1. Introduction and Scope

These Active Directory workshops ran over three days and aimed to cover the basics of Active Directory, focussing primarily on areas that are likely to be of most interest and use to ITSS staff setting up AD domains in their departments and colleges. Where possible, common tasks, problems and experiences to date were detailed (especially in the area of DNS and naming.) The workshops included practical sessions to cover most of the common tasks.

The workshops were open to all IT support staff and were aimed primarily at staff who are either already running an Active Directory service, or installing Active Directory or planning on installing Active Directory.

2. Presentations

The talks are available on the web in PowerPoint format (v95 and above.) Please note that some of the later presentations were written during the course and are incomplete. They are included here by popular demand, and the gaps will be filled in as soon as possible. There is also at least one particularly horrible sentence in the DNS slides that will one day be rewritten to make sense.

2.1. Session 1

Installation and Naming
Considerations when installing the first domain controller. Naming issues. How to check that it’s worked correctly. Practical to install Active Directory.
Management Tools and Diagnostic Utilities
A look at some of the most useful management tools and utilities. Brief guide to Microsoft Management Console.

2.2. Session 2

Vital for Active Directory — many AD problems result from incorrect DNS configuration. Overview of DNS and how it works. How AD domains relate to DNS domains. How it is set up for ox.ac.uk wrt AD. How to install and configure for ox.ac.uk setup. Common problems people have had so far. Practical to configure DNS and install AD on second server.

2.3. Session 3

Overview of replication. How to check that it is working. How to view replication topology. Initiating replication manually. Brief practical session to view replication connections and initiate replication.
Operations Masters
Overview of operations masters roles. Guidelines for locating them. How to move them. How to seize them if something goes wrong. Utilities to view them. Practical to view, transfer and seize roles.
Time Synchronization
Brief overview and how to set up external time synchronization.

2.4. Session 4

Group Policy
Overview. What it is, where it’s stored, what it does, how to create, delete and manage it. When/how it’s applied. Inheritance of Group Policy. Design considerations/recommendations. Practical to configure some settings.

2.5. Session 5

Group Policy — Software Deployment
Overview of Windows Installer. Information on installing software using Group Policy. Options available. Practical to install some software using Group Policy.
Anything that I can think of that hasn’t been covered elsewhere. Useful things to look at that I don’t know about but which are worth finding out about.

2.6. Session 6

Active Directory Database Maintenance; Backup and Restore
How to backup, restore, move the database and log files. Authoritative and non-authoritative restore of AD. How to recover from catastrophic domain controller failure. Practical to try it all out.
Migration Issues/Question & Answer
Options for migration. Questions/answers/current experiences welcome. Opportunity for discussion?

3. Practical Sessions

The practicals are also available online. I think that they should more or less stand up on their own if you want to take them and work through them in your college/department. Ideally you will need three test PCs — two for Windows 2000 server and one running Windows 2000 Professional. The latter could be someone’s desktop PC running 2000 since in general it is used in a non-destructive manner to test the effects of Group Policy. You will have to work through the first day’s practicals before everything else will work since these cover the basic setup. The one thing that will have to be changed is the DNS setup which was very carefully set up in the Lecture Room and depended on correct DNS configuration on the front desk PC. Following the DNS practical blindly will not work. There are two main methods of getting around this.

  • Allow the Active Directory installation to install and configure DNS for you using a fictitious domain name (especially if you are testing out on an isolated network, i.e. not connected to your main LAN, or if you already have an Active Directory installation that uses your designated DNS domain name and want to set up a test environment.)
  • Set up the DNS using your designated domain DNS name and use this also as your Active Directory domain name. Follow the instructions from the OUCS Active Directory web pages about setting up the DNS. When you come to installing your production system you will obviously have to scrap the test one first if you do this.

NB there were some errors in the practical sessions and I have not yet checked through and corrected all of them. If you are trying these out yourselves, remember to substitute the correct name of your domain where appropriate.