Microsoft Windows 2008 Installation.
Windows Server 2008 R2 with SP1 System
Requirements
To use Windows Server 2008 R2 Service Pack 1, you need:
Component Requirement
Processor
Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)
Note: An Intel Itanium 2 processor is required for Windows Server 2008 R2 with SP1 for Itanium-Based Systems. To use RemoteFX, a SLAT-capable processor is required on the host.
Memory
Minimum: 1 GB RAM
Maximum: 8 GB (Foundation) or 32 GB (Standard) or 2 TB (Enterprise, Datacenter, and Itanium-Based Systems)
Disk Space Requirements
Minimum: 32 GB or greater
Note: Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files
Display
Super VGA (800 × 600) or higher resolution monitor
Other
DVD Drive, Keyboard and Microsoft Mouse (or compatible pointing device), Internet access (fees may apply) Note: To use RemoteFX, at least one qualified GPU is required on the host.
Actual requirements will vary based on your system configuration, and the applications and features you choose to install. Processor performance is dependent upon not only the clock frequency of the processor, but the number of cores and the size of the processor cache. Disk space requirements for the system partition are approximate. Additional available hard disk space may be required if you are installing over a network.
Installation and Activation
You do not need to enter a product key to evaluate any version of Windows Server 2008 R2 software, however activation is required within 10 days. Failing to activate the evaluation will cause the licensing service to shut down the machine every hour.
For further information please see the Windows Server 2008 R2 Activation page
Can my existing servers run Windows Server 2008 R2?
Download the Microsoft Assessment and Planning Toolkit to securely inventory your existing servers and generate a migration report for Windows Server 2008.
Looking for Windows Server 2008 System Requirements?
Access Windows Server 2008 system requirements for 32-bit, 64-bit and Itanium based systems.
Installation and Un-Installation Active Directory Services (ADS).
ACTIVE DIRECTORY PROMOTION
Ø -->Start
Ø -->Run
Ø -->DCPROMO Press Enter
Ø -->Next
Ø -->Next
Ø -->Select second option create a new domain in new forest
Ø -->Next
Ø -->Enter the name of domain like "deepakorg48.com"
Ø -->Next
Ø -->Raise the forest function level (2008)
Ø -->Next
Ø -->Next
Ø -->yes
Ø -->yes
Ø -->Next
Ø -->Enter the complex password (123-asd)
Ø -->Next
Ø -->Next
Ø -->Next
Ø -->Reboot on completion
Ø -->Finish
ACTIVE DIRECTORY DEMOTION
step-1:
-->start
-->run
-->dcpromo
-->next
-->ok
-->check {delete the domain because this server is the last...}
-->next
-->next
-->next
-->delete all application
-->next
-->enter the password
-->next
-->next
-->reboot on completion
-->restart...
step-2:
after restart computer give the following command in run
-->servermanager.msc-->enter
-->click on roles
-->click on remove roles
-->next
-->uncheck the role of active directory (adds) and dns
-->remove
-->finish
-->restart computer....
step 3:
-->after restart computer press
-->ctrl+pause break
-->click on change setting
-->click on change
-->click on more
-->remove the name of domain
-->ok
-->close
-->restart computer....
step 4:
after restart computer run
-->system32
-->remove the folder of dns if it is exist.
-->finish.
Creating Roaming Profile.
creating the roaming profile of domain user:-
create an user in active directory.
-->start
-->run
-->dsa.msc press enter
-->expaned domain name
-->right click on user folder
-->click new user
-->enter the detailes of user like user name, login name, password and user attributes.
-->click next
-->finish.
now create a share folder in ntfs drive and give the full permission.
now go to active directory user and computer wizard and
-->r.click on user properties
-->click on profile tab
-->and fill the following detailes in require fields
-->profile path \\ip add of file server\share folder name\user name
-->local path x:\share folder name (x: is the drive where share folder exists.)
-->apply
-->ok.
-->now go to the client of domain and login with the domain user.
finish
Converting Roaming Profile in to Mandatory.
converting the roaming profile in to the mandatory:-
go to the file server...
login with the user account and give the ntfs permission to administrator.
log off and login with the administrator@domain.com.
-->now go to home folder of user profile
-->d.click on profile folder
-->tools
-->folder options
-->view
-->show hidden files and folders
-->and uncheck
-->show hide extension
-->show hide protected
-->ok
-->apply
-->ok go to the folder and you can see ntuser.dat
-->just r.click and rename it in to ntuser.man
-->set the folder options default.
-->remove the user from print operator group.
-->now go to the client machine and login with the domain user
-->now your setting of the profile will not be save.
-->finish.
Configuring Group Policy.
Configuring Group Policy
First install the active directory services in a system.
-->Start
-->Administrative tools
-->group policy management
Or
-->Start
-->Run
>mmc
-->File
-->Add remove snap-in
-->group policy management
>Add
-->Ok
-->Expanded the group policy-forest-domain
-->deepakorg48.com (domain name)
-->Right click on it
-->Create an object of domain and link it
-->Enter the name of domain and click ok
-->Now right click on the object which you have new created and click edit
-->You can see here user configuration and system configuration.
-->Expand user configuration-policies-administrative templates
-->Now you can assign any policy like select desktop
-->Double click on remove Computer icon from desktop
-->Click enable
-->Close save this console
-->And close all wizards.
Now run following command
-->Run
-->gpupdate /force
You can see my computer icon has been removed from the desktop.
Shadow Copy.
Configuring Shadow Copy
Shadow Copy:-
-->Make a share folder in NTFS drive and save your data in this folder.
-->Now go back and right click on this drive and click properties
-->Click on shadow copy.
-->Now click on enable.
-->You can see a new task created.
-->Now go to share folder and delete data permanently.
Restore Shadow Copy:-
-->Start
-->Run
-->Give the following command in Run
-->\\IP address of server where shadow created
-->Now you can see a share folder just right click on it click properties.
-->Select previous version tab.
-->Click restores
-->Ok.
-->Close all wizards
-->And go to the share folder and check your data has been recovered successfully.
Configuring IIS Server.
Configuring IIS Server
Install the role of IIS from add roles services.
Create a web page and save it in a folder.
-->Start
-->Administrative tools
-->IIS
-->Click on server name
-->Expand site
-->Right click on default site and remove it
-->Now right click and select create new site
-->Enter description of site
-->Next
-->Enter the site name
-->Provide the path of the web site folder
-->Assign an IP
-->Apply
-->Ok
-->Now click on site which you have new created
-->Double click on directory browsing
-->Click enable
Now go to the client computer and give the following address to open web page
http://IP address of web server presses enter.
Configuring FTP.
Configuring FTP
Install the role of ftp from add role services
-->Start
-->Administrative tools
-->IIS 6.0 manager
-->Expand server name
-->Expand ftp site
-->Remove default ftp site
-->Right click and new ftp site
-->Enter the description
-->Next
-->Assign an IP address
-->Next
-->Next
-->Give the path of ftp folder where your data saved
-->Next
-->Next
-->Next
-->Finish....
Go to client computer
-->Start
-->Run
-->ftp://IP add of ftp server press enter.
Configuring DNS.
Configuring DNS
Install the role of DNS from add role services.
-->Start
-->administrative tools
-->DNS
-->Expand computer name
-->Click on forward lookup zone
-->Right click on it
-->New zone
-->Next
-->Primary zone
-->Next
-->Enter the name of zone like deepakorg48.com
-->Next
-->Next
-->Dynamic update
-->Next
-->Finish.
-->Click on zone
-->Right click new host aaa record enter the computer name and IP of DNS server
-->Create
-->Create a record without name
-->Done
-->Double click on SOA record
-->And fill require field like Primary Server Computer Name.deepakorg48.com.
-->Responsible Server Computer Name.deepakorg48.com.
-->Apply
-->Ok.
