OK, so you've got a domain. Now you need to configure it to get it all set up the way you want it. A lot of this will depend greatly on how you're going to be setting up your domain, but here's what I've done. Adjust or ignore any of my posts labeled "4. Domain configuration" as needed for your situation.
The first thing we'll do is set up what Active Directory calls "Sites". FYI, this has NOTHING to do with websites. Since I've got two physical office locations, I'm going to set up two different geographical "sites" within Active Directory, so I can configure how they talk with each other. This isn't necessary if you have only one office.
Open your Server Manager. You can either do that by closing the "Initial Configuration Tasks" window (that action causes the Server Manager to open by default), or clicking the "Server Manager" button (which should be the first pinned icon in the task bar). You can also find it in the start menu.
This is a truly useful window, a one-stop-shop of sorts where you can get all kinds of information about what your server is doing and configure it. So on the left side of the window, expand "Roles" if it's not already. One of the entries below it is "Active Directory Domain Services". Click that, and the right side populates with event notifications from the last 24 hours, a list of services associated with the role, and even suggestions for what to do next for the best practices and experiences.
For now though, just go back to the left side of the window, and keep drilling down, expanding "Active Directory Sites and Services", "Sites" and "Inter-Site Transports" in turn. Now, under "Inter-Site Transports", click "IP". The right side of the window changes to show you a single item, probably called, "Default_IP_Site_Link". This item represents the internet connection between the servers in your different locations...there are all sorts of properties you can apply to it to govern how the servers use that link.
However, that name isn't very clear on what it is, so right-click on that and rename it to something that will be useful to you - something like "Inter-office WAN link" that actually tells you what it is. If you have several locations, you can even create multiple transports to really have fine-grained control on how they talk with each other, but I'll get back to that in a minute.
Once that's renamed, just go back up a few levels on the left side of the window and click "Sites" under "Active Directory Sites and Services". Again, the right side of the window will show you the two "sub-folders" under "Sites" in addition to a single actual "Site" object. It's also named something useless like, "Default_First_Site", so right-click on it and rename it to something better, like the name of the city your first location is in. Now right-click "Sites" on the left side of the window and choose to make a "New" -> "Site" to represent your other office. Part of that process is to choose the transport to use for this office - since there's only one for now, just choose it. Repeat for as many offices as you have.
Now, go to the first site - the one you renamed. There's a "sub-folder" under that site called "Servers". You'll find your Domain Controller in here. If this is the site it is actually in, great. Otherwise, drag it out into the "Servers" sub-folder of the site it should actually serve. Come back and do this whenever you add a new Domain Controller.
If you only have two sites, this part is done now. But if you have three or more, you may want to configure each link separately. Maybe two of your sites are always online but the third is only online during business hours, for instance. To set up different rules between each of the different sites, go back to "IP" under "Inter-Site Transports" and right click to make a "New Site Link". Name it appropriately, then choose the two sites that link should govern. Then right-click the first link and remove any site that shouldn't be governed by that transport.
Now go through each of your transports...right-click them and choose "Properties". From here, you can set a schedule for which hours the servers can talk with each other over the link, assign a "cost" for each link, etc. Costing is an interesting idea that you may want to look into, even if you only have two sites, if you have multiple internet connections.
For instance, if you have one connection that's for normal traffic or VOIP traffic and a separate internet connection dedicated to the server traffic, you'd set up a transport for each connection but assign different COSTS to them. The one dedicated to the server would be the lower cost so it would get used primarily. But if that link went down, it would try using the higher cost link to make sure the data gets through.
Anyway, there's one more thing to do: tell it how to figure out which site a computer is in automatically. Each physical location probably is using it's own subnet of IP addresses, assigned by the DHCP server in that office, so we tell the computers to look up which site their IP address is in to know where it is physically located each time it asks for an IP address.
Back up a level again and click on "Subnets" under "Sites". Right-click it to make a "New Subnet". Now use Network Prefix Notation to tell it which range of addresses belong to which site. For instance, 192.168.1.0/24 is any address in the 192.168.1.x range.
As a side note, sites are also VERY useful for DFS shares, which we'll get to later...and this time, it's for the client computer's benefit. So it really is worth it to get this set up.
No comments:
Post a Comment