*There will be a Dallas Office
*The Dallas OU and Site Structure
*What is an Read Only Domain Controller?
*Building an RODC for Dallas.
1) So what we will do is that we will create Dallasou with two sub OU's DallasUsers and DallasComputers in Chicago domain (Child domain).
2) Then we will create a Dallas Site so we can have a physical representation of our Network.
What is an Ready Only Domain Controller?
For low security location with few users, an RODC is a happy thing.
*An RODC allows users that the administrator allows to log in to a particular location.
*The RODC downloads only the Users account information that it needs - it doesnt upload anything to the writeable (or Full) Domain Controller.
*You Don't need to have a Global Catalog on the RODC- You can use Universal Group Caching to cut down on replication traffic.
*Better yet, you can use the Server Core installation to proivde two important advantages:
- You don't need a super-duper box to run it.
- You can remotely administrate the server core functions using MMC's.
Once you install Server Core 2008 enterprise edition on the computer, you will get a CMD screen at startup.
Type Help for more options.
You need to copy the CoreConfigurator2.msi file locally in another location EX: D drive.
Now type the path of the CoreConfigurator.msi file in cmd. Ex: D:\>CoreConfigurator2.msi and extract the application on the computer. Change the location path to other folder to etract Ex : C:\cc.
Now in CMD type go CC location EX : C:\cc cd
Then type C:\cc>dir
Now type C:\cc>Coreconfigurator2.exe (A small window will get open)
Now you will see this window. Here you can configure Computer name, Ip address, Install AD services.
.
Installation of AD in RODC
1) Now Click on DCPROMO
2) Select Add an DC to an existing forest >
3) Give Domain name EX : na.globamantics.com (Copy of Child domain) and Select check mark RODC > Give Credentials > But when you click Next, you will be prompted to Select the Site (we have created a site location for Dallas in DC1) so Select Dallas >
4) Then click on RUN DCPROMO.
Once the computer is rebooted, type systeminfo in CMD to check the computer details.
_____________
How to Attach an MMC to a Server Core Installation for management?
Once the installation of AD gets complete on Dallas DC, go to Child domain Chicago DC
1) Open MMC
2) File > Add and remove Snap in
3) Add AD users and computers, AD sites and services, DNS and computer Management, (When you add computer management, Select Another computer and give the Dallas branch office computer name Ex : RODC-Dallas-2k8 and Finish)
4) OK
Now go to AD users and computers
1) Select Domain Ex :na.globamantics.com
2) Right Click Select Change Domain Controller.
3) Select RODC-DALLAS-2k8.na.globamntics.com Branch
4) You can view the AD structure but you cannot modify anything on it because it is read only copy.
5) Go to File Saves As on Desktop or anywhere, so you can view the AD of Dallas branch office easily.
Note : If a DC is a Global Catalog Server, then you cannot make it Universal membership Group Caching. But if is not a Global Catalog Server, you can make it as Universal membership Group Caching.
On Chicago DC
* Here you need to change the replication schedule on Chicago DC by going into sites and computers > Dallas NTDS > Properties.
How to Setup which users can log in at that RODC location?
* Now go to AD users and computers
1) Select Domain Controllers
2) You Can See two computers on Right Side , Select RODC computer > Properties
3) Go to Password Replication Policy
4) Select Allow RODC Password Replication Group from the List and click on Remove > Yes.
5) Now Click on Add > Check Mark Allow Passwords for the account to replicate to this RODC > OK
6) Then add The "Dallas TestUser" to the List > Apply.
7) Select "Dallas Testuser" in the List and click on ADVANCED and click on RePopulate users
8) Type "Dallas testuser" in the object and click Ok so we PREPOPULATE password for the user.
9) OK.
What is Prepoulate passwords?
In order for a user to be abe to log on to a Read only DC when no writable DC is available, the passwords for both the user account and the computer account of the computer that the user is logging on to must already be storage on the RODC. Prepopulating the password for a user account will succeed only if the account is included in the allowed list of passwords that can be cached on the RODC.
1) Go to AD users and computers.
2) Select DallasTestUser > Properties.
3) Go to Password Replication Tab
4) Check If RODC is listed there.
Note: Users from New york (DC1) can still log in with their email style login, more commonly known as a UPN (User Prinicple Name) with the presence of a Global Catalog OR by enabling Universal Group Caching and putting Users that you want into a Universal Group.
After performing above steps, now you can:
*Install Server 2008 as a Server Core installation.
*Use a Configuration script to configure basic settings for your Server core installation.
*Install AD DS Role with the RODC option.
* Attach an MMC to a Server Core Installation for management.
* Configure Universal Group Caching for a Site so you don't have to provide a Global Catalog for that Site.
* Setup which users can log in at that location
* Pre-populate passwords for users that will be logging in at the location for a faster login experience.
