Setting up a Remote Desktop on Windows Vista client

Once we setup the 2 DCs, we might find it difficult to go to the server room ever now and then and make tweaks on it. So we will set up a remote desktop client on one of the Vista PCs and will connect to both these DCs from it to do our day to day changes in both the DCs. In this section, I will show you how easy it is to set up a remote desktop client and to connect to the DCs remotely.

Steps to setup a remote desktop on Windows Vista:

Initial setup:

In the last section of this crash course, my friend Ravisankar showed you how to do the initial set up of remote desktop so that other clients in the network can connect to the DCs in a secure manner.

Since this option is selected, any client that needs to access the DCs remotely should be first joined to the Globamantics domain.

To do this:

•           Rename the vista client machine inorder to match the naming convention of Globomantics (to make our life easier J)
• .       Change the name of the client to CL1-NY-VIS and then reboot
• .       Join the client to the network

In detail:

1.       Install Windows Vita on your client machine

2.       Rename the machine  - Go to START>Computer>PROPERTIES>CHANGE SETTINGS          

3.       Now change the computer name and restart

4.       Go to START>Computer>PROPERTIES>CHANGE SETTINGS and join the domain  “globomantics.com” and click OK.

è If you come across an error saying “domain cannot be contacted”,

Go to START>type in CMD and go to command prompt. Run “ipconfig” and check if the DNS entry is correct. If not, go to START>NETWORK>         NETWORK & SHARING CENTRE > Manage Network Connections. Go to properties of LAN and change the DNS IPV4 properties. Change the preferred DNS server to DC1 IP address and alternate DNS IP address to the IP of DC2.

5.       Provide Administrator credentials(SuperCoach) to make this client part of globomantics.com

6.       You will see an error “The RPC server is unavailable”. To get rid of this error, simple restart the machine. J Microsoft thing J

7.       Try Step 4 and 5 and everything should work well now J “Welcome to Golobomantics.com”

8.       RESTARTTTTTTTTTTTTTTTTT again and login as SuperCoach

Now set up Remote Desktop:

1.       START> search for Remote Desktop Connection wizard

2.       In General tab, Enter  the name of remote computer (in this case: ny-dc1-2k8.globomantics.com)

3.       Username:  “SuperCoach” and save credential(not secure though)

4.       Check other tabs and change your preferences for remote desktop connectionJ. Bear in mind: Choose LAN in “Experience” tab if the connection is reasonable useful.

5.       Save CONNECTION SETTINGS as a good practise

6.       Thats it................... connect to DC1 now .....................................hohoooooooooooooooooooooooo

7.       Do the same for DC2 and create a remote desktop chortcut.

WINDOWS 2008 ACTIVE DIRECTORY & setting up a DC

WINDOWS 2008 ACTIVE DIRECTORY

Active directory is a brain of windows server network.  It’s a database that keeps huge amount of data and manages all our network machines, users & groups, services like emails, resources like printers, shared folders etc.

Domain Controller (DC) is a windows server machine which runs Active Directory Domain Services (AD DS). AD DS –> Active Directory. You may have multiple DC that all have copies of the same Active Directory database.

Servers need jobs. We have to decide what a server is going to do. A server will not have too many jobs. A Server Role is a major job that a server can perform.

A DC usually has only two jobs – AD DS (Active Directory Domain Services) and DNS (Domain Name services).

Domain Name Service (DNS) is service provided by a server that allows you to find other computers in our network. DNS allows you to type in name of the machine instead of its IP address. Without DNS, Active Directory will not work.  DNS will work together with Active Directory.

Domain is a namespace or a windows server domain is a logical group of computers with windows operating system that share a central directory database. The machines are all named with part of domain name like globomantics.com and are registered in Active Directory Database so they can be managed. A 
Forest is comprised of all the domains in the enterprise.

E.g.:     A domain - globomantics.com A Child domain – Na.globomantics.com

            User emails are part of domain namespace – marcel@globomantics.com

 NB: Make sure that you own the name globomantics.com 

                                           We are setting up 2 almost similar DCs.

DC 1                                                            

Computer name: NY-DC1-2K8                                                           

IP Address: 192.168.5.2                       (192.168.5.1 is the router)     

This DC will create the domain globomantics.com      

             

DC 2                                                           

Computer name: NY-DC2-2K8                                                           

IP Address: 192.168.5.3                       

This DC will join the domain globomantics.com

       

There are two types of windows server 2008 installations –

                                         Bare Metal - No existing OS on the HDD                         

                                        Upgrade- installing over 2003 that is already installed on the hard drive.