-->Double click on ns record
-->Edit
-->Enter the computer name.deepakorg48.com and click resolve
-->Ok
-->Apply
-->Ok
-->Now go to the another computer and specify the IP address with the DNS address and ping from deepakorg48.com
If it is pinging just start to install active directory services by using dcpromo
And enter the domain name deepakorg48.com and uncheck DNS when it ask because you have configured
DNS already on another domain after restart computer go the DNS server and check records.
-->Finish
Configuring DHCP Server.
Configuring DHCP Server
Install the role of DHCP from the add roles Wizard.
-->Start
-->Administrative tools
-->DHCP
-->Right click on server name click scope
-->Enter the name of scope
-->Next
-->Enter the distribution range of IP address which you want to distribute
-->Next—
-->Enter the exclude range click add
-->Next
-->Specify the lease duration
-->Next
-->Select configure these options now
-->Next
-->Enter the address of the router
-->Next
-->Enter the domain name and computer name
-->Click resolve
-->Click add
-->Next
-->Next
-->Activate this scope now
-->Next
-->Finish...
Now go to the client computer and change the setting of TCP/IP properties>set the obtain IP address automatically.
Now go the command prompt and run following command to see the ip add
c:\>ipconfig
IP 10.0.0.2
Subnet mask 255.0.0.0
This address is specified by DHCP server
For more information about adaptor run following command
c:\>ipconfig /all
Finish.....
IP reservation:-
-->Go to the DHCP server and right. Click on the reservation:-
-->Click new reservation
-->enter the name of reservation
-->and specify the address which you want to reserved
-->and specify the MAC address of client in next field. Click apply ok close refresh.
-->Finish
Now go to the client of DHCP and set obtain IP address automatically. If setting is already automatic IP than run following commands
c:\>ipconfig /release (to release the previous IP address)
c:\>ipconfig /renew (to get new address from the DHCP server)
Finish...
Backup & Restore DHCP Server.
Backup of DHCP server
Backup Process:-
-->Right .click on computer name in DHCP server
-->Backup
-->Make a folder in any drive and select it
-->Finish.
Restoring process:-
-->After delete scope from the DHCP server
-->Right Click on the computer name in DHCP server and click restore select the target folder where the
Backup stored
-->Start
-->Finish...
Configuring LAN Routing.
Configuring LAN routing:-
Requirements:-
1:- Two LAN cards
Procedure:-
Configure the IP 10.0.0.1 /255.0.0.0 in LAN-1 and connect this LAN with a switch-1.
Configure the IP 192.168.10.1 /255.255.255.0 in lan-2 and connect this
LAN with switch-2.
Now install the role of RRAS from add roles wizard on this computer.
Installing role:-
-->Run
-->servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
-->Configure and enable routing and remote access service
-->Next
-->Custom configuration next
-->LAN routing
-->Next
-->Finish
-->Start service
Now go to the clients those are connected with switch-1 and configure following IP address.
IP address 10.0.0.2 /255.0.0.0
Default gateway 10.0.0.1
Now go to the computers those are connected with switch-2.
And configure following IP address.
IP address 192.168.10.2 /255.255.255.0
Default gateway 192.168.10.1
Now go to command prompt
-->and ping 10.0.0.2 -t
If pinging you have successfully configured LAN routing.
Note: - "off the firewall on each system".
Configuring DHCP Relay Agent.
Configuring DHCP relay agent
Step-1
Configuring DHCP Server:-
Install the role of DHCP from the add roles
Wizard.
-->Start
-->Administrative tools
-->DHCP
-->Right click on server name click scope
-->Enter the name of scope
-->Next
--->Enter the distribution range of IP address which you want to distribute
-->Next
-->Enter the exclude range click add
-->Next
-->Specify the lease duration
-->Next
-->Select configure these options now
-->Next
-->Enter the address of the router
-->Next
-->Enter the domain name
-->And computer name
-->And click resolve
-->Click add
-->Next
-->Next
-->Activate this scope now
-->Next
-->Finish...
Create Scope-2 same as Scope-1 with the different IP according to the network map that you have.
Step2.
Configuring LAN routing:-
Requirements:-
1:- Two LAN cards
Procedure:-
Configure the IP 10.0.0.100 /255.0.0.0 in lan-1 and connect this LAN with a switch-1.
Configure the IP 192.168.10.100 /255.255.255.0 in lan-2 and connect this
LAN with switch-2.
Now install the role of RRAS from add roles wizard on this computer.
Installing role:-
-->Run
-->Servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
Configure and enable routing and remote access service
-->Next
-->Custom configuration
-->Next
-->LAN routing
-->Next
-->Finish
-->Start service
-->Expand ipv4
-->Static routes
-->Right click select new static route
-->Select
The LAN-1 in interface field.
Destination 192.168.10.0 /255.255.255.0
Gateway 10.0.0.1
Ok
Click select new static route>select
The LAN -2 in interface field.
Destination 10.0.0.0 /255.0.0.0
Gateway 192.168.10.1
Ok
Now right click on general and click new routing protocol and add DHCP relay agent
-->Right click on DHCP relay agent
-->Properties
-->Add the IP address
Of the DHCP Server (192.168.10.1).
And add LAN-1 and LAN-2 bpth interfaces also here.
Now go to clients and configure IP address automatically.
Configuring WDS.
Deployment
Configuring Windows Deployment
Requirement:-
1-DHCP installed and configure.
2-ADS and DNS
3-Install the role of WDS from add roles wizard.
-->Start
-->Administrative tools
-->WDS
-->Expand server
-->Right click on server name
-->Click configure server
-->Next
-->x:\RemoteInstall (select the destination)
-->Next
-->Respond to all known and unknown client
-->Finish
-->Uncheck add image
-->Finish
-->Right click on boot image and click add boot image
-->Insert the disk of windows vista /Win7/2008 server in the drive and click browse.
-->Select the boot.wim file from the source folder of DVD.
-->Next
-->Next
-->Finish
-->Now right click on the install folder and click install image
-->Select the Install.wim files from the source folder of the DVD.
-->Ok
-->Next
-->Select require images
-->Next
-->Finish
Configuring Software Deployment.
Configuring Software Deployment
Make a SHARE FOLDER in NTFS drive and copy the software (MSI package)
In it.
-->Start
-->Run
-->dsa.msc
-->Right click on domain name and click new
-->Organization unit
-->Enter the name of OU and click ok.
-->Now make an user in this OU
-->Close all wizards.
-->Start
-->Run
-->mmc
-->File
-->Add remove snap-in
-->Group policy management
-->Add
-->Ok
-->Expand the group policy-forest-domain
-->deepakorg48.com (domain name)
-->Select the OU
-->Right click on it
-->Create an object of domain and link it
-->Enter the name of object and click ok
-->Now right click on the object which you have new created and click edit
-->You can see here user configuration and system configuration.
-->Expand user configuration-policies software setting software installation
-->Right click on it
-->Properties
-->Enter the package path like\\192.168.10.1\office2003 assign finish.
-->Right click on software installation new package
-->Select pro11.msi file
-->Ok
-->Now click on package which is newly created
-->Properties
-->Deployment
-->Select install this application at logon
-->Apply
-->Ok
-->Close all wizards.
-->Now go to the member of domain and login with this user. Your application will now install automatically.
-->Finish..
Configuring Printer Deployment.
Configuring Printer Deployment
Configuring Printer Deployment
Connect the printer with the server and install it properly.
Now install the role of printer from add roles wizards.
-->Start
-->Run
-->dsa.msc
-->Right Click on domain and create an organization unit.
-->Create a user within the organization unit.
