Download paper

A Study On Microsoft Active Directory Computer Science Essay

Pull offing shared resources and web histories are some of the most of import and time-consuming undertakings for IT forces, Planning, deploying, and upgrading complex webs can easy go a existent incubus. This Undertaking, will demo, how the Active Directory system can simplify the direction of web resources while offering enhanced web services.

& lt ; & lt ;

Microsoft Active Directory ( AD ) has been available since early 2000, and while most organisations have completed their AD deployment and are recognizing the many concern benefits of holding deployed Active Directory, there are still organisations that have either non completed their deployment or have yet to take advantage of some of the of import characteristics of Active Directory that yield the greatest concern benefits.

Windows Server 2003 and Active Directory assist little and average size organisations with a dependable working environment for the end-users, which offers the highest degrees of dependability and public presentation so users can acquire their work done every bit expeditiously as possible, every bit good as supplying a more secure and manageable environment to do the lives of the IT staff easier.

What is Active Directory?

Active Directory is the incorporate, distributed directory service that is included with Microsoft Windows Server 2003 and Microsoft Windows 2000 Server. Integrated with Active Directory are many of the applications and services that antecedently required a separate, distinguishable directory and user ID/password to be managed for each application or service. In Windows NT 4.0, for illustration, a directory was required for the sphere itself, a separate directory for Exchange letter boxs and distribution lists, and separate directories for distant entree, database, and other applications.

Top Experts
Verified expert
4.9 (247)
Tutor Janice
Verified expert
4.9 (549)
Verified expert
4.9 (546)
hire verified expert

In some instances, separate watchwords were required for each application. With Active Directory, the decision maker of the organisation can add a user to Active Directory and through that individual entry enable distant entree to the web, enable the same user history for Exchange messaging, that same user for database entree for accounting, client relationship direction, or other applications. Not merely is it possible to utilize Active Directory as a multi-purpose directory in this manner but by making so a company enables individual sign-on for its users. Once a user logs in to Windows their Active Directory certificate is the key that will automatically unlock all of the applications or services that they have been enabled for, including 3rd party applications that utilize Windows integrated hallmark.

By making a nexus between user histories, letter box histories, and applications, Active Directory simplifies the undertaking of adding, modifying, and canceling user histories. When an employee gets married and changes their name, a individual alteration in Active Directory can alter the user information for all applications and services. When a user changes their watchword in Active Directory, they do non hold to retrieve different watchwords for their other applications. When a group of users is created such as the “ gross revenues group, ” users can email the group to direct a message to all users, decision makers can let security entree to resources based on the group name, and users can look-up members of a group by spread outing the group information. This is merely one illustration of how Active Directory simplified many administrative undertakings and processes that, in the past, involved disparate applications, waiters, and services.

Windows Server 2003 and Active Directory assist little and average size organisations with a dependable working environment for the end-users, which offers the highest degrees of dependability and public presentation so users can acquire their work done every bit expeditiously as possible, every bit good as supplying a more secure and manageable environment to do the lives of the IT staff easier.

Many clients running older runing systems find their current systems merely non capable of run intoing the outlooks of their concern for a dependable, reliable, secure, or manageable environment. While many organisations have gotten originative at workarounds and adding in a figure of additions and public-service corporations to “ do make ” with their current investings, Windows Server 2003 and Active Directory provide the out-of-the-box functionality organisations need to efficaciously and expeditiously run their concerns.

Comparison between Domain ( Active Directory ) Environment and Workgroup Environment



All computing machines are equals, no computing machine has control over another computing machine

One or more computing machines are waiters. Network decision makers use waiters to command the security and permissions for all computing machines on the sphere. This makes it easy to do alterations because the alterations are automatically made to all computing machines.

Each computing machine has a set of user histories. To utilize any computing machine in the workgroup, you must hold an history on that computing machine.

If you have a user history on the sphere, you can log on to any computing machine on the sphere without necessitating an history on that computing machine.

There are typically no more than 10 to twenty computing machines.

There can be 100s or 1000s of computing machines.

