In Windows NT, a domain combines some of the advantages of a workgroup (a group of users who exchange access to each others' resources on different computers) and a directory (a group of users who are managed centrally by an administrator). The domain concept not only allows a user to have access to resources that may be on different servers, but it also allows one domain to be given access to another domain in a trust relationship. In this arrangement, the user need only log in to the first domain to also have access to the second domain's resources as well
Tuesday, January 20, 2009
What is domain controller??
- Primary domain controller (PDC) and backup domain controller (BDC) are roles that can be assigned to a server in a network of computers that use the Windows NT operating system.
- Windows NT uses the idea of a domain to manage access to a set of network resources (applications, printers, and so forth) for a group of users.
- The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.
- One server, known as the primary domain controller, manages the master user database for the domain.
- One or more other servers are designated as backup domain controllers.
The primary domain controller periodically sends copies of the database to the backup domain controllers. - A backup domain controller can step in as primary domain controller if the PDC server fails and can also help balance the workload if the network is busy enough.
How to promote and demote domain controllers in Windows 2000 Server
This article describes how to promote or demote a domain controller to a stand-alone server in Windows 2000. Promoting a server to a domain controller is the process of installing Active Directory Services on that server. Demoting a domain controller removes Active Directory and switches to using a local User Accounts System (UAS). Before promoting a server to a domain controller, you must plan your structure to best suit your organizational needs and network topologies. An administrator has the following options when promoting a server to a domain controller:
· Installing the first domain controller in a new forest
· Installing the first domain controller in a new domain tree
· Installing the first domain controller in a new child domain
· Installing an additional domain controller in a domain tree
· Removing Active Directory from domain controller
The Domain Name System (DNS) service is an integral part of Active Directory for name resolution. DNS defines the Windows 2000 namespace and is very flexible. For additional information about DNS requirements and installation.
After you plan your configuration and decide which option you will be using during the promotion process, use the steps in the appropriate section below. These sections guide an administrator through the promotion process.
Installing the First Domain Controller in a New Forest
NOTE: You must install a DNS server at some point before or during the promotion process. After the computer is promoted to a domain controller, it registers services in DNS that enable Lightweight Directory Access Protocol (LDAP) queries to be performed against the directory on that domain controller.
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in the forest, click Domain Controller for a New Domain.
4. Click Next.
5. Because this domain controller will also be the first domain controller in a new domain tree, click Create a new domain tree.
6. Click Next.
7. Because this will be the first domain controller in the new forest, it will be the first domain in your organization. Click Create a new forest of domain trees.
8. Click Next.
9. In the New Domain Name screen, type the full DNS name for your new domain in the form of a fully qualified domain (for example: Microsoft.com).
10. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: MICROSOFT).
11. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
12. Click Next.
13. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
14. Click Next.
15. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
16. Click OK.
17. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
18. Click Next.
19. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
20. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database. NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
21. In the Summary screen, confirm your options, and then click Next.
22. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
23. Restart the computer.
Installing the First Domain Controller in an Existing Forest
NOTE: The design of your namespace determines whether or not you install and configure the DNS service on this computer. If the TCP/IP settings are configured correctly to point to an existing DNS server, you do not need to install the DNS service on this server.
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in the forest, click Domain Controller for a new domain.
4. Click Next.
5. Because this domain controller will also be the first domain controller in a new domain tree, click Create a new domain tree.
6. Click Next.
7. Because this will not be the first domain controller in the new forest, it will not be the first domain in your organization. Click Place this new domain tree in an existing forest.
8. Click Next.
9. The next screen prompts for network credentials. Type the user name, password, and domain name for an account to use for this operation. The account must have full administrative privileges. The domain name can be in the form of a fully qualified domain name (FQDN).
10. In the New Domain Tree screen, type the full DNS name for your new domain in the form of a fully qualified domain (for example: Microsoft.com).
11. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: MICROSOFT).
12. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
13. Click Next.
14. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
15. Click Next.
16. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
17. Click OK.
18. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
19. Click Next.
20. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
21. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database. NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
22. In the Summary screen, confirm your options, and then click Next.
23. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
24. Restart the computer.
Installing the First Domain Controller in a New Child Domain
NOTE: You must have the DNS settings configured correctly on the server before promoting it to a domain controller in a child domain. During the promotion process, the server needs to resolve the fully qualified domain name of the parent domain. (http://support.microsoft.com/kb/255248/ ) How to create a child domain in Active Directory and delegate the DNS namespace to the child domain
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in a new domain, click Domain Controller for a New Domain.
