Active Directory Requirements - Assignment Example

Active Directory Requirements Active directory is an essential component which provides efficient and effective network administration. As per ‘www.pcmag.com it is defined as “An advanced, hierarchical directory service that comes with Windows servers”. The first step is to prepare a domain. Active directory functions on the domain. The domain name for HappyDaysholidays will be ‘www.happydaysholiday.com’. Single domain model will be adopted as a forest root domain since the organization is a SME. After creating the domain, DNS configuration is required and what type of DNS version to be used; the names used for the domains, servers, and services in Active Directory; and the names of the forests and the forest root domains. The trust plan is also required which parallels the creation of the forest and domain plans, outlines any manually created trusts, the direction of the trusts, and the rationale for them. Trusts can be imple­mented for reasons of performance enhancement within a single forest or to allow access to resources between separate forests. 1.1 User And Group Creation 30 users are created with five groups in the active directory. Each user is assigned membership of the following groups. Group 1 named as “Long Term Lets Group” Group 2 named as “Short Term Lets Group” Group 3 named as “Personnel Group” Group 4 named as “Marketing Group” Group 5 named as “Accounts Group” 1.2 Limited Access For limiting access to the sales and all the remaining staff, Configuration will be conducted in the “Active directory users and computers” console. Click Start menuAdministrative Tools,  Active Directory Users and Computers. In the console, click user account Right-click the user accounts, and then click Properties. Click Account and then click Logon Hours. Click All to select all available times, and then click Logon Denied. Select the time blocks as per the requirements to allow the specific user to log on to the domain, and then click Logon Permitted. A status line provides the options to edit logon times including days of the week, and timings. 1.3 User Login Restriction Active Directory Users and ComputersPropertiesAccounts Click the logon workstations dialog box by clicking the Log On To tab. Enter the name of a required workstation. Click Add. Replicate this procedure to identify additional workstations as per the organizations requirements. 1.4 User Restriction on Workstation User restriction is possible by applying group policy capabilities in Windows 2003 Domain; Users can be prevented from logging on to different domains rather than their home domain. In the target domain new ‘domain wide group policy object’ is created and activates by activating “Deny logon locally" to the resource of domain user accounts. The check should be enabled for the option “Deny logon locally”  1.5 Configuring mandatory file access Mandatory file access is implemented by configuring the User's Environment Settings. Active Directory Users and Computers User's Properties  Profile tab. Click option named as local path. Insert the path to the home directory in the related field. Example C:\ HappyDayHolidays \ %UserName%. 1.6 Password Policy The password policy will be applied in the Active directory users and computers console. These five elements related to password policy apply on each user created. Enforce password history, (As per organization requirement) Maximum password age, (Maximum 30 days) Minimum password age, (As per organization requirement) Minimum password length (10 Characters) Passwords must meet complexity requirements (As per organization requirement) 1.7 Account Lockout Policy Access the group policy console which is required for account lockout configuration. On the right hand side expand the security optionsexpand computer configurations select Windows settings  click security settings click local Policies select security options. By double clicking properties of automatically log off users when login time expires opens a dialog for defining policy. Clicks define this policy setting and click on enabled tab. In this way policy restriction which enforces for logon hours is activated. 2 File Server 2.1 Drive Mapping To create a network home directory, Active Directory Users and Computers PropertiesProfile tab. Click Connect option and choose a drive letter for the home directory. Universal Naming Convention (UNC) notation will be used to type the complete path to the home directory using the, such as: \\HappyDaysholidays\USER_DIRS\ %UserName%. The server name is mandatory to mention in the drive path to ensure that the user can access the directory from any computer within the domain. 2.2 Access rights on a Shared Folders The department’s shared folder requires read and write access. Right click on the folder  PropertiesSecurity. Select everyone in user data properties and select read and write from permissions panel for the specific folder. The long term and short term group will be added in user data properties by selecting read from the permission panel for the folder named as ‘Sales2011’.Managers from each department will be added specifically as users against all employees are created in the active directory. Users (representing as managers of the department) will be added to the user data properties and full writes including read, write and delete will be granted from the security panel. 3 Website 3.1 Welcome Page For creating a domain logon script ‘start.exe command is executed. It creates a file named as ‘logon.bat’ which contains the commands that the user wants to execute. Two new file are created named as ‘contentsfile.bat’ to call the logon.bat file. These both files are placed in the ‘Netlogon’ share on the domain controllers. For configuring the ‘Netlogon’ click Active Directory Users and Computers  Microsoft Management Console (MMC)configure user to configure ‘Netlogon’ scripts. 3.2 Virtual directory A Virtual Directory is a separate directory including a web site that links to another directory. This link can be to directory on the local server or network share. For changing access levels on virtual directories, following steps are used (Assuming that Internet Information Services (IIS) is installed previously). The explanation is in bulleted points for step by step illustration of the process. Click on the directory or web site whose permission you want to change. While highlighted right click and choose Properties from the drop down menu. Choose the Directory Security tab. From within the Password Authentication Group choose Edit. Check the Authentication setting you want. Click OK. 3.3 Virtual directory Permissions Log on to RMS client as local administrator. Open Registry Editor. Create a new registry key named DecommissionunderHKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM Under the Decommission registry key, add a new String Value entry, replacing your-license-server with the name of the RMS cluster used for licensing: Https:// HappyDayHolidays /_wmcs/licensing. Double-click the new registry entry, type  http://your- HappyDayHolidays_wmcs/decommission, and then click OK. 4 Group Policy The rules applied on an object affects on each user who is a member of that group. The configuration will be conducted on the domain controller by execute the ‘Group policy’ console. On the left column, click User configurationAdministrative Templates Start menu and Taskbar. On the right side administrative templates will appear. Select the template ‘Remove run menu from start menu’ and Disable Add/ Remove Programs  Properties  select disabled from the settings tab. 5 Test plan Run the command from the start menu  Run  Dcdiag.exe This command illustrates the statistics of successful active directory implementation, connectivity and efficiency. The result of this test must quote “Test Passed”. References , Active Directory Definition from PC Magazine Encyclopedia . Available: http://www.pcmag.com/encyclopedia_term/0,2542,t=Active+Directory&i=37454,00.asp [12/14/2010, 2010]. Appendices Active Directory Design Read More