This document summarizes the server configuration and Active Directory setup at a school. It describes the primary and secondary ESXi servers that run domain controllers, file servers, backup servers, and terminal servers. It explains how the domain controllers manage computers and users across different domains, including the staff1, student1, and root ocaat1 domains. It provides instructions for adding user accounts, setting up group policies, configuring the DHCP and DNS servers, and establishing file sharing permissions.
3. Server configuration(Windows)
• VMware ESXi Server (Primary/Secondary)
- Domain controller (ocaat1) … DHCP/DNS Server
- Domain controller (staff1) … DNS Server
- Domain controller (student1) … DNS Server
• File Server (for staff/student)
• Backup Server
• WSUS Server
• Terminal Server 1/2
Active Directory
3
4. Domain controller & Active Directory
•Domain: A mechanism for managing
computers and users in a company as a
whole
•Domain controller: a server that provides
domain functionality
•Active Directory: Name of function group
(brand name) provided by Microsoft
centered on domain function 4
6. About Organization Unit (OU)
Organization Unit :
Something like a folder to store various objects of Active
Directory
Our staff domain controller has three OUs as below.
Start -> Active Directory Users and Computers
- OCAAT GROUPS
- OCAAT ACCADEMIC OU
- OCAAT NON-ACCADEMIC OU
6
7. How to add user account 1
Action menu -> New -> User
• Type First name & Last name: John Brown
• Type User logon name: jbrown
• Click Next
• Type Password: ******
• Click Finish
7
8. How to add user account 2
Open Properties
Profile tab:
• (User profile) Logon script: WKIX32.exe loginscript.kix
• (Home folder) Connect: O:
To: NX3000STAFFMANAGEMENT_HOME$jbrown
Member of tab:
• Click Add
• Type object name: ICT SUPPORT
• Click OK -> Click OK again
8
9. about logon script 1
• A series of instructions the client machine follows each time
the user log on.
• Describe the processing to be executed at logon.
<Folder>
C:WindowsSYSVOLsysvoldomain-namescripts
<File>
loginscript.kix
9
10. about logon script 2
if ingroup("ICT SUPPORT")
; INFORMATION TECHNOLOGY SUPPORT
shell 'net use O: "nx3000staff.staff1.XXXXX.ac.bwMANAGEMENT_HOME$%username%"'
shell 'net use P: "nx3000staff.staff1.XXXXX.ac.bwSTAFF_SHARE$"'
shell 'net use R: "nx3000staff.staff1.XXXXX.ac.bwICT SUPPORT$"'
endif
(explain)
If group is “ICT SUPPORT”, execute below command line.
net use command: Map shared folder to local drive
nx3000staff: Staff File Server
10
11. How to add user account 3
Make personal share folder
• login File Server (nx3000staff)
- Open Explorer
- Folder: D:STAFFSTAFF HOME DIRECTORYMANAGEMENT_HOME
- File: jbrown
11
12. File Server
•File server is a server installed for sharing
files over a network such as LAN or WAN.
12
13. Make share folder
•Login File Server
•Right-click folder -> Click Properties
•Select Sharing tab -> Advanced Sharing
•Check “Share this folder”
•Click Permissions -> Add Share
Permission Group
•Access FileServer
13
14. Group Policy 1
• Group Policy is a hierarchical infrastructure that
allows a network administrator in charge of
Microsoft's Active Directory to implement specific
configurations for users and computers.
• Group Policy can also be used to define user,
security and networking policies at the machine
level.
14
16. Group Policy 3
(for example)
•Minimum password length : 6
•proxy settings : 10.XX.29.6 3128
•Schedule : At 11:00 PM every Friday of every
week. c:Windowssystem32shutdown.exe
/f /s /t 600
•Home page: http://www.ocaat1.ce.ac.bw/
16
17. DHCP Server 1
•DHCP (Dynamic Host Configuration
Protocol) is a function to select an unused
IP address and dynamically allocate it to
clients.
17
18. DHCP Server 2
•Start -> DHCP
•We have four Scope
- 10.XX.24.0/22 (Students)
- 10.XX.29.0/25 (Default)
- 10.X.29.128/25 (Miscellaneous) *not use
- 10.XX.30.0/23 (Staff)
18
19. DHCP Server 3
Address Pool: Available IP address range
Address Leases: Address Lease Status
Reservations: IP address can be reserved
Scope Options: Configuration Router/IP PHONE
19
20. DNS Server 1
•The Domain Name System (DNS) is a hierarchical
decentralized naming system for computers or
other resources connected to the Internet or a
private network.
•It serves as the phone book for the Internet by
translating human-friendly computer hostnames
into IP addresses.
•For example, the domain name www.google.co.bw
translates to the addresses 216.58.223.3.
20
21. DNS Server 2
The description format that combines host name and domain name like
"www.google.co.bw" is called Fully Qualified Domain Name (FQDN).
www. google. co. bw
Host name Domain name
Top Level Domain (bw,jp,com,etc)
Second Level Domain (co,ac,go,etc)
Third Level Domain
(company name and organization, etc)
Forth Level Domain (hostname)
21
22. DNS Server 3
bw
/
co
jp
ac
google
www
<Name resolution flow>
(exsample: www.google.co.bw)
1. Ask ocaat1’s DNS Server
2. If ocaat1’s DNS Server don’t know, ask /(root) DNS Server.
3. /(root) domain DNS server queries bw domain.
4. Bw domain DNS Server queries co domain.
5. Co domain DNS Server queries google domain.
6. Google DNS server will answer IP address.
ce
ocaat1
terminal proxy
1
2
3
4
5
www =
216.58.225.3
6
22
Editor's Notes
F5 or Shift + F5
No. -> Enter
Title: 60px
content : 40px
mechanism:仕組み
in a company as a whole:企業全体の
staffdc01 server manages staff1 domain.
Let’s see staff1 domain controller.
Initial password
Later explain about Logon script
This is a part of logon script.
After that login and check.
hierarchical:階層型
implement specific configurations:特定の構成を実装できるようにする
can also be userd to define:定義する為に使用できる
If we want to same setting, we can use Group Policy.
If we don’t use DHCP Server, we have to set IP address to all clients.
to select an unused IP address:未使用のIPアドレスを選択する
dynamically allocate:動的に割り当てる
This mark means exclusion.
If we know hostname (computer name), we can search IP address.
decentralized naming system:分散ネーミングシステム
nslookup proxy, nslookup www.google.co.bw
216.58.225.3 : Computer understands. But people are difficult to understand.
www.google.co.bw : People are easy to understand.
description format:記述形式
com, co : commercial
ac : academic
go : goverment
The part surrounded by a circle is called a domain.
Each domain has a DNS server.
Check DNS server setting screen.