-->Now
-->Run
-->mmc
-->File
-->Add remove snap-in
-->Add the group policy management
-->Save this console at the desktop
-->Now expand domain
-->And click on organization unit which you have created
-->Right Click on it and select create a gpo
-->Enter the name of gpo
-->Ok
-->Close all wizards
-->Now go to print management from administrative tools
-->Select the printer right click on it and click deploy with group policy
-->Browse
-->Click the organization unit
-->Select gpo
-->Ok
-->Check both options and click add
-->Apply
-->Ok.
-->Go to client of domain and login with the user name.
-->Finish...
Creating Additional Domain Controller.
Creating the ADC
Requirement:-
Install active directory service in a system with DNS.
Now go to another computer and configure the IP address with the address of DNS server.
Now
-->Start
-->Runt
-->Ping domain name if reply than proceed.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option create a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion.
-->Finish...
Creating an Additional Domain Controller with IFM.
ADC through ifm:-
Go to the domain controller start>run>cmd
c:\>ntdsutil press enter
Activate instance ntds press enter
ifm press enter
Create full c:\ifm
After finish task
Quit press enter
Exit
Note: before run these commands make a folder in c: drive with the name of
ifm.
Now copy this folder in mass storage removable media (pen drive).
Safe remove the pen drive from the computer and plug it with another
The computer where you want to configure ADC.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option create a domain in existing forest
-->Next
-->Enter the name of a domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Celect another location for media browse the pen drive and give the path next enter the
-->Restore mode password
-->Next
-->Reboot on completion.
Creating Read only Domain Controller with IFM.
RODC through ifm:-
Note:-function level of the domain must be 2008.
Go to the domain controller and run following commands
Make a folder in c: with name RODC
c:\>ntdsutil press enter
Activate instance to ntds press enter
ifm press enter
Create RODC c:\rodc
After finish task
Quit press enter
Exit
Go to the other computer where you want to make RODC.
Note make a user in active directory (domain) before run following task
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option creates a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option and RODC
-->Next
-->Next
-->Next
-->Select another location for media to browse the pen drive and give the path next enter the
-->Restore mode password
-->Next
-->Reboot on completion.
Creating a Child Domain Controller.
Configuring CDC
Install active directory in a system with DNS.
Now go to another computer and configure the IP address with the address of the DNS server. Now check it
Must be ping with the name of the domain controller
Now run the following command in the run.
-->Start
-->Run
-->dcpromo press Enter
-->Next
-->Next
-->Create a new domain in existing forest
-->Next
-->Enter the name of the domain
-->Click on set
-->Enter the username and password of the domain and click
-->Ok
-->Next
-->Enter the domain name and child domain name (mail).
-->Next
-->Next
-->Uncheck the DNS
-->Next
-->Yes
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion
-->Finish.
Configuring IP Security Policy.
Configuring IP sec policy
Configure the IP address first.
-->Start
-->Run
-->MMC(Microsoft management console)
-->File
-->Add remove snap-in
-->IPSec policy management
-->Add
-->Finish
-->Ok
-->Right Click on IPSec Po
-->New policy
-->Next
-->Next
-->Finish
-->Add
-->Next
-->Next
-->Next
-->Select IP filter list
-->Edit
-->Add
-->Next
-->Next
-->Next
-->Select the source IP <my IP address
-->Next
-->Select destination IP address a specified IP address or subnetmask
-->And enter the destination IP address manually like 10.0.0.100
-->Next
-->Select protocol
-->ICMP
-->Next
-->Finish
-->Ok
-->Select IP filter list
-->Next
-->Select filter action
-->Next
-->Edit
-->Block
-->Ok
-->Next
-->Finish
-->Ok
-->Now Right Click on policy and click assign.
-->Now your client that has IP 10.0.0.100 can not ping from Your computer.
IP Security Policy Management.
ip security policy
-->start
-->run
-->mmc press enter.
-->flie
-->add remove snap-in
-->ip sec policy management
-->add
-->finish
-->ok
-->r.click on ip sec-po
-->create ip sec-po
-->next
-->next
-->next
-->finish
-->add
-->next
-->next
-->next
-->add
-->add new ip filter list
-->next
-->next
-->select sourece (my ip)
-->next
-->destination (specify ip or subnet example :-( 10.0.0.10)
-->next
-->select protocol<icmp>
-->next
-->finish
-->ok>select new ip filter list
-->next
-->now add filter action
-->next
-->next
-->block
-->next
-->finish
-->select new filter action
-->next
-->finish
-->ok
now r/c on policy and assign. for negotiable security:-
-->right click on policy
-->properties
-->edit
-->authantication
-->method
-->edit
-->use this string and enter the psk (pre-shared key)
-->ok
-->apply
-->ok
-->again click edit
-->filter action
-->edit
-->select negotiable security
-->add
-->ok
-->apply
-->ok
-->close
-->apply
-->ok
-->close all wizard
-->finish
File Screening and Quota Management.
Quota management
Install the role of file server resource manager from file server adds role wizard.
-->Start
-->Administrative tools
-->File server resource manager
-->Expand quota management
-->Quota templates
-->Right click create quota templates
-->Enter the name of templates
-->Define the size
-->Ok
Now right click on quota
-->Create quota
-->Give the path of the folder to implement quota
-->Select the templates
-->Click create
-->Finish.
File screening:-
-->Expand file screening management
-->Right click on file screening templates
-->Create file screening templates
-->Enter the template name
-->Select the file extension which you want to prevent
-->Ok.
-->Right click on file screening
-->Click create file screening
-->Define the path of the folder and select file screening template
-->Ok
-->Finish.
Configuring DFS.
configuring dfs
install dfs from file services
-->on the domain controller
-->now make the members of this domain.
and create some shares on the member domain.
example jet1 and jet2 are the members of domain micro.com
and jet1 has a shared folder with name hardware
and jet2 has a shared folder with name software
-->now go to the domain controller
-->start
-->administrative tools
-->dfs
-->r.click on namespaces
-->new namespace
-->enter the name of the server for the dfs host(it self-server name)
-->enter the name of the namespace like "namespace1"
-->next
-->domain based name space
-->next
-->create
-->now r.click on namespace1
-->new folder
-->enter the desired name
-->click add
-->browse
-->browse
-->advanced
-->find now
-->select the name of member domain
-->ok
-->ok
-->select the shared folder
-->ok
-->ok
-->ok
-->add another folder here same.
now go to another computer in the network and access>\\ip of domain\namespace1
-->finish
Configuring Terminal Services.
Configuring terminal services
Install terminal services on the domain controller from add roles services>.
-->Right click on my computer properties
-->Remote setting
-->Allow computer (network level authentication)
-->Select user and add here a user that you have created in active directory.
-->Start
-->Administrative tools
-->gpo
-->Expand these...Domains
-->deepakorg48.com
-->Domain controllers
-->Default domain controller policy right click on it edit
-->Expand these...computer configuration
-->Policies
-->Windows setting
-->Security setting
-->Local policy
-->User rights assignments
-->Allow logon through terminal services open it click on define these policy setting and add an administrator, and user here apply ok finish close all wizard
-->Run
-->dsa.msc
-->Right click on the user properties
-->Environment
-->Click on start program
-->Specify the path of the application
-->Apply
-->Ok
-->Finish
-->Run
-->gpupdate /force...
Now go to the another computer
-->Run
-->mstsc.exe
-->Enter the IP address of the terminal server
-->Enter the username and password when it asks and you can see an application that starts from it.
-->Finish...
FSMO Roles Transfer.
FSMO ROLES Transfer
Requirement:-
1. Two computers one PDC and one ADCand one adc.e pdcsh>ok>select i
2. Assume your computer name of the domain is server1
3. And host name of the ADC is client1.
-->First install the active directory services on the server1 with DNS.
-->Now go to the client1 and configure the IP address with the address of DNS
-->Than check it must be ping from the domain.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option creates a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion.
Now go to server1 and run following commands.