All computing machines must be on the same local web or subnet.

The computing machines can be on different local webs.

Workgroup normally costs less money to setup.

A sphere normally costs more money to setup because there is more hardware and package required

No easy scalable. If utilizing more than 10 computing machines, the figure of histories to put up increases a batch more

Scales easier if you add more users and computing machines

Difficult to pull off because resource disposal is non centralized

Centralized history disposal, security policies and permissions

Benefits of Active Directory

Increasing the Productivity of Users

Power of Group Policy

Windows Update Servicess

Distant Aid

System Quarantine

Reducing the Burden of IT Administration

Server Performance and Reliability

Administrative Benefits of Group Policy

Remote Installation Services

Remote Administration

Bettering Fault Tolerance to Minimize Downtime

Distributed File System ( DFS )

Volume Shadow Copy Service ( VSS )

Advanced Server Recovery ( ASR )

Enhancing Security to Supply Better Peace of Mind

File-Level Encoding

IP Security

Improved Management Tools

Configure Secure Waiters

Active Directory integrated applications

Exchange Server

Improved Systems Management with SMS

ECC Company System Upgrade from Workgroup to Domain

Engineering Consultant Company ( ECC ) which works as Workgroup Model, this undertaking will reassign the company to Domain Model Using “ Microsoft Windows Server 2003 Enterprise Edition ” . I will discourse the Steps I take to make this in Approaching Sections.

First: Creating ( ECC.COM ) Domain

Prepare Windows Server 2003 Enterprise Edition Cadmium.

Check if Server Hardware meets Windows Server 2003 Requirements.

Install Windows Server 2003 Enterprise Edition and Choose per Server Licensing option during Installation.

Set Administrator Account Password with Complexity options.

Install Hardware Drivers and Make Sure that Server Drivers updated to latest microcode update.

Partition Server Hard Desks and Create Raid 5 Strips.

Install Latest System Updates and Service Packs from Site.

Give the Server Static IP reference before making Domain.

Start sphere creative activity by utilizing DCPROMO bid from run window in start bill of fare or you can utilize pull off your waiter option in start – plans – Administrative tools, and add new function and take Active Directory.

Choose Domain Controller for a new wood option and chink following.

Choose sphere in new wood and click following.

Choose to configure DNS server automatically and click following.

Write Domain Name ( ECC.COM ) and click following.

Choose database and log booklets path.

Write sphere restore watchword.

After sphere creative activity wizard finished you have to re-start the waiter.

Second: Maintain DNS Server

DNS Server Have Many Advantages:

DNS supports Dynamic enrollment of SRV records registered by a Active Directory waiter or a domain accountant during publicity. With the aid of SRV records client machines can happen domain accountants in the web.

DNS supports Secure Dynamic updates. Unauthorized entree is denied.

Active Directory Integrated Zone. If you have more than one sphere accountant ( recommended ) you need non worry about zone reproduction. Active Directory reproduction will take attention of DNS zone reproduction besides.

If your web uses DHCP with Active Directory so no other DHCP will be able to serve client petitions coming from different web. It is because DHCP waiter is authorized in AD and will be the lone waiter to take part on web to supply IP Address information to client machines.

Create new zone in contrary search zone

Allow merely dynamic updates in DNS zones.

Add a new arrow in contrary search zone with sphere waiter record in forward search zone.

Check if new sphere computing machines have a record in forward search zone after you join the sphere.

Third: Creating DHCP

DHCP has many advantages:

DHCP minimizes constellation mistakes caused by manual IP reference constellation, such as typographical mistakes, every bit good as reference struggles caused by a presently assigned IP reference by chance being reissued to another computing machine.

TCP/IP constellation is centralized and automated.

Network decision makers can centrally specify planetary and subnet-specific TCP/IP constellations.

Clients can be automatically assigned a full scope of extra TCP/IP constellation values by utilizing DHCP options.

Address alterations for client constellations that must be updated often, such as distant entree clients that move about invariably, can be made expeditiously and automatically when the client restarts in its new location.

