Home        Tutorials        About        Services        Contact                        

 AD 01 - Installing the first Active Directory (AD) Role for the first Domain Controller (DC).  Diagram

01   02   03   04   05   06   07   08   09   10   11   12   13   14   15   16   17   18   19   20
                      Official PayPal Seal

Any donations are welcomed and appreciated! (100% Safe)

   $1    $5    $10   $Other

Feel free to click on the "Donate" button to donate
whatever you feel you can.

Tutorial Overview
Active Directory (AD) is meant for use in Microsoft Windows network environments and it provides central authentication and authorization services for Windows-based computers. Keeping track of everything on your network is a time-consuming task. Even on small networks, users tend to have difficulty finding network file and printer shares. Without some kind of network directory, medium and large networks are impossible to manage, and users will often have a difficult time finding resources on the network. Active Directory is made up of one or more domains. On a standalone workstation, the domain is the computer itself. A domain can span more than one physical location. Every domain has its own security policies and security relationships with other domains.

A server that responds to authentication or authorization requests is a Domain Controller (DC). In most cases, a Domain Controller will hold a copy of the Global Catalog. A Global Catalog (GC) is a partial set of objects in all domains in a forest. It is directly searchable, which means that cross-domain queries can usually be performed on a GC without needing a referral to a DC in the target domain.

When a user tries to log in to a computer that is joined to AD using their AD credentials, the salted and hashed username and password combination are sent to the DC for both the user account and the computer account that are logging in. Yes, the computer logs in too. This is important, because if something happens to the computer account in AD, like someone resets the account or deletes it, you may get an error that say that a trust relationship doesn't exist between the computer and the domain. Even though your network credentials are fine, the computer is no longer trusted to log into the domain.