What is Active Directory? (This article taken it from http://learnthat.com and all rights and credits goes to http://learnthat.com)
Active Directory (AD) is a technology created by Microsoft to provide network services including LDAP directory services, Kerberos based authentication, DNS naming, secure access to resources, and more. Active Directory uses a single Jet database
In this tutorial, you will learn the basic structure of Active Directory, gain an understanding of how Active Directory works, learn how to install Active Directory, and learn the components of AD.
This tutorial is divided into these sections:
What is Active Directory: An overview of Active Directory and its use in technology environments.
Active Directory Structure: Learn the basics of AD, its components (such as domains![clip_image001[1]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYAlt1oE5GeOpkPpe6LIdEG3YoV50ix3c1KYxy3s1n54ASbBSNhiY-Yx_MCHfAEv5wtVQz41q-E9xugmgSJR_qM9PSAVTW0GbUcx0HSvGJCx5sE7rOAZDmlquTSKNERnZXIlgOjaRwEeM/s1600-h/clip_image001%5B1%5D%5B2%5D.gif "clip_image001[1]"){kind=small}
How to Install Active Directory: Active Directory installation is not complex in its process, but can be difficult in the future if you do not plan the installation correctly. Learn the tricks and tips you need to know to properly plan an AD installation and why administrators install AD the way they do.
This free Active Directory tutorial is not a comprehensive one on the topic, but an introduction to Active Directory and its structure and use.
History of Active Directory
Active Directory was introduced to the world in the mid-1990s by Microsoft as a replacement for Windows NT-style user authentication. Windows NT included a flat and non-extensible domain model which did not scale well for large corporations. Active Directory, on the other hand, was created as a true directory service versus a flat user-management service that NT had. Though it was introduced in the 1990s, it did not become a part of the Operating System until Windows 2000 Server was released in 2000. Since then, Windows Server 2003 and Server 2008 have been introduced and Active Directory has gone under some expansion.
This tutorial is based on Windows Server 2003 as it is currently the most widely installed version of the Windows network Operating System (NOS), though in the future we will release versions for Windows Server 2008 and future Windows releases as it becomes necessary. Though this tutorial is not focused on Windows Server 2008, much of the basic knowledge and instruction relates to either OS.
LDAP
Active Directory is based loosely on LDAP – Lightweight Directory Access Protocol – an application protocol for querying and modifying directory services developed at the University of Michigan in the early 1990s. An LDAP directory tree is a hierarchical structure of organizations, domains, trees, groups, and individual units.
Example of an LDAP Tree
Active Directory is a Directory
Sometimes, it’s easy to get lost in all of the technology and functions that are provided with AD and forget that Active Directory is a directory. It is a directory in both the common use of the term like a white pages (you can add in a person’s first name, last name, phone number, address, email address, etc) and a directory of information for use by applications and services (such as Microsoft Exchange for email). AD is functionally a place to store information about people, things (computers, printers, etc), applications, domains, services, security access permissions, and more. Applications and services then use the directory to perform a function.
For example, Microsoft Windows uses Active Directory information to allow a user to login to their computer and provide access to the security rights assigned in Active Directory. Windows is accessing the directory and then providing rights based on what it finds. If a user account is disabled in Active Directory, the directory itself is just setting a flag which Windows uses to disallow a user from logging in.
We mentioned in the introduction that administrators use Active Directory to deploy software – this is an incomplete description. Administrators can set policies and information that a certain software application should be deployed to a certain user – AD itself does not deploy the software, but a Windows service reads the information from Active Directory and then installs the software.
Once you grasp the concept that Active Directory is a directory, you’re halfway to understanding why it is built the way it is!
