Domain Controller for home network

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Hey guys,

Now that I've got two machines to work with, I want to set-up one of them to act as a server. Firstly it'll act as a web server, and secondly, I was thinking about setting it up as a domain controller. However, the only purpose for a domain controller that I have is so that I have one central area for usernames and passwords (rather than setting up the same acocunt on several machines with the same password). Anyone know of where I can find information about making this set-up possible? Thanks
 

riser

Illustrious
I have 80 pages on Active Directory overview sitting in front of me. What's your fax line? haha

First off, you'll need a valid copy of Windows NT Server, 2000 server, or 2003 server. (Find Wusy).

Once you get to that point and install it, you'll need to configure DHCP, configure DNS, deploy Active Directory, then maybe you can say you're in the 'ballpark.'

Here's some links for the information you're looking for.. and please, read it all before you start. There is a reason Network Administrators get paid a hell of a lot of money for working with this Beast.

<A HREF="http://www.microsoft.com/events/series/adaug.mspx" target="_new">link1</A>
<A HREF="http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/sag_adintro_3.htm" target="_new">Link2</A>
<A HREF="http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx" target="_new">link3</A>
<A HREF="http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/projplan/adarch.mspx" target="_new">link4</A>
<A HREF="http://www.microsoft.com/technet/default.mspx" target="_new">link5</A>

Also, find Microsoft Newsgroups, you'll need those. Microsoft Technet will help.

Do a Google on "install active directory."

I think by the time you get to this point in reading this article, you'll think against doing it.

Wusy has a glorified Windows XP/Vista computer running server.. and he admits he doesn't know what to do with it yet. :)
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Server 2K3 was acquired long ago, thanks to BT.

Managed to get it all up and running last night. Thx to the DCpromo tool, it all went up quite smoothly (well, accept for the 2.5 hours speant trying to get PHP running on IIS :frown: , but that's not related to the DC).

Next step is getting my workstation on the Domain which I'm not looking forward to. I'm having visions of all my settings getting lost, particularly Outlook. Anyone know if I've got a local user account and a domain account with the same username, when I promote the workstation to the domain, if all those settings will be maintained?
 

riser

Illustrious
Did you configure DNS? You'll have some problems unless you've configured that.

The profile will be new.. C:\documents and setting\USER for your local account but after you join the domain and try using USER as your username, you'll see C:\documents and setting\user.domainname

So, you'll need to create a new user and copy your information over. Outlook will let you export it, then rest you should be able to copy and paste over.

But considering Win2k3 configures DNS for the most part, you might not need to configure it. If you're using your router for DHCP, that'll cover you. If you're using the server, you'll want to put in your external DNS servers or at least your router's IP for a forwarder.
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Ya, DCPromo properly (at least as far as I can tell) set up the DNS for me. DHCP coming from the router, and the IP forwarder for internet traffic.

Largest problem that I have with Outlook is the account settings. With 4 POP3 email accounts, setting each one up individually is a pain, and I've yet to find a way to export them.
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Thanks for the attempt, but that doesn't get it. Article only talks about backing up PST data, address books, and accounts on MS Exchange.

Actually, I haven't tried posing the question on the Microsoft usergroups. Guess I'll try there. Thx
 

jihiggs

Splendid
Oct 11, 2001
5,821
2
25,780
you could just copy the profiles to the new profile name it creates (logged on as local admin) then you would have to reconfigure anything. that should work, i dont know for sure if each profile has a problem with being local or domain.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Yep, got advice from the SA/NA at work on how to do it, and that's pretty much what he told me to do.

Originally was having some problems with the DNS, but got most of them resolved now. The only problem that I'm having is that if I enter a one word phrase in the Address bar in Firefox, rather than it doing a Google/I'm feeling lucky, my DNS is trying to resolve it and giving me nothing back :frown:
 

riser

Illustrious
Set DNS to forward to your ISP's DNS server. If your internal DNS can't resolve, it should forward it out to your ISP's.

You can check to make sure DNS is working by typing:

nslookup www.microsoft.com

or you can do:

nslookup (yourcomputernamehere)

If you do the latter of the two, if DNS is working (which 2k3 automatically configures) you should get back some good information. If not, you'll get an error.

