What is Active Directory?

Active Directory (AD) is a directory service that runs on Microsoft Windows Server. The main
function of Active Directory is to enable administrators to manage permissions and control
access to network resources. In Active Directory, data is stored as objects, which include users,
groups, applications, and devices, and these objects are categorized according to their name and
attributes.
What does active directory do?
There are many reasons why enterprises use directory services like Active Directory. The main
reason is convenience. Active Directory enables users to log on to and manage a variety of
resources from one location. Login credentials are unified so that it is easier to manage multiple
devices without having to enter account details to access each individual machine.
What Are Active Directory Domain Services?
Active Directory Domain Services (AD DS) are a core component of Active Directory and
provide the primary mechanism for authenticating users and determining which network
resources they can access. AD DS also provides additional features such as Single Sign-On
(SSO), security certificates, LDAP, and access rights management.
The following topics are core concepts of Active Directory Domain Services:
1. Attributes
2. Containers and Leaves
3. Object Names and Identities
4. Naming Contexts and Directory Partitions
5. Domain Trees
6. Forests
7. Active Directory Servers and Dynamic DNS
8. Replication and Data Integrity
Attributes (AD DS)
Each object in Active Directory Domain Services contains a set of attributes that define the
characteristics of the object. Each attribute is described by an attribute Schema object in the
schema container that defines the attribute. The attribute definition includes a variety of data, for
example, what object types that the attribute applies to and the syntax type of the attribute.
Containers and Leaves
Active Directory treats all parts of the network as objects. Objects come in three distinct flavors:
Resources (printers, network storage, etc), Users (individual user accounts and user groups), and
Services (email, etc.). Objects can also contain other objects – in fact this is the main
infrastructure of Active Directory. It is hierarchical. Objects that contain other objects are called
Containers, and objects that can contain no other objects (such as an individual user) are called
leaf objects or leaves
Object Names and Identities
An object in Active Directory Domain Services has several identities, including the following.
 Relative Distinguished Name
 Distinguished Name
 Object GUID
 Other Identities
Object instances can have many other attributes, and the attributes can be used for
identification by applications. For example, security principal objects (instances of
 the user, computer, and group object classes)
have userPrincipalName, sAMAccountName, and objectSid attributes. These attributes
are very important "names" for Windows 2000, but these are not part of the object
identity from the directory's perspective.
Naming Contexts and Directory Partitions
Each domain controller in a domain forest controlled by Active Directory Domain Services
includes directory partitions. Directory partitions are also known as naming contexts. A directory
partition is a contiguous portion of the overall directory that has independent replication scope
and scheduling data. By default, the Active Directory Domain Service for an enterprise contains
the following partitions:
 Schema Partition: The schema partition contains
the classSchema and attributeSchema objects that define the types of objects that can
exist in the forest. Every domain controller in the forest has a replica of the same schema
partition.
 Configuration Partition: The configuration partition contains replication topology and
other configuration data that must be replicated throughout the forest. Every domain
controller in the forest has a replica of the same configuration partition.
 Domain Partition: The domain partition contains the directory objects, such as users and
computers, associated with the local domain. A domain can have multiple domain
controllers and a forest can have multiple domains. Each domain controller stores a full
replica of the domain partition for its local domain, but does not store replicas of the
domain partitions for other domains.
Domain Trees
A domain tree is made up of several domains that share a common schema and configuration,
forming a contiguous namespace. Domains in a tree are also linked together by trust
relationships. Active Directory is a set of one or more trees.
Trees can be viewed two ways. One view is the trust relationships between domains. The other
view is the namespace of the domain tree.
Forests
A forest is a set of one or more domain trees that do not form a contiguous namespace. All trees
in a forest share a common schema, configuration, and global catalog. All trees in a given forest
exchange trust according to transitive hierarchical trust relationships. Unlike trees, a forest does
not require a distinct name. A forest exists as a set of cross-reference objects and trust
relationships recognized by the member trees. Trees in a forest form a hierarchy for the purposes
of trust; the tree name at the root of the trust tree refers to a given forest.
Active Directory Servers and Dynamic DNS
The Active Directory servers publish their addresses such that clients can find them knowing
only the domain name. Active Directory servers are published using the Service Resource
Records (SRV RRs) in DNS. The SRV RR is a DNS record used to map the name of a service to
the address of a server that offers the service.
Dynamic DNS is a recent addition to the DNS standard. Dynamic DNS defines a protocol for
dynamically updating a DNS server with new data. Prior to Dynamic DNS, administrators were
required to manually configure the records stored by DNS servers.
Replication and Data Integrity
Active Directory Domain Services provide multi-master update. Multi-master update means that
all full replicas of a given partition are writable (the partial replicas on global catalog servers are
not writable.) Multi-master update means that updates are not blocked even when some replicas
are inoperable. The Active Directory server propagates the changes from the updated replica to
all other replicas. Replication is automatic and transparent.

