Windows domain controller for dummies

One very important concept to keep in mind is that domain controllers provide authentication, not authorization. The domain controller does not however tell the user what resources they have rights to. Resources on Windows networks are secured by access control lists ACLs. An ACL is basically just a list that tells who has rights to what. When a user attempts to access a resource, they present their identity to the server containing the resource.

As you can see, a domain controller performs a very important role within a Windows network. In the next part of this article series, I will talk more about domain controllers and about the Active Directory.

Brien Posey is a freelance technology author and speaker with over two decades of IT experience. Prior to going freelance, Brien was a CIO for a national chain of hospitals and healthcare facilities. In addition, Brien has worked as a network administrator for some of the largest insurance companies in America.

Your email address will not be published. Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry. Over 1,, fellow IT Pros are already on-board, don't be left out!

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.

If you would like to read the other parts in this article series please go to: Networking Basics: Part 1 - Networking Hardware. Networking Basics: Part 2 - Routers. Networking Basics: Part 4 - Workstations and Servers. You should review and confirm the following points:. If the Windows client's IP address doesn't match to a subnet defined in the AD configuration, it has no way of finding a the closest DC.

That can lead to unoptimized connections and slower logons and AD operations. For more information, see this article on Technet or this Microsoft KB article. May 17, Domain Controller Selection by Mitchell Grande The process of a Windows client selecting an Active Directory domain controller isn't too complex but is often not fully understood. What is a domain controller, when is it needed, and how to set it up?

Ask Question. Asked 12 years, 2 months ago. Active 4 years, 5 months ago. Viewed 78k times. Improve this question. Guruprasad Guruprasad 1 1 gold badge 2 2 silver badges 5 5 bronze badges. Add a comment. Active Oldest Votes. A domain controller is a computer running one of Microsoft's server operating systems, such as Windows Server or Windows Server R2 in any edition except Web Edition, or one of the small business-oriented server products, that has had the following actions performed on it: The Active Directory Domain Services ADDS server role has been turned on.

The server has been "promoted" as a domain controller for your organization. Improve this answer. Jay Michaud Jay Michaud 3, 4 4 gold badges 20 20 silver badges 33 33 bronze badges. Joe Casadonte Joe Casadonte 3 3 silver badges 16 16 bronze badges. As I type this, the answer has been downvoted, yet is a perfectly valid answer. Not the best perhaps but perfectly valid.

I'd say it's down voted for recommending samba on Linux to someone who is clearly just starting out with AD. In the Installation Type screen select the Role-based or feature-based installation radio button and click on Next.

In Server Selection leave the only server in the list highlighted and press Next. A dialogue box appears. Click on the Add Features button.

Back in the main feature selection screen, click the Next button. This cycles through to the Features screen. Just click on the Next button. Finally, click the Install button. Once the installation process finishes, you will see a notice telling you that additional steps are required. Click on the link that says Promote this server to a domain controller. This brings up the Deployment Configuration screen.

Leave the Add a domain controller to an existing domain radio button active. Click on the Change button next to that. Enter the username and password of the Administrator account on the AD instance that you first set up. Click OK. On return from the login popup, you will see that the Domain field has been populated with the domain that you entered for the user account. Click on the Next button.

Decide whether to make this a read-only domain controller RODC. Enter a DSRM password and confirm it. You will see a warning but just click on the Next button again. In Additional Options choose your original domain controller for the Replicate from: field. Click on Next. Leave all of the paths in their default settings and click on Next.

In the Review Options screen, click Next. The system will perform a prerequisites check. If that completes satisfactorily, the Install button will become active. Click it. Wait for the installation to complete. The computer will reboot.

Log in to the machine. Creating Active Directory Users Users and computers are the two most basic objects that you will need to manage when using Active Directory. Select Install and wait for the installation to complete. Scroll down and select Remote Server Administration Tools. Expand the domain and click Users. Enter a password and press Next. Click Finish. Active Directory Events to Monitor Like all forms of infrastructure, Active Directory needs to be monitored to stay protected.

Description Parent and child Transitive Two-way Yes A parent and child trust is established when a child domain is added to a domain tree. Tree-root Transitive Two-way Yes A tree-root trust is established the moment a domain tree is created within a forest. Realm Transitive or non-transitive One-way or two-way No Forms a trust relationship between a non-Windows Kerberos realm and a Windows Server domain.