IF you do the microsoft, you should get back good info, otherwise you'll get an error.

ex:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\MikeH>nslookup mau2005
Server: it-2003.itdept.xxxmycompany.com
Address: 10.11.50.7

Without DNS you'll get:


C:\Documents and Settings\MikeH>nslookup www.microsoft.com
Server: it-2003.itdept.xxxmycompany.com
Address: 10.11.50.7

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to it-2003.itdept.xxxmycompany.com timed-out


I take my company's name out since I bash them a lot.. we don't run a domain here, so we don't have DNS running. Out IT-2003 server is Win2k3, which I setup DNS on to work for my computer, but I don't have forwarders setup since no one seems to know the ISP's DNS servers.. I have them now, I just haven't set it up.. which I think I'll do today now that I realize I haven't.
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
Thanks. That's actually giving me some more info. However, I'm actually a little more confused now. Here's the results I get for various queries:

C:\Documents and Settings\emorgoch>nslookup www.microsoft.com
Server: snail.emorgoch.morgoch.ws
Address: 192.168.1.49

Non-authoritative answer:
Name: www.microsoft.com.morgoch.ws
Address: 216.35.187.246


C:\Documents and Settings\emorgoch>nslookup www.tomshardware.com
Server: snail.emorgoch.morgoch.ws
Address: 192.168.1.49

Name: www.tomshardware.com.morgoch.ws
Address: 216.35.187.246


C:\Documents and Settings\emorgoch>nslookup snail
Server: snail.emorgoch.morgoch.ws
Address: 192.168.1.49

Name: snail.emorgoch.morgoch.ws
Address: 192.168.1.49


C:\Documents and Settings\emorgoch>nslookup morgoch.ws
Server: snail.emorgoch.morgoch.ws
Address: 192.168.1.49

Name: morgoch.ws.morgoch.ws
Address: 216.35.187.246
So it would seem that my DNS still isn't properly forwarding. It should be forwarding to my ISP at IP 206.47.244.57. See <A HREF="http://www.student.cs.uwaterloo.ca/~elmorgoc/pictures/DNSForward.jpg" target="_new">here</A> for a screeny of the Forwards setup. Any thoughts? Thanks for the help.
 

riser

Illustrious
Ok, DNS is looking good for the most part. You're getting close.
Are you running the nslookup command from your PC or your Server?

On your computer and server, if you go under the network connection and look at the DNS settings for TCP/IP, you'll want to have the following Checked, everything else unchecked:

Append Primary and Connection Specific DNS Suffixes (put a dot in the radial button)
The next check box and radial should be empty.

The 2 check boxes at the bottom, both of those should be checked.

Somewhere along the lines, DNS is attaching your primary DNS suffix to anything you're querying, which is why it keeps returning the IP of your server.
The Non-authoritive server means it's pulling a cache'd copy..

When you search for www.microsoft.com, it's actually looking for www.microsoft.com.morgoch.ws, morgoch.es being the parent domain, it starts there, then works backwards down the chain to what it thinks microsoft.com is a child of your domain.

I'll have to check out at what point DNS suffixes get automatically attached. It's not every day you work on DNS so once it's setup, you don't normally need to touch it again.

Append DNS suffixes should be UNchecked though, both on your computer and on the server.
 

riser

Illustrious
hahahaha Well no one else would understand anything else if I were to post it. :)

Whene people start messing with AD, DNS, Win2k/2k3 Server, you start getting into what I know :)

Oh well.. my moment of glory is over now..
 

emogoch

Distinguished
Jul 25, 2005
427
0
18,790
I'm looking forward to getting to know it pretty well. I'm currently trying to line up a job where I'll migrate over to be the Systems/Network Admin, so I'll be looking to start doing my MCSE and CCNA training in May.
 

riser

Illustrious
I've been working on my MCSE for about 4 months. Yet I'm still only halfway through the first book. I'm taking the time to actually learn it. The testing is extremely hard. You can take the 5 day course and pass the test, but you still won't learn anything.
It's hard reading because it can get really boring and stuff. It'll be really good to have a test setup sitting around that you can mess around with.
If you take the self-paced like myself, pay attention to the details in the books, you'll pick up a lot of cool things you'd never know about, plus best practices that aren't common in a lot of places.

Once Winter hits I'll start reading more on it and focusing, but I'm also working on my Security+ certification at the same time. Each of the MCSE 2k3 books are around 500-800 pages long, with most of it being text.
 

riser

Illustrious
haha never heard that one before.. it makes sense though when people just take the 5 day, 5000 dollar course.

Which is why I'm actually reading the books, documenting stuff, and testing it out on my setup at home.. haha

mcse.. must call someone else.. nice.. I like that. haha