The Hierarchical Structure of Active Directory Domain Services

AD DS organizes data in a hierarchical structure consisting of domains, trees, and forests, as

detailed below.

Domains: A domain represents a group of objects such as users, groups, and devices, which

share the same AD database. You can think of a domain as a branch in a tree. A domain has the

same structure as standard domains and sub-domains, e.g. yourdomain.com and

sales.yourdomain.com.

Trees: A tree is one or more domains grouped together in a logical hierarchy. Since domains in a

tree are related, they are said to “trust” each other.

Forest: A forest is the highest level of organization within AD and contains a group of trees. The

trees in a forest can also trust each other, and will also share directory schemas, catalogs,

application information, and domain configurations.

Organizational Units: An OU is used to organize users, groups, computers, and other

organizational units.

Containers: A container is similar to an OU, however, unlike an OU, it is not possible to link a

Group Policy Object (GPO) to a generic Active Directory container.

Designing Active Directory Infrastructure

The Active Directory deployment process in the infrastructure has been made easy over the
years. Even if you do not have advanced knowledge of Active Directory, with a few wizards,
you can install AD DS on a server.

In this chapter, we will cover the following topics:

 Designing a forest structure
 Designing a domain structure
 Designing an OU structure
 Designing the physical topology of Active Directory ...

Installing active directory

Step 1: Open Server Manager

Hit “Windows” key on your keyboard and type “Server Manager” to search for the application.

Step 2: Add Roles and Features

Right-click on “Manage” on the “Server Manager” window and choose “Add Roles and
Features“. This will open the “Add Roles and Features Wizard” which ushers us to the part
where we install Active Directory Domain Services. Click on next.

Step 3: Installation Type

On the “Installation Type”, leave “Role-based or feature-based installation” radio button

selected and click on next.

Step 4: Server Selection

On this stage titled “Select destination server“, select the server you are to install AD DS and
click next.

Step 5: Server Roles

The previous step will lead you to the next page as shown below. Here, you will see many
options with square checklist box against them. As you can guess, we are going to choose
“Active Directory Domain Services“.
Step 6: Add Features

Immediately you choose that option, a new part comes up. On the page, just click on “Add
Features” tab and hit “Next“.

Step 7: Select Features

On the next page after Step 6 titled “Select features“, just hit “Next” to lead you to installations
of AD DS.

Step 8: AD DS

you will be presented with the next page titled “Active Directory Domain Services“. Here, click
on “Next“
As showntitled “Activ

Step 9: Confirm your selections

The next page is about Confirming what you need to install before actually installing them. If
you are sure about what you have chosen, click on install.

Step 10: Promote to Domain Controller

After you have finished installing Active Directory Domain Services, the last step is to promote
it to a Domain Controller. Go over to Server Manager where you will notice a yellow
exclamation notification beside the “Manage” tab as shown below. Click on it and choose
“Promote this server to a domain controller“

Step 11: Add a new Forest

A new window titled “Active Directory Domain Services Configuration Wizard” will pop up.
We are going to Add a new Forest but in case you would wish to do something different in this
Step, you are free to choose the other options. Add your organization’s root domain name. Click
on “Next” after you pick your choice.

