Ch 8-3

Working with domains and Active Directory

Objectives

• Understand DHCP• Microsoft DHCP• Install and configure DHCP• Install and configure Active Directory• Promote the server to a domain controller

What is DHCP?

• DHCP stands for Dynamic Host configuration Protocol

• DHCP helps the server assign and manage IP addresses for every node on the network

• Every node must have a unique IP address, using a central management authority ensures that every node receives the correct address

Hands-On Microsoft Windows Server 2008 4

Microsoft DHCP• Dynamic Host Configuration Protocol (DHCP)

– Enables a Windows Server 2008 server with DHCP services to detect the presence of a new client

– Assign an IP address to that client

• A scope :a pre-assigned range of IP addresses that The DHCP server has can give to a new client – Ex: the range from 192.168.1.100 to 192.168.1.200

• Since DHCP have a limited range of IP addresses, it Leases the IP address for a certain amount of time to a specific node and use it again to after the lease time expires

Hands-On Microsoft Windows Server 2008 5

Microsoft DHCP (continued)

• Microsoft DHCP server can support the following:– Dynamic configuration of DNS server forward – reverse lookup zone records– Up to 1000 different scopes– Up to 10,000 DHCP clients

• A Windows Server 2008 server can be configured in the role of a DHCP server using Microsoft DHCP services

• The DHCP server automatically updates the DNS server at the time it assigns an IP address– Using dynamic DNS updates can significantly save time in

creating DNS lookup zone records

Hands-On Microsoft Windows Server 2008 6

Microsoft DHCP (continued)

• A Microsoft DHCP server can also:– Reserve an IP address for a specific computer– Update all computers on a network for a particular

change in DHCP settings– Provide DHCP services to multiple subnetworks– Skip certain IP addresses from a scope

Hands-On Microsoft Windows Server 2008 7

Configuring a DHCP Server

• First, set up one or more scopes of contiguous address ranges and activate each scope

• Configuring a scope includes the following:– Obtain the range of addresses to be used– Determine the subnet mask for the range of addresses– Decide on a name for the scope, such as naming it to

reflect the name of a department or division in your organization

– Decide how long to lease IP addresses– Determine whether to exclude specific addresses

Hands-On Microsoft Windows Server 2008 8

Configuring a DHCP Server (continued)

• Second, authorize the DHCP server– The process of authorizing the server is a security

precaution to make sure IP addresses are only assigned by DHCP servers that are managed by network and server administrators

• Third, a step that is not required, but that saves time in managing DNS, is to configure the DHCP server and its clients to automatically update DNS records

Installing DHCP service

• DHCP role can be installed using the add role wizard from the server manager

• If you have multiple connections on your machine, you must ensure that the wizard has recognized the local connection as the one it should manage. A common error in Windows is for the server to try to manage the wrong connection. When you see this problem, temporarily disable the errant connections in the Network Connections window

Installing DHCP service

• One feature you must configure is DHCP Scopes. When you select DHCP Scopes, you see the Add or Edit DHCP Scopes page. Click Add to add a new scope

• The scope must not include the server’s IP address. However, the scope must match the server’s IP address configuration. For example, when the server has an IP address of 192.168.0.1, then the scope can include the range of addresses from 192.168.0.2 to 192.168.0.255. The subnet mask must also match the server’s subnet mask. After you configure the DHCP scope, click OK.

Installing DHCP service

• After you perform the required configuration for your DHCP server, choose the Confirmation entry. Review the settings and click Install

Authorize the DHCP server

1. Open the DHCP console found in the Administrative Tools folder.

2. Open the folder containing the root DHCP entry for your server. You see entries for both IPv4 and IPv6 below this root entry.

3. Right-click the root entry and choose Authorize from the context menu. Windows displays a message that it’s authorizing the server.

4. After a few moments, right-click the root entry and verify that the Authorize entry is gone from the context menu and that Windows has replaced it with an Unauthorize entry.

5. Close the DHCP console.

Promote to a domain controller

• At this point Active directory should be installed to the server

• The promotion to a Domain controller can be done by :1. Install Active directory role2. using the Domain Controller Promotion

(DCPromo) utility

Install and configure Active Directory Directory Service

1. Click Start, point to Administrative Tools, and click Server Manager.2. Scroll to the Roles Summary section in the right pane.3. Click Add Roles.4. If you see the Before You Begin dialog box, click Next.5. Click the box for Active Directory Domain Services. Click Next.6. Read the information about Active Directory Domain Services.What other services are installed when you install this role?7. Click Next.8. Click Install.9. Review the Installation Results window and ensure that you see Active Directory

Domain Controller is an installed service and that the installation succeeded,10. Click Close.11. Click Start and click Run.

Promote the server to a Domain controller

12. Type dcpromo in the Open text box to run the Active Directory Domain Services Installation Wizard. You use this wizard to finish the steps to make this computer a domain controller. Click OK.

13. After the wizard starts, click Next.14. If you see a screen with information about improved

security settings, read the information and click Next.15. Click the option button to Create a new domain in a

new forest, and then click Next.16. Enter the domain name, such as jpcomp.com (where jp

are your initials), and click Next.

Promote the server to a Domain controller

17. Click the Forest functional level drop-down list arrow. Notice that you can select from three forest functional levels: Windows 2000, Windows Server 2003, and Windows Server 2008. For this activity, select Windows Server 2008, unless your instructor specifies otherwise. Click Next

Promote the server to a Domain controller

18. Click Next in the Additional Domain Controller Options window. If you see a warning box that this computer has a dynamically assigned IP address, click Yes so that you can proceed. This means your IPv4 or IPv6 address is dynamically configured (the IP address is assigned automatically), which you can reconfigure later. If you see this message, plan to go back and reconfigure your network connection to have a manually (static) assigned IPv4 and IPv6 address—see your instructor for a specific address to use. Record the location of the database, log files, and SYSVOL.

19. Click Next.

Promote the server to a Domain controller

20. Assign a password to use in case the domain controller needs to be started in the Directory Services Restore Mode, and confirm the password (you can use the Administrator account password for this activity). Click Next.

21. Review the selections you have made and click Next.

22. As the wizard works to configure the services, check the box for Reboot on completion.

23. Log on after the computer has rebooted.