-->Start
-->Run
-->CMD
c:\>ntdsutil
-->ntdsutil:roles press enter
-->fsmo maintenance:connections press enter
-->Server connection: connect to server client1.deepakorg48.com press enter
-->Server connection:quit
-->fsmo maintenance: transfer rid master press enter yes
-->fsmo maintenance: transfer pdc press enter yes
-->fsmo maintenance: transfer infrastructure master press enter yes
-->fsmo maintenance: transfer schema master press enter yes
-->fsmo maintenance: transfer naming master press enter yes
-->For check the transfer’s roles go to the client1 and run the following command
-->Run
-->cmd
-->C :\>netdom query FSMO press enter (you can see transfers roles)
-->Finish...
Configuring Active Directory Domain and Trust.
trust
requirement:-
minimum two domain controller.
procedure:-
make sure your both domain controller are pinging to each other by the domain name.
-->start
-->administrative tools
-->active directory domain and trust
-->r.click on domain name
-->properties
-->trust
-->next
-->next
-->enter the domain name of another domain and password
-->next
-->next
--> two-way trust
-->both domains only
-->next
-->next
-->yes, confirm outgoing trust
-->yes, confirm incoming trust
-->next
-->next
-->finish.
authenticating a user on the domain:-
suppose there are two domain controller named a.com and b.com both are trusted to each other
and user a of domain a.com wants to log on on b.com to manage user and group.
procedure:-
-->go to domain b.com
-->dsa.msc
-->built-in
-->d.click on account operator
-->members
-->add
-->location
-->select the location domain a.com
-->write the name of the user (a) here and click check name
-->ok
-->ok
-->close
--> run
-->gpupdate /force
-->now log off domain b.com and login with user (a) (login format:-domain\user) user
name:-b\a and password *******) where b is the domain name and a is the user.
-->finish
Configuring Security Templates.
Security templates:-
-->Run
-->MMC
-->File
-->Add remove snap-in
-->Add the security templates and Security configuration and analyse
-->Save this console on the desktop.
-->Now click on security templates
-->Right click on it new template
-->Enter the name of a template
-->Ok
-->Now right. Click on security configuration and analyse
-->Open data base
-->Enter the name of the database
-->Open
-->Select the template name(same name)
-->Open
-->Right Click on security configuration and analyse
-->Analyse computer now
-->Now change the policy that required like password policy or others
-->To assign the policy just r .click security configuration and analyse
-->And click configure computer now.
-->Again right click security configuration and analyse
-->Analyse computer now. And check your policy has been updated.
-->Finish...
Configuring VPN.
Configuring VPN server
Install routing and remote access services from add roles wizards.
Installing role:-
-->Run
-->Servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
-->Configure and enable routing and remote access service
-->Next
-->Custom configuration
-->VPN access
-->Finish.
Now dsa.msc
-->And create a domain user in active directory.
-->Right click on this user click properties
-->Click on the dial-in tab
-->Click allow
-->Access
-->Apply
-->Ok
-->Now go to the client machine and create a VPN dial-up connection.
-->Right click on my network place
-->Properties
-->Setup a connection
-->Connect to a workplace
-->VPN
-->Setup internet connection
-->Dial-up
-->Enter the IP address of VPN server user name and password which you have created on
-->Domain and click connect.
-->Finish.......
Configuring ICS.
Configuring ICS
Requirement:-
Two LAN cards:-
Procedure:-
Connect a LAN card with the internet connection.
And configure IP on it according to the ISP and make sure your internet is working properly.
-->Now
-->Run
-->ncpa.cpl
-->Right click on LAN card which is connected with ISP and click properties.
-->Click on sharing
-->Click share this connection
-->Ok
-->Finish
-->Now you can see the IP address of your second LAN has been changed.
It will assign automatically reserved IP address of ICS 192.168.0.1
Now go to the client computers and configure the IP address automatically.
Your firewall must be off in all computers.
Now you can access internet on clients...
Configuring Proxy Server.
Proxy configuration
Requirement:-
Two LAN card in a system.
One is connected with ISP or broadband.
One is connected with the switch.
Configure the IP on both LAN like.
Example Lan-1 192.168.1.2
255.255.255.0
192.168.1.1
202.56.215.54
202.56.215.55
Lan-2 192.168.1.3
255.255.255.0
And now install and start the proxy on this machine.
Go to the clients.
And configure the following IP address 192.168.1.4
255.255.255.0
192.168.1.3 (This is the address of the proxy server)
-->Right click on internet connection
-->Properties
-->Connections
-->LAN setting
-->Select proxy configuration.
-->Enter the address of proxy server 192.168.1.3
Port No. 6588
-->Apply
-->Ok
Finish (you can access internet connection.)
Migration.
migration
requirement
machine1 with installed win 2003 server and adds, dns.
machin2 installed with win 2008 server and specify the address of dns and make sure it
should be pinging from the domain name of machine1.
procedure:-
copy the adprep folder into the c:\ drive of win 2003 server from 2008 media source\adprep.
now the raise the forest function level of the 2003 server from 2000 to 2003 from active directory domain trust wizard.
now go to the command prompt
c:\>cd adprep enter
c:\adprep>adprep /forestprep enter press "c" to continue...
c:\adprep>adprep /domainprep press enter
c:\adprep>adprep /rodcprep press enter
now go to machine2 (win 2008 srv) and make this machine adc of the machine1.
-->start
-->run
-->dcpromo /adv press enter.
-->next
-->select first option creates a domain in existing forest
-->next
-->enter the name of the domain like "deepakorg48.com" select set credential
-->enter the administrator & password
-->next
-->next
-->check the dns option
-->next
-->next
-->next
-->next enter the restore mode password
-->next
-->reboot on completion.
now go to machine1 and run following commands.
-->run
-->cmd
-->c:\>ntdsutil
ntdsutil: roles press enter
fsmo maintenance: connections press enter
server connection: connect to server client1.deepakorg48.com press enter
server connection: q press enter
fsmo maintenance: transfer rid master press enter yes
fsmo maintenance: transfer pdc press enter yes
fsmo maintenance: transfer infrastructure master press enter yes
fsmo maintenance: transfer schema master press enter yes
fsmo maintenance: transfer domain naming master press enter yes
for check, the transfer’s roles go to the client1 and run following command
-->run
-->cmd
-->c :\> netdom query fsmo press enter (you can see transfers roles)
-->finish...
Creating Member of Domain.
creating member/client of domain controller:-
1)assign ip address and trying to ping from IP address of the domain controller.
2)assign address of dns server and ping from name of domain controller
(ping deepakorg48.com).
3)R.click on my computer>properties>change setting>change>select domain>
enter the name of the domain (deepakorg48.com)>ok.
it will ask you for the user name and password please give "administrator" as user name and "123-asd" as password
you will see a welcome msg>ok
close>restart computer.
Disjoining process:-
login with local administrator.Exp(administrator)(123-asd)
R.click on my computer>properties>change setting>change>select workgroup>
enter the name of workgroup (WORKGROUP)>ok.
close and restart.
DNS Backup & Restore.
dns backup and restore:-
run>system32 enter
d click dns folder and copy example.com.dns file and save it any drive and folder.
restore:-
run>dnsmgmt.msc enter
r.click on forward lookup zone>new zone>primary zone>
next>enter the name of zone>next>
select use existing file>next>allow automatic update>next>finish..
DNS Forwarder.
configuring dns forwarder:-
start>administrative tools>dns>r.click on computer name>click properties>forwarder enter
click>edit>enter the ip address of another dns server where you want to forward query
ok...finish
Windows Server 2008 R2 with SP1 System
Requirements
To use Windows Server 2008 R2 Service Pack 1, you need:
Component Requirement
Processor
Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)
Note: An Intel Itanium 2 processor is required for Windows Server 2008 R2 with SP1 for Itanium-Based Systems. To use RemoteFX, a SLAT-capable processor is required on the host.