Unlike Windows NT![clip_image001[2]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif6CxN2nZwbxllPgf7qidwaAIvZGLrzKWgmvHWy9usJw39NfIHbUtyF29xqIBxYsjr7f4Zdegy14WHFfketYHUi5JdA8Gc_po5PdbrF9I0aMSbpoP_tnzY36Sm9piN3LS4z7GwOQpS5F8/s1600-h/clip_image001%5B2%5D%5B2%5D.gif "clip_image001[2]"){kind=small}
Achieving this flexibility in hierarchical design is a defined structure. The structure of Active Directory starts with forests and domains![clip_image001[3]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcSHF4Z0vAYZXZxt1lAH11Crfz7vwjCGo6ts-kuWNuIvffxyd47dWQxdcfVN8Uqa6-1xuiNRLQ2MQss5nOqlVh20pnWu5mbUIIXoxImFWL6F-8z3NkRzFQpbXFgFXPT7fcU5h-BHxAS8E/s1600-h/clip_image001%5B3%5D%5B2%5D.gif "clip_image001[3]"){kind=small}
In this section, we are going to look at the basic building blocks of Active Directory – all those things which make it such a flexible directory service.
Basic Active Directory Components
At its core, Active Directory needs structure to work properly. It provides the basic building blocks for people to build their own directory. These basic building blocks of Active Directory include domains![clip_image001[4]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMTZY7CApAznZCaX92phgmyphn-uLmEYlTTxXyBjE1FBn_7ywyxsOm5t1P3OimxTnjmJyjfRJHgA1CW7Plc7FiGB5dMVFi_R7hNxOixJoOEyaobw6J0f-aTz7KwDXmnklLyRbqQS2IaIE/?imgmax=800 "clip_image001[4]"){kind=small}
Understanding Forests
At the top of the Active Directory structure is a forest. A forest holds all of the objects, organizational units, domains, and attributes in its hierarchy. Under a forest are one or more trees which hold domains, OUs, objects, and attributes.
As illustrated in this image, there are two trees in the forest. You might use a structure like this for
organizations with more than one operating company.
You could also design a structure with multiple forests, but these are for very specific reasons and not common.
Domains
At the heart of the Active Directory structure is the domain. The domain is typically of the Internet naming variety (e.g. Learnthat.com), but you are not forced to stick with this structure – you could technically name your domain whatever you wish.
Microsoft recommends using as few domains and possible in building your Active Directory structure and to rely on Organizational Units for structure. Domains can contain multiple nested OUs, allowing you to build a pretty robust and specific structure.
Domain Controllers
In Windows NT, domains used a Primary Domain Controller (PDC) and Backup Domain Controller (BDC) model. This had one server, the PDC, which was “in charge” while the other DCs where subservient. If the PDC failed, you had to promote a BDC to become the PDC and be the server in charge.
In Active Directory, you have multiple Domain Controllers which are equal peers. Each DC in the Active Directory domain contains a copy of the AD database and synchronizes changes with all other DCs by multi-master replication. Replication occurs frequently and on a pull basis instead of a push one. A server requests updates from a fellow domain controller. If information on one DC changes (e.g. a user changes their password), it sends signal to the other domain controllers to begin a pull replication of the data to ensure they are all up to date.
Servers not serving as DCs, but in the Active Directory domain, are called ‘member servers.’
Active Directory requires at least one Domain Controller, but you can install as many as you want (and it’s recommended you install at least two domain controllers in case one fails).
Trust Relationships
Trust Relationships are important in an Active Directory environment so forests and domains can communicate with one another and pass credentials. Within a single forest, trusts are created when a domain is created. By default, domains have an implicit two-way transitive trust created. This means each domain trusts each other for security access and credentials. A user in domain A can access resources permitted to him in domain B while a user in domain B can access resources permitted to her in domain A.
AD allows several different types of trusts to be created, but understanding the two-way transitive trust is the most important to understanding AD.
Organizational Units
An Organizational Unit (OU) is a container which gives a domain hierarchy and structure. It is used for ease of administration and to create an AD structure in the company’s geographic or organizational terms.
Organizational Units
An OU can contain OUs, allowing for the creating of a multi-level structure, as shown in the image above. There are three primary reasons for creating OUs:
Organizational Structure: First, creating OUs allows a company to build a structure in Active Directory which matches their firm’s geographic or organizational structure. This permits ease of administration and a clean structure.
Security Rights: The second reason to create an OU structure is to assign security rights to certain OUs. This, for example, would allow you to apply Active Directory Policies to one OU which are different than another. You could setup policies which install an accounting software application on computers in the Accounting OU.
Delegated Administration: The third reason to create OUs is to delegate administrative responsibility. AD Architects can design the structure to allow local administrators certain administrative responsibility for their OU and no other. This allows for a delegated administration not available in Windows NT networks.