4. Click Next.
5. Because this domain controller will also be the first domain controller in a new child domain, click Create a new child domain in an existing domain tree.
6. Click Next.
7. The next screen prompts for network credentials. Type the user name, password, and domain name for the account to use for this operation. The account must have full administrative privileges. To install a child domain, make sure that DNS is configured correctly so that it can find the parent domain. If you have DNS configured correctly and the server points to the DNS server that contains the correct domain name, the Domain box entry can be in the form of a fully qualified domain name.
8. In the Child Domain Installation screen, type the full DNS name for the parent domain in the form of a fully qualified domain (for example: Microsoft.com).
9. In the Child Domain box, type the name of the child domain (for example: Finance). Click Next.
10. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: Finance).
11. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
12. Click Next.
13. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
14. Click Next.
15. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
16. Click OK.
17. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
18. Click Next.
19. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
20. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database. NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
21. In the Summary screen, confirm your options, and then click Next.
22. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
23. Restart the computer.
Installing an Additional Domain Controller for an Existing Domain
NOTE: You must have the DNS settings configured correctly on the server before promoting it to a domain controller in an existing domain. During the promotion process, the server needs to resolve the fully qualified domain name of the domain.
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. The active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as an additional domain controller in a domain, click Additional Domain Controller for an Existing Domain.
4. Click Next.
5. The next screen prompts for network credentials. Type the user name, password, and domain name for the account to use for this operation. The account must have full administrative privileges. The domain name should not be in the form of a fully qualified domain name.
6. In the Additional Domain Controller screen, type the full DNS name for your existing domain in the form of a fully qualified domain (for example: Microsoft.com).
7. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
8. Click Next.
9. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
10. Click Next.
11. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
12. Click OK.
13. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
14. Click Next.
15. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
16. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database. NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
17. During the replication phase of the promotion process, there is an option to replicate later. There are many reason to choose this option (for example, if you are using a slow link in the middle of the day and you want to wait until the end of the day).
18. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
19. Restart the computer.
Removing Active Directory from a Domain Controller
NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role. If the demotion process does not succeed for any reason, you must manually delete this metadata from the directory. Use the Ntdsutil.exe utility to manually remove the NTDS Settings object.
Removing Active Directory Data After an Unsuccessful Demotion
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. There is a check box in the Remove Active Directory screen. If this computer is the last domain controller in the domain, click to select the check box. Otherwise, click Next.
4. In the next screen, set the password for the administrator account on the server after Active Directory is removed. Type the appropriate password in the Password and Confirm Password boxes, and then click Next.
5. In the Summary screen, review and confirm the options you selected, and then click Next.
6. The wizard begins the process of removing Active Directory from the server. After the process is finished, a message indicates that Active Directory was removed from the computer.
7. Click Finish to quit the wizard.
8. Restart the computer.
NOTE: Windows 2000-based DNS severs should point to themselves for DNS in their TCP/IP properties. If this server needs to resolve names from its Internet service provider (ISP),you should configure a forwarder.
Thursday, January 15, 2009
KURSUS SEPARUH MASA
ADTEC Batu Pahat menawarkan kursus separuh masa dalam bidang teknologi maklumat. Kelas dibuat pada hujung minggu. Yuran serendah RM 75.00 sahaja.
Sesiapa yang berminat hubungi saya di email : zaidi@adtecbp.gov.my
Sesiapa yang berminat hubungi saya di email : zaidi@adtecbp.gov.my
Tuesday, November 18, 2008
Asean Skill 2008
asean skill dah pun tamat... tahniah kepada peserta dari ILP Bukit Katil Melaka, Hue Kai Hong mendapat emas dalam bidang Elektronik Industri.
tahniah kepada semua ... especially kepada juruletih hafiz, mohini dan walik..... aku tompang seronok korang menang.... tahniah.....
tahniah kepada semua ... especially kepada juruletih hafiz, mohini dan walik..... aku tompang seronok korang menang.... tahniah.....
Subscribe to:
Comments (Atom)
