it - the services are downloaded to your computer.

How active directories work

The main operating principles are:

• Authorization , with which it becomes possible to use a PC on the network simply by entering a personal password. In this case, all information from the account is transferred.
• Security . Active Directory contains user recognition functions. For any network object, you can remotely, from one device, set the necessary rights, which will depend on the categories and specific users.
• Network administration from one point. When working with the Active Directory, the system administrator does not need to reconfigure all PCs if it is necessary to change access rights, for example, to a printer. Changes are carried out remotely and globally.
• Full DNS integration . With its help, there is no confusion in AD; all devices are designated exactly the same as on the World Wide Web.
• Large scale . A set of servers can be controlled by one Active Directory.
• The search is performed using various parameters, for example, computer name, login.

Objects and Attributes

An object is a set of attributes, united under its own name, representing a network resource.

Attribute - characteristics of an object in the catalog. For example, these include the user’s full name and login. But the attributes of a PC account can be the name of this computer and its description.

What is Messenger

Example:

“Employee” is an object that has the attributes “Name”, “Position” and “TabN”.

LDAP container and name

A container is a type of object that can consist of other objects . A domain, for example, may include account objects.

Their main purpose is to organize objects by types of features. Most often, containers are used to group objects with the same attributes.

Almost all containers map a collection of objects, and resources are mapped to a unique Active Directory object. One of the main types of AD containers is the organization module, or OU (organizational unit). Objects that are placed in this container belong only to the domain in which they are created.

Lightweight Directory Access Protocol (LDAP) is the underlying algorithm for TCP/IP connections. It is designed to reduce the amount of nuance when accessing directory services. LDAP also defines the actions used to query and edit directory data.

Tree and site

A domain tree is a structure, a collection of domains that have a common schema and configuration, that form a common namespace and are linked by trust relationships.

A domain forest is a collection of trees connected to each other.

A site is a collection of devices in IP subnets, representing a physical model of the network, the planning of which is carried out regardless of the logical representation of its construction. Active Directory has the ability to create an n-number of sites or combine an n-number of domains under one site.

Setting up Active Directory

To configure a domain service you need to do the following:

• Launch the setup wizard of the same name.
• Click on the yellow pointer at the top of the window and select “Promote the server to a domain controller.”
• Click on add a new forest and create a name for the root domain, then click Next.
• Specify the operating modes of the “forest” and the domain - most often they coincide.
• Create a password, but be sure to remember it. Continue further.
• After this, you may see a warning that the domain is not delegated and a prompt to check the domain name - you can skip these steps.
• In the next window, you can change the path to the database directories - do this if they do not suit you.
• You'll now see all the options you're about to set - check to see if you've selected them correctly and move on.
• The application will check whether the prerequisites are met, and if there are no comments, or they are not critical, click “Install”.
• After installation is complete, the PC will reboot on its own.

You might also be wondering how to add a user to the database. To do this, use the “Active Directory Users or Computers” menu, which you will find in the “Administration” section in the control panel, or use the database settings menu.

To add a new user, right-click on the domain name, select “Create”, then “Division”. A window will appear in front of you where you need to enter the name of the new department - it serves as a folder where you can collect users from different departments. In the same way, you will later create several more divisions and correctly place all employees.

Next, when you have created a department name, right-click on it and select “Create”, then “User”. Now all that remains is to enter the necessary data and set the access settings for the user.

When the new profile is created, click on it by selecting the context menu and open “Properties”. In the “Account” tab, delete o. That's all.

The general conclusion is that Active Directory is a powerful and useful system management tool that will help unite all employee computers into one team. Using services, you can create a secure database and significantly optimize the work and synchronization of information between all users. If your company or any other place of business is connected to electronic computers and networks, you need to consolidate accounts and monitor work and confidentiality, installing an Active Directory-based database will be an excellent solution.