Most routers can send on DHCP constellation petitions, extinguishing the demand of puting up a DHCP waiter on every subnet, unless there is another ground to make so.

Create DHCP by adding function from pull off your waiter ace found in administrative tools.

Create new Scope by give it a name, start and terminal IP references and Subnet Mask.

You can make many Scopess depend in your web construction and how many VLANS company have.

Determine the range rental clip ( Default 8 yearss ) .

After that I tested the DHCP.

Fourth: Creating Organizational Units ( OUs )

Organizational Unit Advantages:

The primary advantages of the OU are that it affords about all of the functionality of a sphere without the operating expense of pull offing the AD database itself, dealing logs, catastrophe recovery, backups, monitoring, etc.

OU Administrators have full power over computing machine histories, user histories, group policies, and the manner those objects get organized ( with the exclusions noted above ) and secured. Every object in Active Directory, including objects within an OU ( and the OU itself ) all have an Access Control List that can be modified to accommodate the security demands of the OU decision makers.

I create 3 OUs indoors Active Directory ( Normal – Super Users – VIP ) .

I Apply Policy for each OU to keep Security scene and sphere scenes.

Fifths: Create Users histories

Making user ‘s histories for all company employs depend on OUs.

All created users were domain users the merely sphere admin users is the decision maker.

User naming by first missive from name and first missive from 2nd name and full last name.

Users have to alter the default watchword first clip he login sphere.

Sixth: Making Group Policies

Group Policy Capabilities

Through Group Policy, decision makers define the policies that determine how applications and runing systems are configured and maintain users and systems secure. The cardinal characteristics of Group Policy.

Registry-based Policy

The most common and the easiest manner to supply policy for an application or operating system constituent is to implement registry-based policy. With the new Group Policy Management Console ( GPMC ) , described subsequently in this paper, and the Group Policy Object Editor, decision makers can specify registry-based policies for applications, the operating system, and its constituents. For illustration, an decision maker can enable a policy puting that removes the Run bid from the Start bill of fare for all affected users.

Security Settings

Group Policy provides options for decision makers to put security options for computing machines and users within the range of a GPO. Local computing machine, sphere, and web security scenes can be specified. For added protection, decision makers can use package limitation policies that prevent users from running files based on the way, URL zone, hash, or publishing house standards. Administrators can do exclusions to this default security degree by making regulations for specific package.

Software Restrictions

To support against viruses, unwanted applications, and onslaughts on computing machines running Windows XP and Windows Server 2003, Group Policy includes new package limitation policies. Administrators can now utilize policies to place package running in a sphere and command its ability to put to death.

Software Distribution and Installation

Administrators can pull off application installing, updates, and remotion centrally with Group Policy. Because organisations can deploy and pull off customized desktop constellations, they spend less money back uping users on an single footing. Software an be either assigned to users or computing machines ( compulsory package distribution ) or published to users ( leting users to optional install package through Add/Remove Programs in the Control Panel ) . Users get the flexibleness they need to make their occupations without holding to pass clip configuring their system on their ain.

Administrators can utilize Group Policy to deploy approved bundles. For illustration, in a extremely managed desktop environment where users do n’t hold permission to put in applications, the Windows Installer service can execute an installing on the user ‘s behalf. In add-on, for extremely managed workstations, Windows Installer integrates with the package limitation policies implemented through Group Policy to curtail new installings to a list of acceptable package.

Computer and User Scripts

Administrators can utilize books to automatize undertakings at computing machine startup and closure and user logon and logoff. Any linguistic communication supported by Windows Scripting Host can be used, including the Microsoft Visual BasicA® development system, Scripting Edition ( VBScript ) ; JavaScript ; PERL ; and MS-DOSA®-style batch files ( .bat and.cmd ) .

Rolling User Profiles and Redirected Booklets

Rolling user profiles provide the ability to hive away user profiles centrally on a waiter and lade them when a user logs on. As a consequence, users experience a consistent environment no affair which computing machine they use. Through booklet redirection, of import user booklets, such as the My Documents and Start bill of fare, can be redirected to a server-based location. Folder redirection allows centralised direction of these booklets and gives an IT group the capableness to easy backup and reconstruct these booklets on behalf of users.