Groups
Groups serve two functions in Active Directory: security and distribution.
A security group contains accounts which can be used for security access. For example, a security group could be assigned rights to a particular directory on a file server.
A distribution group is used for sending information to users. It cannot be used for security access.
There are three group scopes:
Global: Global scope security groups contains users only from the domain in which is created. Global security groups can be members of both Universal and Domain Local groups.
Universal: Universal scope security groups can contain users, global groups, and universal groups from any domain. These groups are typically used in a multi-domain environment if access is required across domains.
Domain Local: Domain Local scope groups are often created in domains to assign security access to a particular local domain resource. Domain Local scope groups can contain user accounts, universal groups, and global groups from any domain. Domain Local scope groups can contain domain local groups in the same domain.
Sites
An Active Directory site object represents a collection of IP subnets, usually constituting a physical Local Area Network (LAN). Multiple sites are connected for replication by site links. Typically, sites are used for:
Physical Location Determination: Enables clients to find local resources such as printers, shares, or domain controllers.
Replication: You can optimize replication between domain controllers by creating links.
By default, Active Directory uses automatic site coverage, though you can purposefully setup sites and resources.
Replication
Since most Active Directory networks contain multiple domain controllers and users could theoretically attach to any DC for authentication or information, each of the servers needs to be kept up to date. Domain Controllers stay up to date by replicating the database between each other. It performs this using a pull method – a server requests new information from a different DC frequently. After a change, the DC initiates a replication after waiting 15 seconds (in Windows 2003) or 5 minutes (in Windows 2000). Windows Server 2003![clip_image001[5]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0Fk0iIxIrB2mle4DhzonQTcEA9wBaJ6xgF-qUlcH5rZyzntWcA3g7J-Y-buzAkI5P5BgVYl5afd7iJaqHANvQ5ohKNw3qo8K_moYaE7-yDeNQTPI36tosGmDgiaSzbKH-NQSrjEUDixM/?imgmax=800 "clip_image001[5]"){kind=small}
Windows Server sets up a replication topology to determine where a server updates from. In a large network, this keeps replication time down as servers replicate in a form of a ring network.
Active Directory uses multi-master replication. Multimaster replication does not rely on a single primary domain controller, but instead treats each DC as an authority. When a change is made on any DC, it is replicated to all other DCs. Although each DC is replicated alike, all of the DCs aren’t equal. There are several flexible single-master operation roles which are assigned to one domain controller at a time.
AD uses Remote Procedure Calls (RPC) for replication and can use SMTP for changes to schema or configuration.
FSMO Roles
All domain controll
ers are not equal. We know, it’s hard to hear. You’ve spent this whole time reading this tutorial thinking that all DCs are created equal and now we have to burst your bubble. Some DCs have more responsibility than others. It’s just part of life!
There are five roles which are called operations masters, or flexible single-master operations (FSMOs). Two are forestwide roles and three are domainwide roles. The forestwide roles are:
Schema master: Controls update to the Active Directory schema.
Domain naming master: Controls the addition and removal of domains from the forest.
The three domainwide roles are:
RID master: Allocates pools of unique identifier to domain controllers for use when creating objects. (RID is relative identifier).
Infrastructure master: Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server, unless all of the DCs are global catalog servers.
PDC Emulator: Provides backward compatibility for NT 4 clients for PDC operations – such as a password change. The PDC also serves as the master time server.
Global Catalog
As a network gets larger, it can contain multiple domains and many domain controllers. Each domain only contains records from its own domain in its AD database to keep the database small and replication manageable. The Active Directory domain relies on a global catalog database which contains a global listing of all objects in the forest. The Global Catalog is held on DCs configured as global catalog servers.
The global catalog contains a subset of information – such as a user’s first name and last name – and the distinguished name of the object so your client can contact the proper domain controller if you need more information. The distinguished name is the full address of an object in the directory. For example, a printer in the OU Accounting in the Learnthat.com domain might have a distinguished name of:
CN=AcctLaser1,OU=Accounting,DC=Learnthat,DC=com
The GC database is only a subset of the entire database called the Partial Attribute Set (PAS), containing 151 of the 1,070 properties available in Windows Server 2003. You can define additional properties for replication to the GC by modifying schema.