Step 12: Domain Controller Options

On the Domain Controller options, leave the defaults checked and input your password. After
that, click “Next“.
On

Step 13: DNS Options

On the next page ( DNS Options ), you will probably see an error on top with the words “A
delegation for this DNS server cannot be created because the authoritative parent zone
nameserver cannot be found”. Ignore it and click “Next

Step 14: NetBIOS domain name

On the next page, leave the NetBIOS domain name as default or you can change it as long as it is
not longer than 15 characters. Click “Next” after that.

Step 15: Paths

Leave paths as default and click “Next” as shown below.

Step 16: Review Selections

In this step, the server allows you to review what you have done so far. If you are good with the
selections you have done. Hit “Next“.
Step 17: Prerequisites Check

In this step prerequisites will be validated before Active Directory Domain Services is installed.
If you get any errors here, please look at it and fix anything in the previous steps. If all is okay,
click “Install“.

After that, the Server will reboot and you can then log into the Domain with the credentials you
set .

To verify installation

The best way to verify the operation of Active Directory is to run the console utility Dcdiag
(Domain Controller Diagnosis). Dcdiag executes several tests to verify that AD is working
correctly.

To run Dcdiag, log on to the domain controller using an domain administrator account and open
an administrative console. Type the following command:

dcdiag /c

If Dcdiag reports a failed test you will need to troubleshoot your domain controller to find the
cause.

Removing Active directory

ADDS roles can be removed by using the GUI and Powershell. Powershell is a fast and easy
method that requires only a single command.

Remove ADDS Role with PowerShell

Step 1: Open PowerShell.

Step 2: Type in the following command and then press enter:

Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

Step 3: Provide the local administrator password and press enter.

Step 4: It could take up to 5 minutes. The server will be restarted upon completion.

How to add a domain to the Active Directory

1. Login to your domain controller

2. Open the “Active Directory Domains and Trusts”
3. Open the Properties of Active Directory Domains and Trusts
4. Right-click on the top item in the left tree view and select properties
5. Add the new Domain Name
6. In the UPN Suffixes dialog, enter the new domain name in the “Alternative UPN
Suffixes” field and click on Add
7. Apply the settings
8. Click Apply and close the windows. The domain is now added to the domain controller.
9. (optional) for replication to other domain controllers
10. If you have multiple domain controllers you can force the replication with the following
command in PowerShell / CMD: repadmin /syncall /AdeP
You should now be able to use the new domain name in the Active Directory or in the Exchange
Administration Center.
Create a new Active Directory forest and domain

Create a new Active Directory forest and domain, install Domain Name Services (DNS), and
promote the server to a domain controller using Windows PowerShell in Windows Server 2012
R2 Core.

1. Type Start PowerShell and press Enter within the Command Prompt window to open

a new Windows PowerShell console window.
2. Type Install-ADDSForest -DomainName vdom.local -InstallDNS and press Enter to
create a new forest and domain named vdom.local. 
3. Type the Directory Services Restore Mode (DSRM) password twice and press Enter to
save the password. The DSRM password is referred to as
the SafeModeAdministratorPassword in Windows PowerShell.
 4. Type A and press Enter to configure the server as a domain controller and install DNS.
5. The domain controller promotion will complete and the server will be rebooted finalizing
the process.

Type of Rules and Membership

Group
Universal Universal groups can contain members from any domain in the
groups forest and replicate group membership to the global catalog.
Global Global groups can include only members from the domain to which
groups they belong.
Domain Domain local groups can contain users from any domain. They are
local used to assign permissions to resources.
groups

Virtualization

Virtualization is the creation of a virtual -- rather than actual -- version of something, such
as an operating system (OS), a server, a storage device or network resources. Virtualization uses
software that simulates hardware functionality to create a virtual system.

What Does Bare Metal Mean?

Bare metal is a computer system without a base operating system (OS) or installed applications.
It is a computer's hardware assembly, structure and components that is installed with either the
firmware or basic input/output system (BIOS) software utility or no software at all.

It is Hypervisor based machine manage all hardware resources and support execution of virtual
machines.

