Last updated on September 1st, 2021
Active Directory Configuration in the Windows domain controller Server step by step. First, we have to install the Active Directory domain services.
Active Directory Configuration
Well, what is Active Directory?
It is the foundation of the Windows domain.
It’s essentially a catalog of all the registered objects in the domain and it provides authentication services and security principles that allow those users and computers to access the resources with granted permissions.
So we’re going to start with a real-world scenario.
We’re going to provide some real examples of how Active Directory might be set up and we can go through and actually configure it.
As if we were starting fresh for a real business so we’re going to be working with the imaginary Carmack’s dealership.
It has one headquarter location and two sales locations.
The headquarters has an administrative department accounting and HR and then the two locations have sales staff, mechanic staff, and management.
So back on our server with the server manager window open.
We’ll go up into the top right-hand corner to tools then we’ll click Active Directory users and computers to open it.
On the left-hand side of a duck or Active Directory users and computers, you’ll see our test.local domain.
If we expand that we’ll see some of the built-in organizational units that come by default.
Active Directory Structure
Now when we’re structuring Active Directory, the rule of thumb is always to start with the biggest organizational unit.
We want to start with the biggest division or biggest organizational structure unit that we can think of. And then work smaller.
So for our business, we’ll start with our three locations.
We’ve got a headquarters and two sales locations. So with our domain selected, we’ll right-click in the middle of the screen then click a new organizational unit and we’ll give it a name for instance headquarters.
And we’ll repeat that step for the other two locations.
Now we’ll create two more organizational units and we’ll call our two sales locations Carmack’s east and Carmack’s west.
From here following our rule we’ll go to the next largest group of objects that we’re gonna put into Active Directory.
Personally, I like to take each and separate them into users and computers.
Since that’s going to be the most common object in our Active Directory structure.
So for each location, you are going to select it.
Make sure you name each one individually so when you’re looking at it on an individual basis you know which one it is.
Repeat this for the next two organizational units.
So now we have three OU’s our headquarters location and our two sales locations.
So starting with headquarters we want to create our next smallest item.
Now here’s what we can set up our departments for each location.
Now when we’re talking about departments or small groups of users like that we need to consider what kind of things those people are going to need to access.
When we’re talking about security principles like that whether it’s accessing a file share or access to a printer we want to base that on a user basis and a group basis.
Commonly in businesses accounting and administrative people have access to different sets of resources.
So in our headquarters location, we’re going to set up a user group for each of our departments in our headquarters group selected.
We’ll right-click and then create a new group.
We’ll give the group a name we’ll make sure that the security group type is enabled.
And we’ll make sure that it is a global group then click OK.
We’ll repeat this step for the other two departments that we have at our headquarters location accounting and HR.
So now our headquarters location has a place for computers, a place for users, and separate groups of users that correspond to the different departments at that location.
Now we also need to create our departments for our sales locations.
Now keep in mind that within a domain you can’t have two groups with the same name even if they’re in different organizational units.
So it’s best practice to give a unique name to a group.
Now we have 3 user groups at that sales location. So we have our basic Active Directory structure created.
The only thing that we’re missing is some users.
You can use whatever user names that you’d like as long as you remember to create one user that you’ll want to use when you log in under an Active Directory account.
So for example in headquarters, we are going to create one new user and give him a name and create a user name.
It is best to always have a naming convention for both computers and users and set a password for our users.
The user must change the password at the next login when he first logs on with the password that you set.
They’ll be prompted to create a new one.
Now our created user is a member of the administrative department.
Now we need to add him to that group with a right-click and select add to the group.
So now we’re looking for groups within the test.local domain that we want to add the user we’ve selected to so we’re gonna enter administratively and we’re gonna click check names
Now if we open our administrative group by right-clicking and hitting properties we can go to members to see that John Jones has been added.
The purpose of groups of course is to give permissions to a group of users without having to go into each user and modifying their permissions.
If we gave the administrative group access to a resource, John Jones gets access because he is a member of the administration.
Now let’s practice adding one more user to a group but this time let’s do it at one of the sales locations. Remember we’re putting our users at the root of the location.
We will right-click and go to new and then select new user.
We will give the user a name following our naming convention.
Set a password and click Next.
Now we’ll add Mike Jones to the mechanic’s group of CM East. So we’ll right-click Mike Jones add to the group and this time we’ll just search mechanics click check names.
And you’ll see that there are multiple matches because remember we have a mechanics group at CM east and CM west.
Well, Mike is a mechanic at CM East. So we’ll select the CM East mechanics group we’ll select ok.
The operation was completed. And we can go into mechanics to check to make sure that he is properly added.
There’s another way to add users to a group and that’s by going through the group itself let’s say Mike Jones is also a member of the sales department.
So we’ll right-click the sales department and click properties. Now click members and then click Add.
Read more about Active Directory AD.
This is how you can configure an active directory in windows servers.
You can also read about the Windows VM server.
Read about KMSPico Windows 10 Activator.
You can also Download Microsoft ToolKit.