Why not use that .local? Setting up a new domain environment.

1. Setting up a new domain

Prerequisites for the correct functioning of Active Directory is to have in the network a configured DNS server, and it is recommended that the Domain Name Server also those who will bear the Active Directory.

The decision of how we called domain may be arbitrary, but it is recommended to follow certain tips, such as: do not let’s call something.local domain. Although in many cases the usual practice, this is strongly discouraged, one of the main reasons for this is that in the future it will be possible to buy digital certificates for these domains because they are international agencies for certification as thatwe, Verising stopped publishing because the domain .local like. not an open world and it is impossible to control. This happens because of this, it would not be within the international name Zoning happened to local organizations so literally inflate their balloon to put pressure on the outside or. International Balloon DNS system.

It is recommended that organizations avoid using the names of companies and thereby avoid the need to rename or migration to a different domain in the event of bankruptcy, the purchase or sale of the company. It is strongly suggested to use neutral names.

1.1. renaming a server

The first task, which is highly recommended to change the name of the server where it is still located in the working group.

Picture 1 – Rename server before the first use,

It is normal that when you turn on the computer or server in the domain must be done zagon.Pri restart the computer or server to obtain a relation with active directory, so that depending on the set of rights, policies and settings to the configuration parameters, either common policy on security , mapped drives, right on the shared network locations from a range of others that are available.

1.2. Setting the IP address

As in the present case we do not use the IP protocol version 6, it is recommended that it be disabled, so that the control panel access the network connection and remove the check mark from this Protocol. Otherwise, if IPv6 is not manually configured, it may find that your computer will communicate with the server over IPv6, and the result can be uncontrolled ..

Picture 2 – Ethernet interface and TCP / IP protocol

Picture 3- Setting the IP address

1.3. Setting up a Windows Time

Setting up a Windows Time service can be performed directly on the server – in Windows must first verify the functioning of the process, which is called W32Time, it is recommended that you set as a service that automatically boots.

Picture 4 – Service ‘Windows Time’ – features

As you start the service does not specify the settings of these devices like command at a command prompt Windows environment.

The next step is to set the parameters and the time and services on a Windows server Time.

Picture 4 – Advanced Settings ‘Windows Time’ service at the command prompt

Picture 5 – Advanced settings “Windows Time” in the “Windows Registry”

Picture 6 – Restart the service w32tm and the synchronization and review of the operation

 

Picture 7 – Only the proper functioning of the event log

1.4. Server  Roles

Windows Server 2012 includes a graphical wizard, respectively. interface for the installation of the active contacts, and the domain controller. It is important to have another domain controller in the organization for safety reasons and to avoid any major difficulties – the loss of one controller we have another Active Directory. Through server applications (server roles) we have to choose the desired role, which will serve the network with Active Directory service

Picture 8 – Server Active Directory tasks

Picture 9 – Choice of operating mode Active Directory

Picture 10 – Reports of the prerequisites for installing AD

 

Picture 11 – a flowchart of installing and configuring AD

1.5. Summary reports from the system by setting up a trust

This domain: domainb.local

Specified domain: source.domain.local

Direction:

Two-way: Users and the local domain can authenticate and the Specified domain and users and the Specified domain can authenticate and the local domain.

Trust type: Forest Trust

Transitive: Yes

Outgoing trust authentication level: Forest-wide authentication and local and Specified forests.

Sides of trust: Create the trust for Both this domain and the domain Specified.

The status of the change of system reports

Trust relationship created Successfully.

Specified domain: source.domain.local

Direction:

Two-way: Users and the local domain can authenticate and the Specified domain and users and the Specified domain can authenticate and the local domain.

Trust type: Forest Trust

Outgoing trust authentication level: Forest-wide authentication and local and Specified forests.

Transitive: Yes

Sides of trust: Created the trust for Both this domain and the domain Specified.

 

Picture 12 – Confirmation of trust between the domains

Picture 13 – Only the safety warnings domains – SID filtering History

Picture 14 – Only the establishment of a trusted link