Active Directory Hierarchies
Now that you understand the building blocks of Active Directory, you can start to understand how to build a hierarchy in Active Directory. One of the foundations of design for AD has been a flexibility to allow companies to build a structure which fits into their organization. This flexibility allows organizations of all sizes to use Active Directory to meet their needs.
Domains and OUs
The most basic design of an Active Directory is a single forest, single domain, no Organizational Unit design.
Basic AD Installation
For a small organization, this might be adequate, but almost every organization can benefit from some structure.
Creating multiple domains![clip_image001[6]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg02djljiC2NC-8NVOVs3NsXUo0WwI3TETgi9Do3-ZRH5py9YRKtkuM4xYF_H57RxaY5-KNv2KEEtO-bU7A1jK-aOZyYONeEoguFo_gTCdNZoGsmY41cKUJDXezJrD0kucSxn7bMEYbD8o/?imgmax=800 "clip_image001[6]"){kind=small}
Typically, companies design their OU trees based on either geographic separation (e.g. Americas, EMEA, PacificRim) or based on organizational design (e.g. Accounting, Marketing, Technology, Sales). There is no incorrect way to design your AD environment, however, consistency should be key. You shouldn’t mix the two design methods and have a top level Americas OU and a top level Sales OU. Doing so makes administration difficult as you won’t know where a particular salesperson’s account is.
Also, remember that OUs allow enterprise administrators to delegate administration responsibility to local teams. Building an effective OU design will allow you to properly delegate authority.
The other reason OUs are used is to apply policies. Policies are rules for security, access, and functionality which can apply to several different containers in Active Directory. Frequently, policies are applied by OU – so though you might separated geographically (and therefore want to set up your structure based solely on geography), it might make more sense to setup your AD by organizational divisions. Why? Because if all of your marketing employees need the same software and settings, you will setup policies based on the department instead of the physical location of the employees.
Domain Trees
Once an organization becomes large and you cannot have the entire AD database![clip_image001[7]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAOgpKIhA4U9FFYS196W6nSvQDBEDxDDsujGRUUEtZ2j0IONYNV6N6ijPOwm1ZG9rpW0ueqhG4BIxJDuSrXdNyIZlqMbGlevLG9L4YZVZw1v8XkLL6DNcoHLKQl96NIa8UGQC5zXSeakA/?imgmax=800 "clip_image001[7]"){kind=small}
Domain-wide policies can be changed per domain in a domain tree which is not possible with only an OU structure. Policies such as minimum and maximum password age, minimum password length, and account lockout are domain-wide policies and cannot be changed on a per-OU basis. By creating multiple domains, administrators can set these policies for each domain.
Domain Tree
In the illustration above, learnthat.com has a domain tree in the Active Directory domain.
Forest of Domain Trees
In more complex environments, a company may use multiple domain trees in a single forest. This might be a large operating company with multiple subsidiaries – each requiring their own domain, for example, ThatNetwork.com is the parent company and subsidiaries might include Learnthat.com, Romancetips.com, Exampractice.com. This structure makes sense if you have different administrative staff for each domain, along with different policies and different security requirements.
You can still setup trusts between the domains to allow users to authenticate for resources in either domain.
Multiple Forests
The last possibility is using multiple forests. This is the less frequent design choice, but can be used with you want an absolute separation for one reason or another. This structure is most often found when companies merge or in the case of acquisitions. In Windows 2003, you can setup forest trusts between forests to allow some access.
DNS
Active Directory is integrated with Domain Naming System (DNS) and requires it to be present to function. DNS is the naming system used for the Internet and on many Intranets. You can use DNS which is built into Windows 2000 and newer, or use a third party DNS infrastructure such as BIND if you have it in the environment. It is recommended you use Window’s DNS service as it is integrated into Windows and provides the easiest functionality.
