Domain Controller for home network

Hey guys,

Now that I've got two machines to work with, I want to set-up one of them to act as a server. Firstly it'll act as a web server, and secondly, I was thinking about setting it up as a domain controller. However, the only purpose for a domain controller that I have is so that I have one central area for usernames and passwords (rather than setting up the same acocunt on several machines with the same password). Anyone know of where I can find information about making this set-up possible? Thanks

I have 80 pages on Active Directory overview sitting in front of me. What's your fax line? haha

First off, you'll need a valid copy of Windows NT Server, 2000 server, or 2003 server. (Find Wusy).

Once you get to that point and install it, you'll need to configure DHCP, configure DNS, deploy Active Directory, then maybe you can say you're in the 'ballpark.'

Here's some links for the information you're looking for.. and please, read it all before you start. There is a reason Network Administrators get paid a hell of a lot of money for working with this Beast.

<A HREF="http://www.microsoft.com/events/series/adaug.mspx" target="_new">link1</A>
<A HREF="http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/sag_adintro_3.htm" target="_new">Link2</A>
<A HREF="http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx" target="_new">link3</A>
<A HREF="http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/projplan/adarch.mspx" target="_new">link4</A>
<A HREF="http://www.microsoft.com/technet/default.mspx" target="_new">link5</A>

Also, find Microsoft Newsgroups, you'll need those. Microsoft Technet will help.

Do a Google on "install active directory."

I think by the time you get to this point in reading this article, you'll think against doing it.

Wusy has a glorified Windows XP/Vista computer running server.. and he admits he doesn't know what to do with it yet.

Did you configure DNS? You'll have some problems unless you've configured that.

The profile will be new.. C:\documents and setting\USER for your local account but after you join the domain and try using USER as your username, you'll see C:\documents and setting\user.domainname

So, you'll need to create a new user and copy your information over. Outlook will let you export it, then rest you should be able to copy and paste over.

But considering Win2k3 configures DNS for the most part, you might not need to configure it. If you're using your router for DHCP, that'll cover you. If you're using the server, you'll want to put in your external DNS servers or at least your router's IP for a forwarder.

quick google search pulls the answer for it..

<A HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;287070" target="_new">support.microsoft.com link</A>

you could just copy the profiles to the new profile name it creates (logged on as local admin) then you would have to reconfigure anything. that should work, i dont know for sure if each profile has a problem with being local or domain.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>

Set DNS to forward to your ISP's DNS server. If your internal DNS can't resolve, it should forward it out to your ISP's.

You can check to make sure DNS is working by typing:

nslookup www.microsoft.com

or you can do:

nslookup (yourcomputernamehere)

If you do the latter of the two, if DNS is working (which 2k3 automatically configures) you should get back some good information. If not, you'll get an error.

IF you do the microsoft, you should get back good info, otherwise you'll get an error.

ex:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\MikeH>nslookup mau2005
Server: it-2003.itdept.xxxmycompany.com
Address: 10.11.50.7

Without DNS you'll get:


C:\Documents and Settings\MikeH>nslookup www.microsoft.com
Server: it-2003.itdept.xxxmycompany.com
Address: 10.11.50.7

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to it-2003.itdept.xxxmycompany.com timed-out


I take my company's name out since I bash them a lot.. we don't run a domain here, so we don't have DNS running. Out IT-2003 server is Win2k3, which I setup DNS on to work for my computer, but I don't have forwarders setup since no one seems to know the ISP's DNS servers.. I have them now, I just haven't set it up.. which I think I'll do today now that I realize I haven't.

Ok, DNS is looking good for the most part. You're getting close.
Are you running the nslookup command from your PC or your Server?

On your computer and server, if you go under the network connection and look at the DNS settings for TCP/IP, you'll want to have the following Checked, everything else unchecked:

Append Primary and Connection Specific DNS Suffixes (put a dot in the radial button)
The next check box and radial should be empty.

The 2 check boxes at the bottom, both of those should be checked.

Somewhere along the lines, DNS is attaching your primary DNS suffix to anything you're querying, which is why it keeps returning the IP of your server.
The Non-authoritive server means it's pulling a cache'd copy..

When you search for www.microsoft.com, it's actually looking for www.microsoft.com.morgoch.ws, morgoch.es being the parent domain, it starts there, then works backwards down the chain to what it thinks microsoft.com is a child of your domain.

I'll have to check out at what point DNS suffixes get automatically attached. It's not every day you work on DNS so once it's setup, you don't normally need to touch it again.

Append DNS suffixes should be UNchecked though, both on your computer and on the server.

hahahaha Well no one else would understand anything else if I were to post it.

Whene people start messing with AD, DNS, Win2k/2k3 Server, you start getting into what I know

Oh well.. my moment of glory is over now..

I've been working on my MCSE for about 4 months. Yet I'm still only halfway through the first book. I'm taking the time to actually learn it. The testing is extremely hard. You can take the 5 day course and pass the test, but you still won't learn anything.
It's hard reading because it can get really boring and stuff. It'll be really good to have a test setup sitting around that you can mess around with.
If you take the self-paced like myself, pay attention to the details in the books, you'll pick up a lot of cool things you'd never know about, plus best practices that aren't common in a lot of places.

Once Winter hits I'll start reading more on it and focusing, but I'm also working on my Security+ certification at the same time. Each of the MCSE 2k3 books are around 500-800 pages long, with most of it being text.

haha never heard that one before.. it makes sense though when people just take the 5 day, 5000 dollar course.

Which is why I'm actually reading the books, documenting stuff, and testing it out on my setup at home.. haha

mcse.. must call someone else.. nice.. I like that. haha