*The Dallas OU and Site Structure
*What is an Read Only Domain Controller?
*Building an RODC for Dallas.
1) So what we will do is that we will create Dallasou with two sub OU's DallasUsers and DallasComputers in Chicago domain (Child domain).
2) Then we will create a Dallas Site so we can have a physical representation of our Network.
What is an Ready Only Domain Controller?
For low security location with few users, an RODC is a happy thing.
*An RODC allows users that the administrator allows to log in to a particular location.
*The RODC downloads only the Users account information that it needs - it doesnt upload anything to the writeable (or Full) Domain Controller.
*You Don't need to have a Global Catalog on the RODC- You can use Universal Group Caching to cut down on replication traffic.
*Better yet, you can use the Server Core installation to proivde two important advantages:
- You don't need a super-duper box to run it.
- You can remotely administrate the server core functions using MMC's.
Once you install Server Core 2008 enterprise edition on the computer, you will get a CMD screen at startup.
Type Help for more options.
You need to copy the CoreConfigurator2.msi file locally in another location EX: D drive.
Now type the path of the CoreConfigurator.msi file in cmd. Ex: D:\>CoreConfigurator2.msi and extract the application on the computer. Change the location path to other folder to etract Ex : C:\cc.
Now in CMD type go CC location EX : C:\cc cd
Then type C:\cc>dir
Now type C:\cc>Coreconfigurator2.exe (A small window will get open)
Now you will see this window. Here you can configure Computer name, Ip address, Install AD services.
.Installation of AD in RODC
1) Now Click on DCPROMO
2) Select Add an DC to an existing forest >
3) Give Domain name EX : na.globamantics.com (Copy of Child domain) and Select check mark RODC > Give Credentials > But when you click Next, you will be prompted to Select the Site (we have created a site location for Dallas in DC1) so Select Dallas >
4) Then click on RUN DCPROMO.
Once the computer is rebooted, type systeminfo in CMD to check the computer details.
_____________
How to Attach an MMC to a Server Core Installation for management?
Once the installation of AD gets complete on Dallas DC, go to Child domain Chicago DC
1) Open MMC
2) File > Add and remove Snap in
3) Add AD users and computers, AD sites and services, DNS and computer Management, (When you add computer management, Select Another computer and give the Dallas branch office computer name Ex : RODC-Dallas-2k8 and Finish)
4) OK
Now go to AD users and computers
1) Select Domain Ex :na.globamantics.com
2) Right Click Select Change Domain Controller.
3) Select RODC-DALLAS-2k8.na.globamntics.com Branch
4) You can view the AD structure but you cannot modify anything on it because it is read only copy.
5) Go to File Saves As on Desktop or anywhere, so you can view the AD of Dallas branch office easily.
Note : If a DC is a Global Catalog Server, then you cannot make it Universal membership Group Caching. But if is not a Global Catalog Server, you can make it as Universal membership Group Caching.
On Chicago DC
* Here you need to change the replication schedule on Chicago DC by going into sites and computers > Dallas NTDS > Properties.
How to Setup which users can log in at that RODC location?
* Now go to AD users and computers
1) Select Domain Controllers
2) You Can See two computers on Right Side , Select RODC computer > Properties
3) Go to Password Replication Policy
4) Select Allow RODC Password Replication Group from the List and click on Remove > Yes.
5) Now Click on Add > Check Mark Allow Passwords for the account to replicate to this RODC > OK
6) Then add The "Dallas TestUser" to the List > Apply.
7) Select "Dallas Testuser" in the List and click on ADVANCED and click on RePopulate users
8) Type "Dallas testuser" in the object and click Ok so we PREPOPULATE password for the user.
9) OK.
What is Prepoulate passwords?
In order for a user to be abe to log on to a Read only DC when no writable DC is available, the passwords for both the user account and the computer account of the computer that the user is logging on to must already be storage on the RODC. Prepopulating the password for a user account will succeed only if the account is included in the allowed list of passwords that can be cached on the RODC.
1) Go to AD users and computers.
2) Select DallasTestUser > Properties.
3) Go to Password Replication Tab
4) Check If RODC is listed there.
Note: Users from New york (DC1) can still log in with their email style login, more commonly known as a UPN (User Prinicple Name) with the presence of a Global Catalog OR by enabling Universal Group Caching and putting Users that you want into a Universal Group.
After performing above steps, now you can:
*Install Server 2008 as a Server Core installation.
*Use a Configuration script to configure basic settings for your Server core installation.
*Install AD DS Role with the RODC option.
* Attach an MMC to a Server Core Installation for management.
* Configure Universal Group Caching for a Site so you don't have to provide a Global Catalog for that Site.
* Setup which users can log in at that location
* Pre-populate passwords for users that will be logging in at the location for a faster login experience.
No comments:
Post a Comment