Welcome to TomNeilly.com

Active Directory
Tom Neilly
10/12/2014

In Systems Administration this week, we worked a lot with Microsoft Server 2012 Datacenter R2. We learned how to set up domain controllers, file servers, and Active Directory. Since I still have not upgraded my home computer to Windows 8, which is required to use the same Hyper-V as Microsoft Server 2012, I used the Pro2 to give myself some practice with setting up a domain controller and Active Directory.

Domain controller snapped to the left, File-Server snapped to the right.

Using Hyper-V, Microsoft’s virtualization platform, which I previously blogged about, I was able to install a temporary, unlicensed version of Microsoft Server 2012 Datacenter R2. Normally, a license for this powerful operating system can cost thousands of dollars, but fortunately they do offer a free, temporary version for trial and educational purposes. The Server 2012 trial lasts long enough to endure the length of the Systems Administration class, so I don’t have to rely solely on my workstation at CTM or the lab machines to practice and learn about various features that Server 2012 offers – such as Active Directory.

Since there is no license key required for this trial version, I’m able to install as many virtual instances of Microsoft Server 2012 Datacenter R2 as I need on the Pro2. The Pro2 is powerful enough to handle running multiple virtual machines at once, so I’m able to set up multiple servers that each serve different purposes.

My first virtual server is set up as a domain controller. A domain controller is a server that is used to authenticate users that are part of a domain (a logical group of computers) and is in charge of logging a user on to a domain. Active Directory how a Microsoft domain controller organizes computers, users, and groups across a domain. Active Directory allows system administrators to grant permissions to particular computers, users, and groups to what they can access, set password requirements and restrictions, control logon times, and control a multitude of other, more complex things.

Using virtual switches, I’m able to add multiple virtual machines to the domain that I have created. The domain controller is also where the Active Directory role is housed, so this one virtual server is providing these two main functions. The second server set up on the Pro2 is simply a file server and its main function is file storage and sharing. The file server is part of the virtual domain and allows users that have permission to upload or download files from the file server on to their computer. On the File Server virtual machine, I can set permissions and security on certain file shares, then go back to my domain controller VM and test the access permissions to ensure they are working properly.

For the readers that may be thoroughly confused by now, let me explain what the Pro2 is doing when I am running multiple virtual machines on it. When the Pro2 is simultaneously running two virtual machines, it is using the same hardware for itself, plus those virtual machines. The two virtual machines and the physical machine (the Pro2 itself) are completely unaware of each other. Essentially, one processor, 8GB of RAM, and one solid state drive are being split three ways, and those resources are being distributed into three (logically) separate machines - and all of this is happening on a 10” device!

For my final project in Systems Administration, I plan to set up a MalwareBytes server. MalwareBytes is a powerful anti-virus program that offers real-time protection against all types of Malware. Through the use of the MalwareBytes Enterprise software and Active Directory, I will be able to remotely install MalwareBytes and monitor any potential threats from the server. Due to the portability and power of the Pro2, I will use it for demonstration and as my test environment for this project, as it requires very little effort to set up and connect to my domain compared to a full-sized computer, monitor, keyboard, and mouse. The Pro2’s docking station has an Ethernet port built into it, allowing me to easily plug the Pro2 into a switch that is connected to the MalwareBytes server, add the Pro2 to my domain, and then add the Pro2 to the MalwareBytes console. I know you, the reader, must be just as excited as I am to see all of this in action, and a future blog will be focused on this project as a whole.

For a lot of our Systems Administration projects, internet access is not required since everything is happening on our own network. Using Hyper-V, we can create our own virtualized network to let the virtual machines communicate. In other words, for the rare times when I do not have a wireless connection available to the Pro2, it does not affect my ability to work within my virtual network, making these types of projects completely portable.

Pinging from the FileServer VM to the domain controller VM to test connectivity.

To me, everything related to Systems Administration is a lot of fun and I really enjoy learning about it - and to be able to practice and learn things like setting up file shares and Active Directory from anywhere using virtualized test environments on a portable device is really incredible.