VMware

VMware offers a flexible “multi-mode” VMM architecture that enables a separate VMM to host
each virtual machine. VMware allows you to select the mode that achieves the best workload-
specific performance based on the CPU support available. VMware provides a flexible
architecture to support emerging virtualization technologies. Multi-mode VMM utilizes binary
translation, hardware assist and paravirtualization to select the best operating mode for each
workload and processor combination.

What is paravirtualization?

Paravirtualization is the category of CPU virtualization which uses hypercalls for operations to
handle instructions at compile time. In paravirtualization, guest OS is not completely isolated
but it is partially isolated by the virtual machine from the virtualization layer and hardware.
VMware and Xen are some examples of paravirtualization.
Paravirtualization enables several different operating systems to run on one set of hardware by
effectively using resources such as processors and memory. In paravirtualization, the operating
system is modified to work with a virtual machine. The intention behind the modification of the
operating system is to minimize the execution time required in performing the operations that are
otherwise difficult to run in a virtual environment.

How Does Paravirtualization Work?

To enable hypercalls in paravirtualization, modifications have to be done with the OS kernel, the
core program that controls the whole OS. This lets the guest OS know that it is in a virtualized
environment sitting on top of a hypervisor. When a user executes a command in the guest OS, it
is communicated through a hypercall to the hypervisor. The chart below shows a simplified flow
of how paravirtualization works.

What Are the Advantages and Disadvantages of Paravirtualization?

One of the advantages of paravirtualization is that it executes instructions a lot faster

On the other hand, full virtualization is comparable to the need for a translator.

Although paravirtualization offers improved speed and performance, it has downsides, too. For
one, it is less compatible, as not all systems support paravirtualization. Remember that setting up
paravirtualization also requires OS kernel modification.

Uses of Paravirtualization

Below are some uses of paravirtualization:

 Partitioning test environments: One of the most common uses of paravirtualization is

to partition test environments during a software development process.

 Data replication: Organizations use paravirtualization to make different copies of data

and storing them in multiple locations within the same system.

 Disaster recovery (DR): Paravirtualization allows organizations to store backups so they

will not lose data when natural disasters, such as floods and fires, hit.

 Capacity management: Paravirtualization enables companies to plan and manage their

resources, specifically network capacity, memory, and storage.

Paravirtualization was primarily developed to improve the speed and performance of

virtualization. It has made backup creation, DR, and data migration a lot easier for organizations.

Advantages and disadvantages of paravirtualization

Advantages of paravirtualization include:

 Direct communication between the guest kernel and the hypervisor improves
performance levels.
 The thin software layer created in paravirtualization controls virtual server traffic by
allowing a single guest OS to gain access to the physical hardware device while ceasing
access for all other guest OS.
 Since paravirtualization does not attempt to fully rebuild the hardware, there is lower
virtualization overhead.
 Paravirtualization does not include device drivers because it utilizes the drivers already
present in the guest OS. Therefore, organizations can take full advantage of the hardware
in the server instead of being limited to hardware with available drivers, as is the case in
full virtualization.
Disadvantages of paravirtualization include:

 Modifications of the guest OS are necessary for any interaction with the
paravirtualization interfaces to take place, thus limiting support to open source OSes,
such as Linux.
 Since paravirtualization cannot perform with unmodified guest OS,
its compatibility and portability is minimal with systems like Microsoft Windows.
 Significant support and maintenance issues may arise since the production environment
requires complex guest kernel modifications.
What Does Full Virtualization Mean?
Full Virtualization was introduced by IBM in the year 1966. It is the first software solution of server
virtualization and uses binary translation and direct approach technique. In full virtualization, guest OS
is completely isolated by the virtual machine from the virtualization layer and hardware. Microsoft and
Parallels systems are examples of full virtualization.

