1. Introduction and Scope
These Active Directory workshops ran over three days and aimed to cover
the basics of Active Directory, focussing primarily on areas that are likely to
be of most interest and use to ITSS staff setting up AD domains in their
departments and colleges. Where possible, common tasks, problems and
experiences to date were detailed (especially in the area of DNS and naming.)
The workshops included practical sessions to cover most of the common tasks.
The workshops were open to all IT support staff and were aimed primarily
at staff who are either already running an Active Directory service, or
installing Active Directory or planning on installing Active Directory.
The talks are available on the web in PowerPoint format (v95 and above.)
Please note that some of the later presentations were written during the course
and are incomplete. They are included here by popular demand, and the gaps will
be filled in as soon as possible. There is also at least one particularly
horrible sentence in the DNS slides that will one day be rewritten to make
2.1. Session 1
- Considerations when installing the first domain controller. Naming
issues. How to check that it’s worked correctly. Practical to install Active
Management Tools and
- A look at some of the most useful management tools and utilities.
Brief guide to Microsoft Management Console.
2.2. Session 2
- Vital for Active Directory — many AD problems result from incorrect
DNS configuration. Overview of DNS and how it works. How AD domains relate to
DNS domains. How it is set up for ox.ac.uk wrt AD. How to install and configure
for ox.ac.uk setup. Common problems people have had so far. Practical to
configure DNS and install AD on second server.
2.3. Session 3
- Overview of replication. How to check that it is working. How to
view replication topology. Initiating replication manually. Brief practical
session to view replication connections and initiate
- Overview of operations masters roles. Guidelines for locating them.
How to move them. How to seize them if something goes wrong. Utilities to view
them. Practical to view, transfer and seize roles.
- Brief overview and how to set up external time
2.4. Session 4
- Overview. What it is, where it’s stored, what it does, how to
create, delete and manage it. When/how it’s applied. Inheritance of Group
Policy. Design considerations/recommendations. Practical to configure some
2.5. Session 5
Group Policy —
- Overview of Windows Installer. Information on installing software
using Group Policy. Options available. Practical to install some software using
- Anything that I can think of that hasn’t been covered elsewhere.
Useful things to look at that I don’t know about but which are worth finding
2.6. Session 6
Database Maintenance; Backup and Restore
- How to backup, restore, move the database and log files.
Authoritative and non-authoritative restore of AD. How to recover from
catastrophic domain controller failure. Practical to try it all
- Migration Issues/Question & Answer
- Options for migration. Questions/answers/current experiences
welcome. Opportunity for discussion?
3. Practical Sessions
The practicals are also available online. I think that they should more
or less stand up on their own if you want to take them and work through them in
your college/department. Ideally you will need three test PCs — two for Windows
2000 server and one running Windows 2000 Professional. The latter could be
someone’s desktop PC running 2000 since in general it is used in a
non-destructive manner to test the effects of Group Policy. You will have to
work through the first day’s practicals before everything else will work since
these cover the basic setup. The one thing that will have to be changed is the
DNS setup which was very carefully set up in the Lecture Room and depended on
correct DNS configuration on the front desk PC. Following the DNS practical
blindly will not work. There are two main methods of getting around this.
- Allow the Active Directory installation to install and configure
DNS for you using a fictitious domain name (especially if you are testing out
on an isolated network, i.e. not connected to your main LAN, or if you already
have an Active Directory installation that uses your designated DNS domain name
and want to set up a test environment.)
- Set up the DNS using your designated domain DNS name and use this
also as your Active Directory domain name. Follow the instructions from the
OUCS Active Directory web pages about setting up the DNS. When you come to
installing your production system you will obviously have to scrap the test one
first if you do this.
NB there were some errors in the practical sessions and I have not yet
checked through and corrected all of them. If you are trying these out
yourselves, remember to substitute the correct name of your domain where