AD uses DNS to name domains![clip_image001[8]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCJhIGMyqXCXK_2Ol6JpZVf1DY40DdcgNUgDeC_N9Soo7HMKGWFNE9MTqfuRd9VIB7M-_GirWIhv9k3LDTpCKdyfGbBeu11Gfc3bMzWX0g4f8jA0LwvuSTm9TLNcLG2Hs41YZSLYzUssg/?imgmax=800 "clip_image001[8]"){kind=small}
A DNS server![clip_image001[9]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGFG7yBh2V5hSmDVuUO2XyMw703OC7nxa5s07p5UszyebJM2x2WKj00-E_DeRj0oGYWg460NPxq-tVPtDHSbv8de1n9j9nD5T82rbcYuWnXQDDUyQkXMEAY8P_hWUWrzCeuqwsrUhpXik/?imgmax=800 "clip_image001[9]"){kind=small}
ot only to find domain names, but also objects and their IP address. It also uses service location records (SRV) to locate services.
Active Directory Installation
Some larger organizations take months (and in some cases, over a year) to plan a proper Active Directory design and get input from a global organization of technology leaders. It is extremely important to give a lot of thought to your AD design to ensure it meets your organization’s needs.
Choosing Your AD Layout
As we mentioned earlier, there are many ways you can structure your Active Directory. From a top level down perspective, most companies either start with a geographic separation or a organizational structure separation, for example Americas, EMEA, PacificRIM for geographic or Accounting, Marketing, Technology, Sales for organizational structure. It does not matter which you select: either will provide a fine starting point for your domain structure, but you need to ensure you pick one direction and be consistent with your choices.
Many organizations start with geography at the top level, then break down into business units or departments underneath that top level. It is important to write naming conventions and standards down so a team in Europe does not call an OU “SalesMarketing” while a team in North America calls an OU “Sales.” Consistency provides for an efficient and manageable Active Directory layout.
There are many different combinations you could choose when designing your AD structure.
Installation Requirements
In this section, we will look at the installation requirements of Active Directory. Installing AD isn’t a complex process, but the design and configuration can be.
Here are the requirements for installing Active Directory on Windows Server 2003:
· An NTFS partition with enough free space
· An Administrator’s username and password
· NIC with Network Connection
· Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· Windows Server 2003 CD media or the i386 Folder
Functional Levels
In Windows 2000, you chose from two levels: mixed mode or native mode. When Windows 2000 Server was introduced, NT 4 was still a popular server option. To ensure backward compatibility with these servers and clients, Windows 2000 defaulted to mixed mode where you could add Windows NT 4 servers to the Windows 2000 Active Directory domain.
Windows Server 2003 introduced functional levels – a set level of backward compatibility for previous operating systems. If you are in an environment with NT 4 servers and Windows 2000 servers which are still accessed, you can set a functional level to ensure backwards compatibility.
Windows 2003 expands from those two modes to one of many domain functional levels including Windows 2000 Mixed, Windows 2000 Native, Windows Server 2003 Interim, and Windows Server 2003. Also, in Windows Server 2003, you have three forest functional levels available: Windows 2000, Windows Server 2003 Interim, or Windows server 2003. Each functional level brings new features available and lose compatibility with some set of servers or clients.
By default, Windows Server 2003 starts at Windows 2000 Mixed functional level. Not all of the features of 2003 are available in this mode, so if you are designing a new Windows 2003 AD environment, you will want to take advantage of the new features added in Windows Server 2003.
In Windows 2000, we referred to this change as “changing the mode,” but in Windows 2003, we now raise the functional level with either Active Directory Users and Computers or Domains and Trusts.
This change cannot be reversed – once you make a decision to raise the functional level, you cannot go back to a lower functional level.
Active Directory
Please note: these installation instructions are for a brand new domain – not for adding a server as a member server or domain controller in an existing domain. Following these instructions in a production network is not recommended.
We are going to review the AD installation process from a clean install of Windows Server 2003. You may have already set some of these settings, so look through the steps and perform any tasks you have failed to do.
Set Network Settings
1. This server will be both a domain controller and a DNS server, so we are going to set a static IP address.
2. Click Start, Control Panel, Network Connections and select your network connection.
3. Click Properties.
4. Click Internet Protocol (TCP/IP) and click Properties.
5. Enter in your static IP address information and preferred DNS servers. Notice one of the DNS servers I listed is the server itself – this will be a DNS server in a minute.
6. Click OK.
7. Click Close.
8. Click Close.
9. Click Start. Right-click on My Computer and select Properties.
10. Click on the Computer Name tab.
11. Click on the More button.
12. Enter in the domain name you are going to be using for your AD domain in the Primary DNS suffix of this computer text field.
