NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Contents I.
Create Users of class SNA-A and SNA-B: ............................................................................................... 3 1)
A.SNA15-B ......................................................................................................................................... 3
2)
B.SNA15-A......................................................................................................................................... 6
II.
Create two OUs for: ............................................................................................................................ 10 a.
SNA15-A .......................................................................................................................................... 10
b.
SNA15-B .......................................................................................................................................... 12
III. Create two groups for: ........................................................................................................................ 14 a.
G_SNA15A ....................................................................................................................................... 14 b. Create group by Command line (SNA15-A).................................................................................... 15 c.
G_SNA15B ................................................................................................................................... 16
IV. Add users of class SNA-A and SNA-B into each groups....................................................................... 19 A. Add users Class SNA-A to G_SNA15-A .............................................................................................. 19 B. Add users class SNA-B to G_SNA15_B.............................................................................................. 20 V.
Take windows client joins domain with windows srver2008 ............................................................. 22
VI. Create user profile on windows client (take one user in class SNA-A&B login) ................................. 27 A. Create users profile class SNA-A login(Name chhunly.bin) ................................................................ 27 B. Create users profile class SNA-B login ( name is SOK.khem) .............................................................. 30 VII. Set limit hours logon for two users in Class SNA-A&B to login server (any users) ............................. 33 A. Set time limit login for Class SNA-A login to server ( one users) for users ( piset.Noun) ................... 33 B. Set time limit login for Class SNA-B login to server ( one users) for users ( Hing.thea) ..................... 35 VIII. Set temporary or account expire two users for class SNA-A&B (any users)....................................... 37 A. Set tempory or account expire one users for class SNA-A( Name Piset.Nuon).................................. 37 B. Set temporary or account expire one users for class SNA-B(any users)............................................. 39 IX. Delegate two users (Class Monitor) on each OUs .............................................................................. 41 Show Delegate can only user SNA-B(OU) control by ( SOK.khem) ......................................................... 57 X.
Configure Trust domain : .................................................................................................................... 59 First: Choose Two ways option then shows result. ................................................................................ 59 Second choose one-way incoming show result………………………………………………………………………………….62
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
I.
Create Users of class SNA-A and SNA-B: - Description: Students - Office: B13 or A21 - E-mail: Firstname.Lastname@your_domain
1) SNA15-B We need to create it on excel after we save to (.bat)
All users in the the excel not save to ( .bat) then copy to notpate and after save to (.bat)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
All users it the notepad (dsadd users cn=name users,ou=name of ou,dc=name of domain,dc=domain –email name email other more if you want put it
Users all it create successful by command line
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
After we create user by command (.bat) we have all name of SNA_B => click on SNA15-B
a) Create users by interface (GLI)(SNA15-B)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
ďƒ° Result after create click on SNA15-B you can see name sok khem
2) SNA15-A - Description: Students - Office: B13 or A21 - E-mail: Firstname.Lastname@your_domain => All users Class SNA15-A have create on the excel (name ,Description office ,Email
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Users create the same class SNA15-B (dsadd users cn=users name,ou=name of ou,and other more then copy it to notepad
After we create it on excel and copy to notpad all ready we need save it to (.bat)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
After we save it (.bat) we need =>right click on file .bat => click on the Run Administrator
After we run it by (.bat) click on SNA15-A see all users in class SNA_A
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
I.
Users by interface (SNA15-A) Create users name vannaisat1
Users it on SNA15-A
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
II.
Create two OUs for: a. SNA15-A Click on start=> Administrator=> Active Directory users and computer => click on it
Right click on the ccie.info => New => Organization Unit
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Write the name of SNA15-A to box
After we create OU we have one OU name is SNA15-A
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
b. SNA15-B Click on start => Administrator=> click on the Active Directory and computer =>
Right click on ccie.info => New => Organization Unit
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This OU name is SNA15-A => OK
After we create OU SNA15-B we have one result
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
III.