Full virtualization is a common and cost-effective type of virtualization, which is basically a

method by which computer service requests are separated from the physical hardware that
facilitates them. With full virtualization, operating systems and their hosted software are run on
top of virtual hardware. It differs from other forms of virtualization (like paravirtualization and
hardware-assisted virtualization) in its total isolation of guest operating systems from their hosts.
Explaination
A private company called VMware developed a method to virtualize the x86 platform in 1998,
which was previously believed to be impossible. The technology allowed multiple guest
operating systems to run on a single host OS in full isolation using a combination of direct
execution and binary translation. This was the first implementation of full virtualization, but
certain inefficiencies have led to the development of other virtualization methods. These other
methods include paravirtualization (which facilitates communication between the guest OS and
the hypervisor in order to improve performance) and hardware-assisted virtualization (which
gives virtual systems direct access to the hosting hardware, rather than merely its overlying
software).
Difference between Full Virtualization and Paravirtualization
The difference between Full Virtualization and Paravirtualization are as follows:
 S.No
. Full Virtualization Paravirtualization

In Full virtualization, In paravirtualization, virtual

virtual machine permits machine does not implement
the execution of the full isolation of OS but
instructions with running rather provides a different
of unmodified OS in an API which is utilized when
1. entire isolated way. OS is subjected to alteration.

While the Paravirtualization

Full Virtualization is less is more secure than the Full
2. secure. Virtualization.

Full Virtualization uses

binary translation and While Paravirtualization
direct approach as a uses hypercalls at compile
3. technique for operations. time for operations.

Full Virtualization is slow Paravirtualization is faster in

than paravirtualization in operation as compared to
4. operation. full virtualization.

Full Virtualization is
more portable and Paravirtualization is less
5. compatible. portable and compatible.

Examples of full
virtualization are Examples of
Microsoft and Parallels paravirtualization are
6. systems. VMware and Xen.

How to Install VirtualBox

1.

1. Open the VirtualBox website. Go to https://www.virtualbox.org/ in your computer's

Internet browser. This is the website from which you'll download the VirtualBox setup
file.
2. Click Download VirtualBox. It's a blue button in the middle of the page. Doing so will
open the downloads page.
3. Click Windows hosts. You'll see this link below the "VirtualBox 6.1.14 platform
packages" heading. The VirtualBox EXE file will begin downloading onto your
computer.
4. Open the VirtualBox EXE file. Go to the location to which the EXE file downloaded and
double-click the file. Doing so will open the VirtualBox installation window.
 5. Navigate through the installation prompts. Do the following:
 Click Next on the first three pages.
 Click Yes when prompted.
 Click Install
 Click Yes when prompted.

6. Click Install when prompted. Doing so will allow VirtualBox to begin installing on your

computer.

7. Click Finish when prompted. It's in the lower-right side of the window. Doing so will

close the installation window and open VirtualBox. Now that you've installed and opened
VirtualBox, you can create a virtual machine in order to run any operating system on
your PC.
 Make sure that you don't uncheck the "Start" box before doing this.
Creating Your First Virtual Machine
Click New in the VirtualBox Manager window. A wizard is shown, to guide you through setting
up a new virtual machine (VM).
On the following pages, the wizard will ask you for the bare minimum of information that is
needed to create a VM, in particular:

1. The Name of the VM you choose is shown in the machine list of the VirtualBox Manager
window and is also used for the VM's files on disk.

2. The Machine Folder is the location where VMs are stored on your computer. The default
folder location is shown.

3. For Operating System Type, select the OS that you want to install. The supported OSes
are grouped. If you want to install something very unusual that is not listed, select Other.
Depending on your selection, Oracle VM VirtualBox will enable or disable certain VM
settings that your guest OS may require. This is particularly important for 64-bit guests. It
is recommended to always set it to the correct value.

4. On the next page, select the Memory (RAM) that Oracle VM VirtualBox should allocate
every time the virtual machine is started. The amount of memory given here will be taken
away from your host machine and presented to the guest OS, which will report this size
as the virtual computer's installed RAM.

Next, you must specify a Virtual Hard Disk for your VM.

There are many and potentially complicated ways in which Oracle VM VirtualBox can provide
hard disk space to a VM, but the most common way is to use a large image file on your physical
hard disk, whose contents Oracle VM VirtualBox presents to your VM as if it were a complete
hard disk. This file then represents an entire hard disk, so you can even copy it to another host
and use it with another Oracle VM VirtualBox installation.
The wizard displays the following window:
 At this screen, you have the following options:

 To create a new, empty virtual hard disk, click the Create button.

