In this lesson we're going to learn how to install Active Directory on a server, and how to use the Active Directory Users and Computers tool.
In Windows 2000 Server through Windows Server 2003 R2 Active Directory Domain Services were preinstalled and you could promote a server to a Domain Controller by starting the promotion wizard. Since Windows Server 2008 Active Directory Domain Services were not installed by default. Before we can promote our server we have to install the role.
You can install Active Directory Domain Services using the Add Roles and Features wizard. You can start the wizard using the Server Manager. Click Manage at the top, and select Add Roles and Features from the drop down wizard.
Installing Active Directory Domain Services
Once you have installed the Active Directory Domain Services Role on a server you can promote it to be a Domain Controller. When you promote a server to a Domain Controller you have three options.
Add a new domain to an existing forest - Allows you to add either a child domain or a new tree.
In lesson 2 we learned the terms forest and tree. We can see the three options above would allow us to create a forest, or make it larger by add domains to existing trees, or build new tree's in your forest. This video below shows the process of creating a new forest.
Promoting a Server to a Domain Controller
When installing Active Directory you are asked to supply a password for Directory Services Restore Mode (DSRM). DSRM is a mode that lets you log in and perform maintenance tasks on the Active Directory database. If something happens with your database you can log into DSRM and attempt to repair it. In a live environment make sure you remember your DSRM password.
When the server is promoted to a Domain Controller we'll see the appropriate tiles have been added to Server Manager.
In Active Directory Users and Computers we see something that looks like a folder structure. We see our domain listed at the top with folders underneath. There are two types of folders, we can have containers or organizational units. You can tell the difference by the icon on the folder. An organizational unit has an icon on it that looks like a book, where a container has no icon on the folder. In a Windows NT domain all your users were in one large list. The Users container is this list carried over. Since Windows 2000 Server we have been able to organize our domain objects into OU's creating a logical structure to our network.
Another method for organizing your OUs would be by object type. At the top level we would create an OU for computers, and a separate for users.
We can see the relationship between objects and attributes when we view the properties of a user in Active Directory. The properties window shows many of the different attributes for the user object. They are sorted into categories separated by tabs at the top. Below are a some screenshots of a few of the tabs.