Memory
Minimum: 1 GB RAM
Maximum: 8 GB (Foundation) or 32 GB (Standard) or 2 TB (Enterprise, Datacenter, and Itanium-Based Systems)
Disk Space Requirements
Minimum: 32 GB or greater
Note: Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files
Display
Super VGA (800 × 600) or higher resolution monitor
Other
DVD Drive, Keyboard and Microsoft Mouse (or compatible pointing device), Internet access (fees may apply) Note: To use RemoteFX, at least one qualified GPU is required on the host.
Actual requirements will vary based on your system configuration, and the applications and features you choose to install. Processor performance is dependent upon not only the clock frequency of the processor, but the number of cores and the size of the processor cache. Disk space requirements for the system partition are approximate. Additional available hard disk space may be required if you are installing over a network.
Installation and Activation
You do not need to enter a product key to evaluate any version of Windows Server 2008 R2 software, however activation is required within 10 days. Failing to activate the evaluation will cause the licensing service to shut down the machine every hour.
For further information please see the Windows Server 2008 R2 Activation page
Can my existing servers run Windows Server 2008 R2?
Download the Microsoft Assessment and Planning Toolkit to securely inventory your existing servers and generate a migration report for Windows Server 2008.
Looking for Windows Server 2008 System Requirements?
Access Windows Server 2008 system requirements for 32-bit, 64-bit and Itanium based systems.
Installation and Un-Installation Active Directory Services (ADS).
ACTIVE DIRECTORY PROMOTION
Ø -->Start
Ø -->Run
Ø -->DCPROMO Press Enter
Ø -->Next
Ø -->Next
Ø -->Select second option create a new domain in new forest
Ø -->Next
Ø -->Enter the name of domain like "deepakorg48.com"
Ø -->Next
Ø -->Raise the forest function level (2008)
Ø -->Next
Ø -->Next
Ø -->yes
Ø -->yes
Ø -->Next
Ø -->Enter the complex password (123-asd)
Ø -->Next
Ø -->Next
Ø -->Next
Ø -->Reboot on completion
Ø -->Finish
ACTIVE DIRECTORY DEMOTION
step-1:
-->start
-->run
-->dcpromo
-->next
-->ok
-->check {delete the domain because this server is the last...}
-->next
-->next
-->next
-->delete all application
-->next
-->enter the password
-->next
-->next
-->reboot on completion
-->restart...
step-2:
after restart computer give the following command in run
-->servermanager.msc-->enter
-->click on roles
-->click on remove roles
-->next
-->uncheck the role of active directory (adds) and dns
-->remove
-->finish
-->restart computer....
step 3:
-->after restart computer press
-->ctrl+pause break
-->click on change setting
-->click on change
-->click on more
-->remove the name of domain
-->ok
-->close
-->restart computer....
step 4:
after restart computer run
-->system32
-->remove the folder of dns if it is exist.
-->finish.
Creating Roaming Profile.
creating the roaming profile of domain user:-
create an user in active directory.
-->start
-->run
-->dsa.msc press enter
-->expaned domain name
-->right click on user folder
-->click new user
-->enter the detailes of user like user name, login name, password and user attributes.
-->click next
-->finish.
now create a share folder in ntfs drive and give the full permission.
now go to active directory user and computer wizard and
-->r.click on user properties
-->click on profile tab
-->and fill the following detailes in require fields
-->profile path \\ip add of file server\share folder name\user name
-->local path x:\share folder name (x: is the drive where share folder exists.)
-->apply
-->ok.
-->now go to the client of domain and login with the domain user.
finish
Converting Roaming Profile in to Mandatory.
converting the roaming profile in to the mandatory:-
go to the file server...
login with the user account and give the ntfs permission to administrator.
log off and login with the administrator@domain.com.
-->now go to home folder of user profile
-->d.click on profile folder
-->tools
-->folder options
-->view
-->show hidden files and folders
-->and uncheck
-->show hide extension
-->show hide protected
-->ok
-->apply
-->ok go to the folder and you can see ntuser.dat
-->just r.click and rename it in to ntuser.man
-->set the folder options default.
-->remove the user from print operator group.
-->now go to the client machine and login with the domain user
-->now your setting of the profile will not be save.
-->finish.
Configuring Group Policy.
Configuring Group Policy
First install the active directory services in a system.
-->Start
-->Administrative tools
-->group policy management
Or
-->Start
-->Run
>mmc
-->File
-->Add remove snap-in
-->group policy management
>Add
-->Ok
-->Expanded the group policy-forest-domain
-->deepakorg48.com (domain name)
-->Right click on it
-->Create an object of domain and link it
-->Enter the name of domain and click ok
-->Now right click on the object which you have new created and click edit
-->You can see here user configuration and system configuration.
-->Expand user configuration-policies-administrative templates
-->Now you can assign any policy like select desktop
-->Double click on remove Computer icon from desktop
-->Click enable
-->Close save this console
-->And close all wizards.
Now run following command
-->Run
-->gpupdate /force
You can see my computer icon has been removed from the desktop.
Shadow Copy.
Configuring Shadow Copy
Shadow Copy:-
-->Make a share folder in NTFS drive and save your data in this folder.
-->Now go back and right click on this drive and click properties
-->Click on shadow copy.
-->Now click on enable.
-->You can see a new task created.
-->Now go to share folder and delete data permanently.
Restore Shadow Copy:-
-->Start
-->Run
-->Give the following command in Run
-->\\IP address of server where shadow created
-->Now you can see a share folder just right click on it click properties.
-->Select previous version tab.
-->Click restores
-->Ok.
-->Close all wizards
-->And go to the share folder and check your data has been recovered successfully.
Configuring IIS Server.
Configuring IIS Server
Install the role of IIS from add roles services.
Create a web page and save it in a folder.
-->Start
-->Administrative tools
-->IIS
-->Click on server name
-->Expand site
-->Right click on default site and remove it
-->Now right click and select create new site
-->Enter description of site
-->Next
-->Enter the site name
-->Provide the path of the web site folder
-->Assign an IP
-->Apply
-->Ok
-->Now click on site which you have new created
-->Double click on directory browsing
-->Click enable
Now go to the client computer and give the following address to open web page
http://IP address of web server presses enter.
Configuring FTP.
Configuring FTP
Install the role of ftp from add role services
-->Start
-->Administrative tools
-->IIS 6.0 manager
-->Expand server name
-->Expand ftp site
-->Remove default ftp site
-->Right click and new ftp site
-->Enter the description
-->Next
-->Assign an IP address
-->Next
-->Next
-->Give the path of ftp folder where your data saved
-->Next
-->Next
-->Next
-->Finish....
Go to client computer
-->Start
-->Run
-->ftp://IP add of ftp server press enter.
Configuring DNS.
Configuring DNS
Install the role of DNS from add role services.
-->Start
-->administrative tools
-->DNS
-->Expand computer name
-->Click on forward lookup zone
-->Right click on it
-->New zone
-->Next
-->Primary zone
-->Next
-->Enter the name of zone like deepakorg48.com
-->Next
-->Next
-->Dynamic update
-->Next
-->Finish.
-->Click on zone
-->Right click new host aaa record enter the computer name and IP of DNS server
-->Create
-->Create a record without name
-->Done
-->Double click on SOA record
-->And fill require field like Primary Server Computer Name.deepakorg48.com.
-->Responsible Server Computer Name.deepakorg48.com.
-->Apply
-->Ok.
-->Double click on ns record
-->Edit
-->Enter the computer name.deepakorg48.com and click resolve
-->Ok
-->Apply
-->Ok
-->Now go to the another computer and specify the IP address with the DNS address and ping from deepakorg48.com
If it is pinging just start to install active directory services by using dcpromo
And enter the domain name deepakorg48.com and uncheck DNS when it ask because you have configured
DNS already on another domain after restart computer go the DNS server and check records.