 You can pick an existing disk image file.

The drop-down list presented in the window lists all disk images which are
currently remembered by Oracle VM VirtualBox. These disk images are currently
attached to a virtual machine, or have been attached to a virtual machine.

Alternatively, click on the small folder icon next to the drop-down list. In the

displayed file dialog, you can click Add to select any disk image file on your host
disk.

If you are using Oracle VM VirtualBox for the first time, you will want to create a new disk
image. Click the Create button.
This displays another window, the Create Virtual Hard Disk Wizard wizard. This wizard helps
you to create a new disk image file in the new virtual machine's folder.
Oracle VM VirtualBox supports the following types of image files:

 A dynamically allocated file only grows in size when the guest actually stores
data on its virtual hard disk. Therefore, this file is small initially. As the drive is
filled with data, the file grows to the specified size.

 A fixed-size file immediately occupies the file specified, even if only a fraction of

that virtual hard disk space is actually in use. While occupying much more space,
a fixed-size file incurs less overhead and is therefore slightly faster than a
dynamically allocated file.

To prevent your physical hard disk (host OS) from filling up, Oracle VM VirtualBox limits the
size of the image file. But the image file must be large enough to hold the contents of the guest
OS and the applications you want to install. For a Windows or Linux guest, you will probably
need several gigabytes for any serious use. The limit of the image file size can be changed later
After having selected or created your image file, click Next to go to the next page.
Click Create, to create your new virtual machine. The virtual machine is displayed in the list on
the left side of the VirtualBox Manager window, with the name that you entered initially.
Create a clone of an existing Oracle VM VirtualBox virtual machine.
Synopsis

VBoxManage clonevm <vmname|uuid> [--basefolder=basefolder] [--groups=group,...] [ --

mode=machine | --mode=machinechildren | --mode=all ] [--name=name] [--options=option,...]
[--register] [--snapshot=snapshot-name] [--uuid=uuid]
Description

The VBoxManage clonevm command creates a clone of an existing virtual machine (VM). The

clone can be a full copy of the VM or a linked copy of a VM.
You must specify the name or the universal unique identifier (UUID) of the VM you want to
clone.
Cloning Virtual Machines
You can create a full copy or a linked copy of an existing VM. This copy is called a clone. You
might use a cloned VM to experiment with a VM configuration, to test different guest OS levels,
or to back up a VM.
The Clone Virtual Machine wizard guides you through the cloning process.
Start the wizard by clicking Clone in the right-click menu of the VirtualBox Manager's machine
list or in the Snapshots view of the selected VM.
Specify a new Name for the clone. You can choose a Path for the cloned virtual machine,
otherwise Oracle VM VirtualBox uses the default machines folder.
The Clone Type option specifies whether to create a clone linked to the source VM or to create a
fully independent clone:
 Full Clone: Copies all dependent disk images to the new VM folder. A full clone can
operate fully without the source VM.
 Linked Clone: Creates new differencing disk images based on the source VM disk
images. If you select the current state of the source VM as the clone point, Oracle VM
VirtualBox creates a new snapshot.
The Snapshots option specifies whether to create a clone of the current machine state only or of
everything.
 Everything: Clones the current machine state and all its snapshots.
 Current Machine State and All Children:. Clones a VM snapshot and all its child
snapshots.
The following clone options are available:
 MAC Address Policy: Specifies how to retain network card MAC addresses when
cloning the VM.
 For example, the Generate New MAC Addresses For All Network Adapters value
assigns a new MAC address to each network card during cloning. This is the default
setting. This is the best option when both the source VM and the cloned VM must operate
on the same network. Other values enable you to retain the existing MAC addresses in
the cloned VM.
 Keep Disk Names: Retains the disk image names when cloning the VM.
 Keep Hardware UUIDs: Retains the hardware universally unique identifiers (UUIDs)
when cloning the VM.
The duration of the clone operation depends on the size and number of attached disk images. In
addition, the clone operation saves all the differencing disk images of a snapshot.
Note that the Clone menu item is disabled while a machine is running.