13. Click OK.
14. Click OK. Acknowledge that you have to reboot and click OK.
15. Click Yes to the prompt asking you if you wan
t to reboot.
Install the DNS Service
16. On the Manage Your Server window, select Add or remove a role. (Don’t see this window at startup? Find it at Start > All Programs > Administrative Tools > Manage Server)
17. Click Next.
18. Click DNS Server and click Next.
19. Click Next.
20. Insert your Windows Server 2003 setup cd and click OK.
21. Navigate to where the i386 folder is and click OK.
22. Click Next to start the DNS wizard.
23. Click Next to create a forward lookup zone.
24. Click Next that this server retains a the zone.
25. Name your zone with your domain name. Click Next.
26. Accept the default filename and click Next.
27. Click Allow both nonsecure and secure dynamic updates. Click Next.
28. Select whether or not this DNS server should forward queries. If you use an ISP for DNS resolution for Internet sites, enter in your ISP’s DNS servers in the first option. If this DNS server will resolve all queries, select the second option. Click Next.
29. Click Finish.
30. Click Finish.
31. Congratulations! You have setup a DNS server!
Setting Up Active Directory
32. On the Manage Your Server window, click Add or remove a role.
33. Click Next.
34. Select Domain Controller (Active Directory) and click Next.
35. Click Next.
36. Click Next when the Active Directory wizard opens.
37. Click Next.
38. Click Next.
39. Click Next.
40. Enter in your domain name and click Next.
41. Enter in a NetBIOS name or accept the default and click Next.
42. Click Next to accept the default locations for the database![clip_image001[10]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU759UjwhXL3D9H3sL2BoEMUSfxEWt69lNW2XduKr1ZM3LfIok04NYkrE-gMct2l8XWkuV3p7e5tU3WHPJ_5sWco9lL5eOUkEn-zuBom6aPrM01YClGlEtRsFt2L84AVuKbA4LCGgeDqs/?imgmax=800 "clip_image001[10]"){kind=small}
43. Enter a location for the Shared System Volume and click Next.
44. Click Next.
45. Click Next.
46. Enter in a password and click Next.
47. Click Next.
48. The wizard will configure Active Directory.
49. Click Finish to complete the wizard.
50. Click Restart Now.
Congratulations,
Creating Organizational Units
As we discussed earlier, Organizational Units provide a mechanism to design a hierarchical structure within your Active Directory environment. Once you have designed your AD structure, you are ready to create the OUs in the environment.
1. Click Start > Administrative Tools > Active Directory Users and Computers.
2. Double-click the domain name to open it up.
3. You will see a default structure with no Organizational Units. Right-click on the domain name and select New > Organizational Unit.
4. Enter the name of the OU you want to create and click OK.
5. You will now see the OU you just created. Continue the process and build out the top level OUs.
6. You now have a structure from which to build your organizational structure. For a small organization, we would create a Users and Computers organizational unit under each of the top level OUs.
7. Right-click on Accounting and select New > Organizational Unit and enter in Computers. Click OK. Repeat this process for the Users OU.
8.  
; Now repeat the process for each department and you will have a structure of OUs created
Post Active Directory Install
There are several steps you should do after the Active Directory installation to ensure installation went correctly and make sure AD operates properly in your environment.
Verify Installation
After you have installed Active Directory, there are several steps you can take to ensure setup functioned correctly.
First, you can ensure the AD tools are installed. Click on Start and click Administrative Tools. You should have these tools installed:
Next, open Active Directory Sites and Services. You should have a Default-First-Site-Name listed and when you open it up, you should find your domain controller listed as a server.
Finally, open up DNS management. Open up the DNS server name, the Forward Lookup Zones, the domain name, and _tcp. It should look like this with four SRV records:
Once you’ve performed these tasks, you’ve confirmed that your AD environment is installed.
Management Utilities
There are several management utilities you use to manage the Active Directory environment. As you saw after installation, you have these utilities (which are MMC snap-ins):
Active Directory Domains and Trusts: Manage domains and trusts between domains using this tool.
Active Directory Sites and Services: Setup and manage sites (physical networks).
Active Directory Users and Computers: Create and manage users, computers, other objects, OUs.