• ·         Install Windows Server 2008 Standard Edition x64

·        After installing, it will pop with the Initial Task Configuration (ITC). ITC is a list which groups together all the common tasks we have to do – Configure time zone info, configure the network settings for 192.168.5.2(with default gateway: router) and an initial DNS server(router IP address), rename the computer to NY-DC1-2K8 and reboot, configure automatic updates and feedbacks, configure remote desktop, turn off ITC.

Set up a DC

Setting up a DC has two basic parts

            -Installing the AD DS Role (is done from Server Manager using add roles),

         Open Server Manager>Roles>Add Roles> (skip this page by default) > select the role – Active Directory Domain Services> Install> click on close this wizard & launch the AD DS installation wizard (dcpromo.exe)

       -Running DCPromo.exe (can be ran from the link provided in server Manager after AD DS      installation or from the search box. dcpromo.exe is a wizard that sets up AD and promotes a machine to DC status,

(dcpromo.exe)>create a new domain in a new forest>domain name – globomantics.com>select forest functional level – windows server 2008> the 1^st DC in a forest must be a global catalog server & can’t be a Read Only DC, install the DNS server service on the 1^st DC> YES>Database Folder – C:\Windows\NTDS (keeps database file)   NTDS – Network Domain Services, Log Files Folder – C:\Windows\NTDS,  SYSVOL Folder  -  C:\Windows\SYSVOL   SYSVOL – is a shared folder that is required for DC s to talk each other in a process called replication > Put Directory services restore mode password which is not same as domain administrator > Also you can export settings > Reboot on completion

NB: NTDS.dit – The Database file for AD

NB: When you create a domain on your 1^st server, the local Administrator password becomes the domain Administrator password for all the machines in your domain. So it is better to change the domain user name and password. Go to Server Manager>Roles>AD DS>AD Users & Computers>globomantics.com> users>Rename Administrator & change password.

Now go to Server Manager>AD Sites & Services>Sites>Rename Default-First-Site-Name>NewYork. So it is more identifiable.

Thus we have built globomantics.com and a Site called NewYork. Next we will create the 2^nd DC and will join to the domain.

-          Install Server 2K8 “Bare Metal”

-          Configure the basic stuff using the ICT

-          Install the AD DS Role

-          Run DCPromo

While configuring the network, put the IP address as 192.168.5.3, Default gateway as 192.168.5.1 and the DNS Server for the 2^nd DC will be the 1^st machine – 192.168.5.2

NB: Please try to logon to the 1^st DC with domain administrator, right click on network icon> Network & Sharing Center >Manage Network Connections> See the DNS, it has been changed to 127.0.0.1, because it has taken itself as DNS server

Now change the computer name to NY-DC2-2K8.

Go to start>search DCPromo and run> It will install the AD DS>Add a DC to an existing forest / existing domain >globomantics.com>Provide Alternate Credentials- Set using domain username and password> it will find globomantics.com and it will communicate to DC1>NewYork Site>in additional DC options, check DNS Server & Global Catalog> YES>Database Folder – C:\Windows\NTDS (keeps database file)   NTDS – Network Domain Services, Log Files Folder – C:\Windows\NTDS,  SYSVOL Folder  -  C:\Windows\SYSVOL   SYSVOL – is a shared folder that is required for DC s to talk each other in a process called replication > Put Directory services restore mode password which is not same as domain administrator > Also you can export settings > Reboot on completion

NB: In DC2, Server Manager>View Network Connections>Look for DNS – Preferred DNS Server– 192.168.5.2 and Alternate DNS Server – 127.0.0.1. In DC1, put Alternate DNS Server as 192.168.5.3.

The process of exchanging and recording the changes in AD between the DCs is called replication. Replication between the 2 DCs is done through Organizational Unit (OU). So create a new OU in Active Directory Users & Computers on either of the DC and go to command line and type repadmin /syncall. Check the other DC ‘s AD Users & Computers to see if the OU also shows up there as well. You might need to click F5 to refresh the screen to see the changes in Server Manager.

Go to Server Manager>Roles>AD DS>AD Users & Computers>globomantics.com>create a new folder in globomantics.com>New OU>Name as Test Dummy>go to command prompt>type repadmin /syncall


Now if you go to DC2 and check Computer>globomantics.com. If you can find Test Dummy folder, then replication is happening between the 2 DCs. They are talking to each other now :) So incase if one DC blow up you will have a copy in the other DC.


2 DCs are now setup in Golobomantics domain.

MCITP (Microsoft Certified IT Professional)

MCITP is a microsoft certification based on Windows 2008 servers. The certification consists of 3 exams.

1. 70-640 -> Windows Server 2008 Active Directory
2. 70-642 -> Windows Server 2008 Network Infrastructure
3. 70-646 -> Windows 2008 Server Administration

In this blog, we will talk in brief, about the topics that you need to understand to pass each of the exams and all the essentials that you should know before you start administring a 2008 server.