Active Directory

Active Directory Domain Services (AD DS) is a core component of Microsoft's Active Directory, which provides centralized authentication and authorization to network resources. It is primarily used in business environments to simplify user management, control access to data, and enforce security policies.

Model

Δ Single forest single domain model is prefered especially for Small and Medium-sized Enterprise.

  • Meet business requirement
  • Meet security requirement
  • The easiest to administer
  • The least expensive to maintain

MiniContoso (SME) is a fictional company used for demo of IT infrastructure setup.

Domain Controller

A domain controller is a server that is running a version of the Windows Server® operating system and has Active Directory® Domain Services installed.

1. Install ADDS Service

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

2. Promote Domain Controller

Install-ADDSForest -DomainName minicontoso.com -InstallDns

3. Deploy Secondary Domain Controller

Get-ADDomainController -Filter * | Select-Object Forest, Domain, Site, HostName

4. FSMO (Flexible Single Master Operation)

netdom query fsmo

Maximum number of user account?

Each domain controller in an Active Directory forest can create almost 2.15 billion objects during its lifetime. AD objects are entities that represent a resource such as users, computers, or printers.

More

Roles and Features

In Windows Server, the Server Manager console and Windows PowerShell cmdlets for Server Manager enable you to add roles and features to a local or remote server, or offline virtual hard disk (VHD).

Active Directory Rights Management Services

AD RMS allows individuals and administrators through IRM (information rights management) policies to specify access permissions to documents, workbooks, and presentations. This helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. After permission for a file has been restricted by using IRM, the access and usage restrictions are enforced no matter where the information is, because the permission to a file is stored in the document file itself.

Active Directory Certificate Services

Active Directory Certificate Services (AD CS) is a Windows Server role for issuing and managing public key infrastructure (PKI) certificates used in secure communication and authentication protocols. Digital certificates can be used to encrypt and digitally sign electronic documents and messages as well as for authentication of computer, user, or device accounts on a network.

Dynamic Host Configuration Protocol (DHCP)

DHCP failover allows two Microsoft DHCP servers to share availability information, ensuring high availability by replicating IP address leases and settings between a primary server and its failover partner. All scope information is shared between the two DHCP servers, including active leases. This enables either DHCP server to assume responsibility for DHCP clients if the other server becomes unavailable.

Hyper-V

Hyper-V is Microsoft's hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine. Each virtual machine acts like a complete computer, running an operating system and programs. When you need compute resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware.

Print and Document Services

Print and Document Services enables you to centralize print server and network printer tasks. With this role, you can also receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses.

Key Management Services (KMS)

Key Management Services (KMS) uses a client-server model to activate Windows clients. KMS is used for volume activation on your local network. KMS clients connect to a KMS server, called the KMS host, for activation. The KMS clients that a KMS host can activate are dependent on the host key used to activate the KMS host.

Remote Desktop Services (RDP)

The Remote Desktop Session Host (RD Session Host) holds the session-based apps and desktops you share with users. Users get to these desktops and apps through one of the Remote Desktop clients that run on Windows, MacOS, iOS, and Android. Users can also connect through a supported browser by using the web client.

Team

Gao Hui

CEO

Lin Tao

Finance

Han Meimei

HR

Li Lei

IT