Create two groups for: a. G_SNA15A Right click on the SNA15-A => New => Group and then continue
This is name of Group (G_SNA15-A) for Class SNA15-A
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
After we create G_SNA15-A in class SNA15-A we have one group
A . Create group by Command line (SNA15-A) Create by command line (net localgroup G_SNA15-A /add )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
After we create Group by command line we have one group name (G_SNA15-A)
B. G_SNA15-B Create G_SNA15-B the same G-SNA15-A but deference name of Group (G_SNA15-B)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Create Group by interface (Right click on SNA15-A => New=> Click Group )
Right click on SNA15-B have G_SNA15-B
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Create G_SNA15-B by command (net localgroup G_SNA15-B /add)
This is Group name is G_SNA15-B
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
IV.
Add users of class SNA-A and SNA-B into each groups
A. Add users Class SNA-A to G_SNA15-A Click on SNA15-A => right G_SNA15_A => click on Members => Add => OK
Write the name if you want => check name => click on name user
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Member of G_SNA15-A => click on appaly => OK
B. Add users class SNA-B to G_SNA15_B Click on the SNA15-B => Right click on G_SNA15-B => Member => Add => OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Write the name of users if we want to choose => check name => apply => OK
Click on =>Member => Add => Apply => OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
V.
Take windows client joins domain with windows srver2008 We need to know about IP,getway of client and server => command ncpa.cpl=> right click on domain server => click on => Properties
Double click on => internet Protocol Version 4 => users the following IP address
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Window +R => write the word (ncpa.cpl) about window cient => right click on =>local Area Connection => click on the => Properties
Double Internet Protocol Version 4 => Use the following IP address (we need to put DNS the same of server and default gateway of server)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click strat => right click on coputer => properties => get the word change to join domain
Click on the word change => for to change domain of client => click on domain put domain
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to close firewall (firewall.cpl) close all firewall and OK
After we close firewall (gpupdate ) and then OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Write the domain name => then OK=> complete in box => Administrator and password (admin)
We success after join domain client with server (welcome to the ccie.info domain)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
VI.
Create user profile on windows client (take one user in class SNAA&B login) A. Create users profile class SNA-A login(Name chhunly.bin) Users chhunly.bin is login to server (ccie.info)
After login to server ccie.info ( This is name of users)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on Computer to see profile of users login
Click on Local Disk to see profile users
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to on => Users
This is users name profile of chhunly .bin that login in to server
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
B. Create users profile class SNA-B login ( name is SOK.khem) => Users class SNA-A login to server (name is sok.khem)
ďƒ° After login we need to change password for users
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on start => computer to see profile of users
We need to click on Local Disk for profile uses
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on Users
This is users profile of user (sok.khem)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
VII.
Set limit hours logon for two users in Class SNA-A&B to login server (any users) - Note: Start from 8:00AM to 6:00PM and from Monday until Friday.
A. Set time limit login for Class SNA-A login to server ( one users) for users ( piset.Noun) => we need to cick on SNA15-A => right click on users name => properties
ďƒ° Click on Logon Hour to set time (from 8:00 AM to 6:00 PM ) (Monday to Friday)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
* Set time limit login for Class SNA-A login to server ( two users) for users ( So.sen) => Click SNA15-A => click on name of users =>properties => Logon Hour
ďƒ° Click on Account => Logon Hour ( set 8:00AM to 6:00 PM ) (Monday to Friday )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
B. Set time limit login for Class SNA-B login to server ( one users) for users ( Hing.thea) => Click SNA15-B=> click on name of users =>properties => Logon Hour
ďƒ° Click on Account => Logon Hour ( set 8:00AM to 6:00 PM ) (Monday to Friday )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Set time limit login for Class SNA-B login to server ( one users) for users ( Leng.tola) => Click SNA15-B=> click on name of users =>properties => Logon Hour
Click on Account => Logon Hour ( set 8:00AM to 6:00 PM ) (Monday to Friday )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
VIII.