Enhancements in Windows Server 2003 provide more robust roaming capablenesss and simplified folder redirection. Together, these characteristics allow nomadic users or those non assigned to a peculiar computing machine see a familiar desktop when they log on and turn up needed booklets. Administrators besides can take advantage of rolling user profiles to replace computing machines more easy. When a user logs on to a new computing machine for the first clip, the waiter transcript of the user ‘s profile is copied to the new computing machine. In add-on, decision makers can airt users ‘ My Documents folder to their place directory, a new characteristic.

Offline Booklets

When a web is unavailable, the Offline Folders characteristic provides entree to web files and booklets from a local disc. Users are assured entree to critical information even when web connexions are unstable or nonpermanent or when utilizing a nomadic computing machine. When users reconnect to their web, the client files and waiter files are synchronized, thereby maintaining versions consistent and up-to-date.

Internet Explorer Maintenance

Administrators can pull off and custom-make the constellation of Microsoft Internet Explorer on computing machines that support Group Policy. The Group Policy Object Editor includes the Internet Explorer Maintenance node, which administrators usage to redact Internet Explorer security zones, privateness scenes, and other parametric quantities on a computing machine running Windows 2000 and subsequently.

First I had to put in Group Policy Management Console ( GPMC ) this tool have many advantages:

Easy disposal of all GPOs across the full Active Directory Forest

Position of all GPOs in one individual list

Coverage of GPO scenes, security, filters, deputation, etc.

Control of GPO heritage with Block Inheritance, Enforce, and Security Filtering

Deputation theoretical account

Backup and restore of GPOs

Migration of GPOs across different spheres and woods

I download GPMC tool from site and put in on waiter.

Start GPMC console from run Windowss and type ( GPMC.msc ) .

Once console started you can utilize it to make new Group Policy Objects ( GPO ) .

I Create 3 Policies ( Normal – Super Users – Very important person )




Password length = 5 characters

Password must run into complexness demands = Disabled

Make Not let users to alter internet adventurer security zone belongingss = Enabled

Make non let users to add/ delete sites in internet adventurer = Enabled

Make non let Windowss messenger to be run = Enabled

Prevent desktop cutoff creative activity for Windowss media participant = Enabled

Prevent speedy launch tool saloon cutoff creative activity for Windowss media participant = Enabled

Disable the connexion page in internet adventurer = Enabled

Add Logoff to get down bill of fare = Enabled

Force Classic Start Menu = Enabled

Remove add Remove Programs = Enabled

Add WWW.ECC.COM as place page for internet adventurer.

Super Users

Password length = 5 characters

Password must run into complexness demands = Disabled

Add Logoff to get down bill of fare = Enabled

Force Classic Start Menu = Enabled

Add WWW.ECC.COM as place page for internet adventurer.

Make non let Windowss messenger to be run = Enabled

Disable the connexion page in internet adventurer = Enabled

Configure automatic updates = Enabled

Always wait for a web when computing machine start = Enabled

Group Policy Refresh interval for Computers = Enabled

Title for Internet Explorer Page = ECC Company

Very important person

Password length = 5 characters

Password must run into complexness demands = Disabled

Add Logoff to get down bill of fare = Enabled

Force Classic Start Menu = Enabled

Turn off Creation of system restore checkpoint = Enabled

Configure automatic updates = Enabled

Always wait for a web when computing machine start = Enabled

Group Policy Refresh interval for Computers = Enabled

After making the policies link every policy to desired OUs.

Now every OU in sphere Managed by group policy object.

Seventh: File Server Creation

Create file waiter by add the function from pull off your waiter ace in administrative tools.

First apportion the infinite for every user in sphere ( 200 MB ) .

Set the warning degree ( 200 MB ) .

Bend on indexing option to let users seeking files in ain booklets.

Choose portion booklet way in waiter.

Write the portion name and portion description.