-->Finish
Configuring DHCP Server.
Configuring DHCP Server
Install the role of DHCP from the add roles Wizard.
-->Start
-->Administrative tools
-->DHCP
-->Right click on server name click scope
-->Enter the name of scope
-->Next
-->Enter the distribution range of IP address which you want to distribute
-->Next—
-->Enter the exclude range click add
-->Next
-->Specify the lease duration
-->Next
-->Select configure these options now
-->Next
-->Enter the address of the router
-->Next
-->Enter the domain name and computer name
-->Click resolve
-->Click add
-->Next
-->Next
-->Activate this scope now
-->Next
-->Finish...
Now go to the client computer and change the setting of TCP/IP properties>set the obtain IP address automatically.
Now go the command prompt and run following command to see the ip add
c:\>ipconfig
IP 10.0.0.2
Subnet mask 255.0.0.0
This address is specified by DHCP server
For more information about adaptor run following command
c:\>ipconfig /all
Finish.....
IP reservation:-
-->Go to the DHCP server and right. Click on the reservation:-
-->Click new reservation
-->enter the name of reservation
-->and specify the address which you want to reserved
-->and specify the MAC address of client in next field. Click apply ok close refresh.
-->Finish
Now go to the client of DHCP and set obtain IP address automatically. If setting is already automatic IP than run following commands
c:\>ipconfig /release (to release the previous IP address)
c:\>ipconfig /renew (to get new address from the DHCP server)
Finish...
Backup & Restore DHCP Server.
Backup of DHCP server
Backup Process:-
-->Right .click on computer name in DHCP server
-->Backup
-->Make a folder in any drive and select it
-->Finish.
Restoring process:-
-->After delete scope from the DHCP server
-->Right Click on the computer name in DHCP server and click restore select the target folder where the
Backup stored
-->Start
-->Finish...
Configuring LAN Routing.
Configuring LAN routing:-
Requirements:-
1:- Two LAN cards
Procedure:-
Configure the IP 10.0.0.1 /255.0.0.0 in LAN-1 and connect this LAN with a switch-1.
Configure the IP 192.168.10.1 /255.255.255.0 in lan-2 and connect this
LAN with switch-2.
Now install the role of RRAS from add roles wizard on this computer.
Installing role:-
-->Run
-->servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
-->Configure and enable routing and remote access service
-->Next
-->Custom configuration next
-->LAN routing
-->Next
-->Finish
-->Start service
Now go to the clients those are connected with switch-1 and configure following IP address.
IP address 10.0.0.2 /255.0.0.0
Default gateway 10.0.0.1
Now go to the computers those are connected with switch-2.
And configure following IP address.
IP address 192.168.10.2 /255.255.255.0
Default gateway 192.168.10.1
Now go to command prompt
-->and ping 10.0.0.2 -t
If pinging you have successfully configured LAN routing.
Note: - "off the firewall on each system".
Configuring DHCP Relay Agent.
Configuring DHCP relay agent
Step-1
Configuring DHCP Server:-
Install the role of DHCP from the add roles
Wizard.
-->Start
-->Administrative tools
-->DHCP
-->Right click on server name click scope
-->Enter the name of scope
-->Next
--->Enter the distribution range of IP address which you want to distribute
-->Next
-->Enter the exclude range click add
-->Next
-->Specify the lease duration
-->Next
-->Select configure these options now
-->Next
-->Enter the address of the router
-->Next
-->Enter the domain name
-->And computer name
-->And click resolve
-->Click add
-->Next
-->Next
-->Activate this scope now
-->Next
-->Finish...
Create Scope-2 same as Scope-1 with the different IP according to the network map that you have.
Step2.
Configuring LAN routing:-
Requirements:-
1:- Two LAN cards
Procedure:-
Configure the IP 10.0.0.100 /255.0.0.0 in lan-1 and connect this LAN with a switch-1.
Configure the IP 192.168.10.100 /255.255.255.0 in lan-2 and connect this
LAN with switch-2.
Now install the role of RRAS from add roles wizard on this computer.
Installing role:-
-->Run
-->Servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
Configure and enable routing and remote access service
-->Next
-->Custom configuration
-->Next
-->LAN routing
-->Next
-->Finish
-->Start service
-->Expand ipv4
-->Static routes
-->Right click select new static route
-->Select
The LAN-1 in interface field.
Destination 192.168.10.0 /255.255.255.0
Gateway 10.0.0.1
Ok
Click select new static route>select
The LAN -2 in interface field.
Destination 10.0.0.0 /255.0.0.0
Gateway 192.168.10.1
Ok
Now right click on general and click new routing protocol and add DHCP relay agent
-->Right click on DHCP relay agent
-->Properties
-->Add the IP address
Of the DHCP Server (192.168.10.1).
And add LAN-1 and LAN-2 bpth interfaces also here.
Now go to clients and configure IP address automatically.
Configuring WDS.
Deployment
Configuring Windows Deployment
Requirement:-
1-DHCP installed and configure.
2-ADS and DNS
3-Install the role of WDS from add roles wizard.
-->Start
-->Administrative tools
-->WDS
-->Expand server
-->Right click on server name
-->Click configure server
-->Next
-->x:\RemoteInstall (select the destination)
-->Next
-->Respond to all known and unknown client
-->Finish
-->Uncheck add image
-->Finish
-->Right click on boot image and click add boot image
-->Insert the disk of windows vista /Win7/2008 server in the drive and click browse.
-->Select the boot.wim file from the source folder of DVD.
-->Next
-->Next
-->Finish
-->Now right click on the install folder and click install image
-->Select the Install.wim files from the source folder of the DVD.
-->Ok
-->Next
-->Select require images
-->Next
-->Finish
Configuring Software Deployment.
Configuring Software Deployment
Make a SHARE FOLDER in NTFS drive and copy the software (MSI package)
In it.
-->Start
-->Run
-->dsa.msc
-->Right click on domain name and click new
-->Organization unit
-->Enter the name of OU and click ok.
-->Now make an user in this OU
-->Close all wizards.
-->Start
-->Run
-->mmc
-->File
-->Add remove snap-in
-->Group policy management
-->Add
-->Ok
-->Expand the group policy-forest-domain
-->deepakorg48.com (domain name)
-->Select the OU
-->Right click on it
-->Create an object of domain and link it
-->Enter the name of object and click ok
-->Now right click on the object which you have new created and click edit
-->You can see here user configuration and system configuration.
-->Expand user configuration-policies software setting software installation
-->Right click on it
-->Properties
-->Enter the package path like\\192.168.10.1\office2003 assign finish.
-->Right click on software installation new package
-->Select pro11.msi file
-->Ok
-->Now click on package which is newly created
-->Properties
-->Deployment
-->Select install this application at logon
-->Apply
-->Ok
-->Close all wizards.
-->Now go to the member of domain and login with this user. Your application will now install automatically.
-->Finish..
Configuring Printer Deployment.
Configuring Printer Deployment
Configuring Printer Deployment
Connect the printer with the server and install it properly.
Now install the role of printer from add roles wizards.
-->Start
-->Run
-->dsa.msc
-->Right Click on domain and create an organization unit.
-->Create a user within the organization unit.
-->Now
-->Run
-->mmc
-->File
-->Add remove snap-in
-->Add the group policy management
-->Save this console at the desktop
-->Now expand domain
-->And click on organization unit which you have created
-->Right Click on it and select create a gpo
-->Enter the name of gpo
-->Ok
-->Close all wizards
-->Now go to print management from administrative tools
-->Select the printer right click on it and click deploy with group policy
-->Browse
-->Click the organization unit
-->Select gpo
-->Ok
-->Check both options and click add
-->Apply
-->Ok.
-->Go to client of domain and login with the user name.