Set temporary or account expire two users for class SNA-A&B (any users) - Monday 28th july 2014 ( Temporary time)
A. Set tempory or account expire one users for class SNA-A( Name Piset.Nuon) - Monday 28th july 2014 ( Temporary time) => Click SNA15-A=> click on name of users =>properties => Account
ďƒ° Click on Account => tick on password never expires => End of => choose the date
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
B. Set tempory or account expire two users for class SNA-A( Name So.sen) => Monday 28th july 2014 ( Temporary time) => Click SNA15-A=> click on name of users =>properties => Account
ďƒ° Click on Account => tick on password never expires => End of => choose the date
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
B. Set temporary or account expire one users for class SNA-B(any users) - Monday 28th july 2014 ( Temporary time) -Set temporary or account expire one users for class SNA-B(Hing.thea) -Monday 28th july 2014 ( Temporary time) => Click SNA15-B=> click on name of users =>properties => Account
ďƒ° Click on Account => tick on password never expires => End of => choose the date
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
-Set temporary or account expire one users for class SNA-B(Leng.Tola) -Monday 28th july 2014 ( Temporary time) Click SNA15-B=> click on name of users =>properties => Account
ďƒ° Click on Account => tick on password never expires => End of => choose the date
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
IX.
Delegate two users (Class Monitor) on each OUs
- these users can delete OUs, they can create, delete, reset password,and manage group and user account. A. Delegate two users for Class SNA-A (Class Monitor) Click on SNA15-A => Delegate Control for users manage this OU
Choose the name (chhunly.bin) write name that we want to delegate => check name
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Two users in class SNA-A that control on SNA15-A (OU ) => next
Tick on Create ,deletd and manage and other more and next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to click on view to tick on =>Advance Feature
We need to remove => Authenticated Users
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to remove Pre- window 2000 Compatible Access
We to click on =>Advanced => tick on Include Inheritable permission from => OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We click on remove
Give permission to users chhunly.bin (Full control to this OU)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to add (Administrator to OU SNA15-A give permission users the same Admin
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on SNA15-A => choose name after we delegate => right click on users => Properties
We need to add (administrator to user name chhunly.bin(write name users => check name )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This result After we add (admin for users)
B. Delegate two users for Class SNA-B( Class Monitor) Right click on SNA15-B => Delegate => continue
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to click on Add => write the same that we want delegate => check name => choose name and OK
This result After we add to control OU(SNA15-B)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Permission the same SNA15-A (create ,delete and manage users account)=> next
Right click on SNA15-B => Properties
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to remove => Authenticated Users
Permission => tick on Include inheritable permission => remove
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to add administrator to SNA15-B => add => choose the name => check name => admin
We need to give permission to users (sok.khem) full control
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on view and click on Advance Feacture
Click on SNA15-B chsoose the name of user that we delegate all ready add one addministrator
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
ďƒ° This is result after we add (Administrator)
=> Each user delegation can only have permission on owner OU A. Show Delegate can only user SNA-A (OU) by (chhunly.bin) => users chhunly.bin is have been login
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on start => chhunly.bin has login
Click on Administrator Tools => Active Directory users and computer => continue
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on SNA15-A can manage all users
Click on SNA15-A and SNA15-B is have been disable users chhunly.bin can’t manage
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
B. Show Delegate can only user SNA-B(OU) control by ( SOK.khem) Users sok.khem is login
Click on start => can see users name ( sok.khem )
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on SNA15-B => choose one users for testing (user sok.khem )can delete ,reset password
But click on SNA15-A users sok.khem can not manage because access denied
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
X.
Configure Trust domain : First: Choose Two ways option then shows result.