Determine permission ( Administrators full entree – users read and write ) .

Domain Administrator Tasks

As sphere Administrator I Have to supervise domain public presentation and handiness throw admin undertakings scheduled daily, hebdomadal, monthly and as required.

Daily Undertakings

Review Logs:

Check application log for warning and mistake messages for service startup Errors, application or database mistakes and unauthorised application installs.

Check security log for warning and mistake messages for invalid logons, unauthorised user making, opening or canceling files.

Check system log for warning and mistake messages for hardware and Network failures.

Check web/database/application logs for warning and mistake messages.

Check directory services log on sphere accountants.

Perform and Verify Daily Backup:

Run and/or verify that a successful backup of system and information files has completed.

Run and/or verify that a successful backup of Active Directory files has completed on at least one Domain Controller.

Path and Monitor System Performance and Activity:

Check for memory use.

Check for system paging.

Check CPU use.

Check Free Hard Drive Space:

Check all thrusts for free infinite and Take appropriate action as specified by site ‘s Standard Operating Procedures.

Physical Check for Systems:

Visually look into the equipment for brownish-yellow visible radiations, dismaies, etc and Take appropriate action as specified by site ‘s Standard Operating Procedures.

Weekly Undertakings

Archive Audit Logs:

Archive audit logs to a media device and clear old Logs.


Download and put in current Anti-Virus signature files.

Review Anti-Virus Reports and Logs.

Scan all hard-drives utilizing current Anti-Virus signature files.

Check Vendors Websites for Patch information:

Check seller web sites such as Microsoft, Sun, HP, Oracle, etc. for new exposure information including spots and hot holes.

Compare System Configuration Files against a baseline for alterations undertakings:

Compare system constellation files against the baseline.

Compare application executables against the baseline.

Compare database stored processs against the baseline.

Run file system unity nosologies:

Run diagnostic tools to observe any system jobs

Monthly Undertakings

Perform Self-Assessment Security Review:

Review engineering checklist for any alterations

Run current security reappraisal tool

Perform Hardware/Software Inventory:

Review hardware and comparison to stock list list

Review package and comparison to stock list list

Run Password-Cracking Tool ( Domain Controller merely )

Run a password-cracking tool to observe Weak watchwords.

Verify User Account Configuration

Run DumpSec tool to verify user history constellation

Quarterly Undertakings

Test Backup and Restore Procedures:

Restore backup files to a trial system to verify processs and files

Change watchwords:

Work with appropriate application decision maker to guarantee watchword alterations for service histories such as database histories, application histories and other service histories are implemented.

Change Administrator Password for chief Waiters.

As Required

Trial Spots and Hot holes

Install Patches and Hot holes

Agenda Downtime for Reboots

Apply OS ascents and service battalions

Create/maintain user and groups histories

Set user and group security

After System Configuration Changes

Create Emergency System Recovery Data

Create new system constellation baseline

Document System Configuration Changes


In Future Company Have to Upgrade the Operating System From Windows Server 2003 to Windows Server 2008. Because Windows 2008 Server has Many Advantages:

Virtualization ( Hyper -V ) this as a manner of cut downing hardware costs by running several ‘virtual ‘ waiters on one physical machine merely With 64Bit Machines.

Server Core provides the minimal installing required to transport out a specific waiter function, such as for a DHCP, DNS or print waiter.

Better waiter Security.

Role Based Installation.

Read Merely Domain Accountants ( RODC ) .

Enhanced Terminal Services.

Network Access Protection because Microsoft ‘s system for guaranting that clients linking to Server 2008 are patched, running a firewall and in conformity with corporate security policies.

Power Shell Microsoft ‘s new ( ish ) bid line shell and scripting linguistic communication.

New IIS 7 Release.

Windows Aero which is Microsoft new Graphical user Interface utilizing in Windows Vista and Widows 7.

Cite this page

A Study On Microsoft Active Directory Computer Science Essay. (2020, Jun 01). Retrieved from

Are You on a Short Deadline? Let a Professional Expert Help You
Let’s chat?  We're online 24/7