-->Finish...
Creating Additional Domain Controller.
Creating the ADC
Requirement:-
Install active directory service in a system with DNS.
Now go to another computer and configure the IP address with the address of DNS server.
Now
-->Start
-->Runt
-->Ping domain name if reply than proceed.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option create a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion.
-->Finish...
Creating an Additional Domain Controller with IFM.
ADC through ifm:-
Go to the domain controller start>run>cmd
c:\>ntdsutil press enter
Activate instance ntds press enter
ifm press enter
Create full c:\ifm
After finish task
Quit press enter
Exit
Note: before run these commands make a folder in c: drive with the name of
ifm.
Now copy this folder in mass storage removable media (pen drive).
Safe remove the pen drive from the computer and plug it with another
The computer where you want to configure ADC.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option create a domain in existing forest
-->Next
-->Enter the name of a domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Celect another location for media browse the pen drive and give the path next enter the
-->Restore mode password
-->Next
-->Reboot on completion.
Creating Read only Domain Controller with IFM.
RODC through ifm:-
Note:-function level of the domain must be 2008.
Go to the domain controller and run following commands
Make a folder in c: with name RODC
c:\>ntdsutil press enter
Activate instance to ntds press enter
ifm press enter
Create RODC c:\rodc
After finish task
Quit press enter
Exit
Go to the other computer where you want to make RODC.
Note make a user in active directory (domain) before run following task
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option creates a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option and RODC
-->Next
-->Next
-->Next
-->Select another location for media to browse the pen drive and give the path next enter the
-->Restore mode password
-->Next
-->Reboot on completion.
Creating a Child Domain Controller.
Configuring CDC
Install active directory in a system with DNS.
Now go to another computer and configure the IP address with the address of the DNS server. Now check it
Must be ping with the name of the domain controller
Now run the following command in the run.
-->Start
-->Run
-->dcpromo press Enter
-->Next
-->Next
-->Create a new domain in existing forest
-->Next
-->Enter the name of the domain
-->Click on set
-->Enter the username and password of the domain and click
-->Ok
-->Next
-->Enter the domain name and child domain name (mail).
-->Next
-->Next
-->Uncheck the DNS
-->Next
-->Yes
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion
-->Finish.
Configuring IP Security Policy.
Configuring IP sec policy
Configure the IP address first.
-->Start
-->Run
-->MMC(Microsoft management console)
-->File
-->Add remove snap-in
-->IPSec policy management
-->Add
-->Finish
-->Ok
-->Right Click on IPSec Po
-->New policy
-->Next
-->Next
-->Finish
-->Add
-->Next
-->Next
-->Next
-->Select IP filter list
-->Edit
-->Add
-->Next
-->Next
-->Next
-->Select the source IP <my IP address
-->Next
-->Select destination IP address a specified IP address or subnetmask
-->And enter the destination IP address manually like 10.0.0.100
-->Next
-->Select protocol
-->ICMP
-->Next
-->Finish
-->Ok
-->Select IP filter list
-->Next
-->Select filter action
-->Next
-->Edit
-->Block
-->Ok
-->Next
-->Finish
-->Ok
-->Now Right Click on policy and click assign.
-->Now your client that has IP 10.0.0.100 can not ping from Your computer.
IP Security Policy Management.
ip security policy
-->start
-->run
-->mmc press enter.
-->flie
-->add remove snap-in
-->ip sec policy management
-->add
-->finish
-->ok
-->r.click on ip sec-po
-->create ip sec-po
-->next
-->next
-->next
-->finish
-->add
-->next
-->next
-->next
-->add
-->add new ip filter list
-->next
-->next
-->select sourece (my ip)
-->next
-->destination (specify ip or subnet example :-( 10.0.0.10)
-->next
-->select protocol<icmp>
-->next
-->finish
-->ok>select new ip filter list
-->next
-->now add filter action
-->next
-->next
-->block
-->next
-->finish
-->select new filter action
-->next
-->finish
-->ok
now r/c on policy and assign. for negotiable security:-
-->right click on policy
-->properties
-->edit
-->authantication
-->method
-->edit
-->use this string and enter the psk (pre-shared key)
-->ok
-->apply
-->ok
-->again click edit
-->filter action
-->edit
-->select negotiable security
-->add
-->ok
-->apply
-->ok
-->close
-->apply
-->ok
-->close all wizard
-->finish
File Screening and Quota Management.
Quota management
Install the role of file server resource manager from file server adds role wizard.
-->Start
-->Administrative tools
-->File server resource manager
-->Expand quota management
-->Quota templates
-->Right click create quota templates
-->Enter the name of templates
-->Define the size
-->Ok
Now right click on quota
-->Create quota
-->Give the path of the folder to implement quota
-->Select the templates
-->Click create
-->Finish.
File screening:-
-->Expand file screening management
-->Right click on file screening templates
-->Create file screening templates
-->Enter the template name
-->Select the file extension which you want to prevent
-->Ok.
-->Right click on file screening
-->Click create file screening
-->Define the path of the folder and select file screening template
-->Ok
-->Finish.
Configuring DFS.
configuring dfs
install dfs from file services
-->on the domain controller
-->now make the members of this domain.
and create some shares on the member domain.
example jet1 and jet2 are the members of domain micro.com
and jet1 has a shared folder with name hardware
and jet2 has a shared folder with name software
-->now go to the domain controller
-->start
-->administrative tools
-->dfs
-->r.click on namespaces
-->new namespace
-->enter the name of the server for the dfs host(it self-server name)
-->enter the name of the namespace like "namespace1"
-->next
-->domain based name space
-->next
-->create
-->now r.click on namespace1
-->new folder
-->enter the desired name
-->click add
-->browse
-->browse
-->advanced
-->find now
-->select the name of member domain
-->ok
-->ok
-->select the shared folder
-->ok
-->ok
-->ok
-->add another folder here same.
now go to another computer in the network and access>\\ip of domain\namespace1
-->finish
Configuring Terminal Services.
Configuring terminal services
Install terminal services on the domain controller from add roles services>.
-->Right click on my computer properties
-->Remote setting
-->Allow computer (network level authentication)
-->Select user and add here a user that you have created in active directory.
-->Start
-->Administrative tools
-->gpo
-->Expand these...Domains
-->deepakorg48.com
-->Domain controllers
-->Default domain controller policy right click on it edit
-->Expand these...computer configuration
-->Policies
-->Windows setting
-->Security setting
-->Local policy
-->User rights assignments
-->Allow logon through terminal services open it click on define these policy setting and add an administrator, and user here apply ok finish close all wizard
-->Run
-->dsa.msc
-->Right click on the user properties
-->Environment
-->Click on start program
-->Specify the path of the application
-->Apply
-->Ok
-->Finish
-->Run
-->gpupdate /force...
Now go to the another computer
-->Run
-->mstsc.exe
-->Enter the IP address of the terminal server
-->Enter the username and password when it asks and you can see an application that starts from it.
-->Finish...
FSMO Roles Transfer.
FSMO ROLES Transfer
Requirement:-
1. Two computers one PDC and one ADCand one adc.e pdcsh>ok>select i
2. Assume your computer name of the domain is server1
3. And host name of the ADC is client1.
-->First install the active directory services on the server1 with DNS.
-->Now go to the client1 and configure the IP address with the address of DNS
-->Than check it must be ping from the domain.
-->Start
-->Run
-->dcpromo /adv press enter.
-->Next
-->Select first option creates a domain in existing forest
-->Next
-->Enter the name of the domain like "deepakorg48.com" select set credential
-->Enter the administrator & password
-->Next
-->Next
-->Check DNS option
-->Next
-->Next
-->Next
-->Next
-->Enter the restore mode password
-->Next
-->Reboot on completion.
Now go to server1 and run following commands.