We need to know about IP and change DNS of server ccnp (command for IP address is ncpa.cpl(tick on internet Protocol version 4)
We need to know about IP and change DNSof server ccie (command for IP address is ncpa.cpl(tick on internet Protocol version 4)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to run this command for run policy (gpupdate)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need ping 192.168.1.1 about server ccie
We need ping 192.168.1.4 about server ccnp
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Ping to server (ccnp.net)
Ping to server (ccie.info)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on start => Administrtor => active Directory and turst (In ccie Trust)
Right click on ccie.info => Properties => continue
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
After we right click on => New Trust …=>Trust => OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Trust name (ccnp) we need to put other trust name
This domain is a forest root domain => click on the External trust => OK
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Select the direction for this trust => Two way => OK
Sides of trust => this domain only => next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Outgoing Trust Authentication level=> Domain-wide authentication => Next
Trust Password => This password the same trust use this password => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Cofirm Outgoing Trust => need to tick Yes ,confirm the outgoing => next
We need to confirm incoming trust => tick on the yes, confirm the incoming trust => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Result after we create it name trust is (ccnp.net)
Click on start => Administrator => Active Directory Users and Computer => for new trust
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Right click on ccie.info => Properties => to create New Trust
New trust Wizard => put the name other server (CCIE)=> Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Trust type =>tick on External trust => Next
Direction of Trust => tick on Two way =>Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Sides of Trust =>tick on This domain only=> Next
Outgoing Trust Authetication Level => Domain-wide authentication => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Trust Password the same trust ccie.info => Next
New trust Wizard => confirm Outgoing Trust => Yes, confirm the outgoing trust => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Confim Incoming Trust => Yes, confim the incoming trust => completed => Adminstrator and password of admin=> Next
This is Completing the New trust wizard=> finish
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This is result after we create trust
Click on Start => Administrator => click on DNS to put DNS other server
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on Trust_test1 => right click on Root Hind => Properties
After go to Root Hind we need put server name name ccie.info and IP too
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Result after create (ccie.info )=> apply=> OK
Click on Start =>Administrator => DNS
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on Trust_test2 => right click on Root Hind => Properties => continue
It the same other trust we just change domain name and IP of server to and back
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Trust _test2 (ccnp.net) => apply and => OK
Write command (ncpa.cpl) => right click on local Area => Properties=> use the following IP
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
User the following IP address => and click on Advanced =>Add for add default gateway => OK
We need to add Ip gateway for computer client can access to trust
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This is result after we add gateway => OK
Click on start => right click on my computer => properties => continue
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Click on Computer name => click on the word change => click on domain (write name domain )
Join domain is success computer name is change
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Test users login to server (CCIE ,CCNP)
Users chhunly.bin login to server CCIE
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
User can access to CCIE(IP 192.168.1.1), access to CCNP (IP 192.168.1.4)
B…. Choose One ways (in-coming) option then shows result. Right click on name of server CCNP.INFO => choose New Trust and => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This name of trust get the name other trust put (CCIE)=>Next
Trust type we need to choose => Forest trust and => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Direction of trust we need to choose => One-way incoming => Next
After we choose one-way incoming => Sides of trust => click on Both this domain and the specified domain => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
Users Name and Password of Administrator => next
Outgoing trust Authentication Level-Specified Forest=> Choose the forest-wide authentication => Next
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
We need to confirm Incoming Trust => yes , confirm the incoming trust=> Next
This result we completed it success about trust => Finish
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
This is result of one way incoming it completed (CCNP.NET) =>apply => OK
After we create it success let user login to server (CCIE) users name (chhunly.bin)
NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A
ďƒ° After let users login to server users can access to [( CCIE)(IP 192.168.1.1)] [(CCNP)(IP 192.168.1.4)]
=> What is different between Trust domain Two ways and One ways (in-coming) option?
A. about one-way A one-way, incoming, external trust allows users in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to access resources in another Active Directory domain (outside your forest) or in a Windows NT 4.0 domain. B.. About two way A two-way, external trust allows users in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) and users in the reciprocal domain to access resources in either of the two domains.
THE END NETWORD ADMINISTRATOR (PNCAMBODIA)
VANNAI SAT_SNA15_A