-->Start
-->Run
-->CMD
c:\>ntdsutil
-->ntdsutil:roles press enter
-->fsmo maintenance:connections press enter
-->Server connection: connect to server client1.deepakorg48.com press enter
-->Server connection:quit
-->fsmo maintenance: transfer rid master press enter yes
-->fsmo maintenance: transfer pdc press enter yes
-->fsmo maintenance: transfer infrastructure master press enter yes
-->fsmo maintenance: transfer schema master press enter yes
-->fsmo maintenance: transfer naming master press enter yes
-->For check the transfer’s roles go to the client1 and run the following command
-->Run
-->cmd
-->C :\>netdom query FSMO press enter (you can see transfers roles)
-->Finish...
Configuring Active Directory Domain and Trust.
trust
requirement:-
minimum two domain controller.
procedure:-
make sure your both domain controller are pinging to each other by the domain name.
-->start
-->administrative tools
-->active directory domain and trust
-->r.click on domain name
-->properties
-->trust
-->next
-->next
-->enter the domain name of another domain and password
-->next
-->next
--> two-way trust
-->both domains only
-->next
-->next
-->yes, confirm outgoing trust
-->yes, confirm incoming trust
-->next
-->next
-->finish.
authenticating a user on the domain:-
suppose there are two domain controller named a.com and b.com both are trusted to each other
and user a of domain a.com wants to log on on b.com to manage user and group.
procedure:-
-->go to domain b.com
-->dsa.msc
-->built-in
-->d.click on account operator
-->members
-->add
-->location
-->select the location domain a.com
-->write the name of the user (a) here and click check name
-->ok
-->ok
-->close
--> run
-->gpupdate /force
-->now log off domain b.com and login with user (a) (login format:-domain\user) user
name:-b\a and password *******) where b is the domain name and a is the user.
-->finish
Configuring Security Templates.
Security templates:-
-->Run
-->MMC
-->File
-->Add remove snap-in
-->Add the security templates and Security configuration and analyse
-->Save this console on the desktop.
-->Now click on security templates
-->Right click on it new template
-->Enter the name of a template
-->Ok
-->Now right. Click on security configuration and analyse
-->Open data base
-->Enter the name of the database
-->Open
-->Select the template name(same name)
-->Open
-->Right Click on security configuration and analyse
-->Analyse computer now
-->Now change the policy that required like password policy or others
-->To assign the policy just r .click security configuration and analyse
-->And click configure computer now.
-->Again right click security configuration and analyse
-->Analyse computer now. And check your policy has been updated.
-->Finish...
Configuring VPN.
Configuring VPN server
Install routing and remote access services from add roles wizards.
Installing role:-
-->Run
-->Servermanager.msc
-->Click on roles
-->Add roles
-->Ok
-->Click on network policies and access services
-->Next
-->Next
-->Click on routing and remote access
-->Add require services
-->Next
-->Install
-->Finish
-->Start
-->Administrative tools
-->RRAS
-->Right click on server name and click
-->Configure and enable routing and remote access service
-->Next
-->Custom configuration
-->VPN access
-->Finish.
Now dsa.msc
-->And create a domain user in active directory.
-->Right click on this user click properties
-->Click on the dial-in tab
-->Click allow
-->Access
-->Apply
-->Ok
-->Now go to the client machine and create a VPN dial-up connection.
-->Right click on my network place
-->Properties
-->Setup a connection
-->Connect to a workplace
-->VPN
-->Setup internet connection
-->Dial-up
-->Enter the IP address of VPN server user name and password which you have created on
-->Domain and click connect.
-->Finish.......
Configuring ICS.
Configuring ICS
Requirement:-
Two LAN cards:-
Procedure:-
Connect a LAN card with the internet connection.
And configure IP on it according to the ISP and make sure your internet is working properly.
-->Now
-->Run
-->ncpa.cpl
-->Right click on LAN card which is connected with ISP and click properties.
-->Click on sharing
-->Click share this connection
-->Ok
-->Finish
-->Now you can see the IP address of your second LAN has been changed.
It will assign automatically reserved IP address of ICS 192.168.0.1
Now go to the client computers and configure the IP address automatically.
Your firewall must be off in all computers.
Now you can access internet on clients...
Configuring Proxy Server.
Proxy configuration
Requirement:-
Two LAN card in a system.
One is connected with ISP or broadband.
One is connected with the switch.
Configure the IP on both LAN like.
Example Lan-1 192.168.1.2
255.255.255.0
192.168.1.1
202.56.215.54
202.56.215.55
Lan-2 192.168.1.3
255.255.255.0
And now install and start the proxy on this machine.
Go to the clients.
And configure the following IP address 192.168.1.4
255.255.255.0
192.168.1.3 (This is the address of the proxy server)
-->Right click on internet connection
-->Properties
-->Connections
-->LAN setting
-->Select proxy configuration.
-->Enter the address of proxy server 192.168.1.3
Port No. 6588
-->Apply
-->Ok
Finish (you can access internet connection.)
Migration.
migration
requirement
machine1 with installed win 2003 server and adds, dns.
machin2 installed with win 2008 server and specify the address of dns and make sure it
should be pinging from the domain name of machine1.
procedure:-
copy the adprep folder into the c:\ drive of win 2003 server from 2008 media source\adprep.
now the raise the forest function level of the 2003 server from 2000 to 2003 from active directory domain trust wizard.
now go to the command prompt
c:\>cd adprep enter
c:\adprep>adprep /forestprep enter press "c" to continue...
c:\adprep>adprep /domainprep press enter
c:\adprep>adprep /rodcprep press enter
now go to machine2 (win 2008 srv) and make this machine adc of the machine1.
-->start
-->run
-->dcpromo /adv press enter.
-->next
-->select first option creates a domain in existing forest
-->next
-->enter the name of the domain like "deepakorg48.com" select set credential
-->enter the administrator & password
-->next
-->next
-->check the dns option
-->next
-->next
-->next
-->next enter the restore mode password
-->next
-->reboot on completion.
now go to machine1 and run following commands.
-->run
-->cmd
-->c:\>ntdsutil
ntdsutil: roles press enter
fsmo maintenance: connections press enter
server connection: connect to server client1.deepakorg48.com press enter
server connection: q press enter
fsmo maintenance: transfer rid master press enter yes
fsmo maintenance: transfer pdc press enter yes
fsmo maintenance: transfer infrastructure master press enter yes
fsmo maintenance: transfer schema master press enter yes
fsmo maintenance: transfer domain naming master press enter yes
for check, the transfer’s roles go to the client1 and run following command
-->run
-->cmd
-->c :\> netdom query fsmo press enter (you can see transfers roles)
-->finish...
Creating Member of Domain.
creating member/client of domain controller:-
1)assign ip address and trying to ping from IP address of the domain controller.
2)assign address of dns server and ping from name of domain controller
(ping deepakorg48.com).
3)R.click on my computer>properties>change setting>change>select domain>
enter the name of the domain (deepakorg48.com)>ok.
it will ask you for the user name and password please give "administrator" as user name and "123-asd" as password
you will see a welcome msg>ok
close>restart computer.
Disjoining process:-
login with local administrator.Exp(administrator)(123-asd)
R.click on my computer>properties>change setting>change>select workgroup>
enter the name of workgroup (WORKGROUP)>ok.
close and restart.
DNS Backup & Restore.
dns backup and restore:-
run>system32 enter
d click dns folder and copy example.com.dns file and save it any drive and folder.
restore:-
run>dnsmgmt.msc enter
r.click on forward lookup zone>new zone>primary zone>
next>enter the name of zone>next>
select use existing file>next>allow automatic update>next>finish..
DNS Forwarder.
configuring dns forwarder:-
start>administrative tools>dns>r.click on computer name>click properties>forwarder enter
click>edit>enter the ip address of another dns server where you want to forward query
ok...finish