Windows 10: How do I create a Windows Domain for the first time? Is the Windows Server platform's the...

Hello,How can I start a Windows Domain for the first time?What is the prerequisites to craft my first Windows Domain, and how to get started locally on the LAN? Is just the Windows Server platform specifically, Server 2007 Series, Server 2012 Series, Server 2015 Series and Server 2021 is the blame for starting the very first Windows Network Domain on my LAN?I'm interested on starting the first Windows Domain when my grandparent just got hands on a Windows Domain experience [having domain profiles and normal profiles] and me seeing Windows Domain in action. Bing'd it, but cannot find how to

:)

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

Question for some1 with windows domain knowledge

I know there isnt a whole lot of server admins here, but I thought I would ask.

At my work we had our office domain server go down due to windows corruption. Since they have still been able to login to their accounts using the server that went down. So they picked the ADMIN domain in the their drop down list.

Now that i'm rebuilding the ADMIN server I want to make sure they can use the same accounts and still have all of their my documents data and such. I want to know where is their ADMIN user data and authentication being kept. Would it be the other domain on the network? or on their local machines?

Note* there is no trust setup from what i can tell between the two servers. And their accounts dont exist in active directory on the other server.

Any help is appreciated

 

Question:- How to add client to domain from domain controller side?

Hi Guys,

-I have domain called lab.com created on virtual machine Windows Server 2008
-I have added a client machine Linux machine rhel6 to domain lab.com in /etc/host file
-I am able to ping DC from linux machine by IP and hostname .
But from DC I can only ping Linux machine by IP address and not by its hostname "rhel61.lab.com"

I don't want to add linux machine entry to DC's hosts file as it is DC so it should resolve it

But I wish to know what step or doings I am missing from DC side that I am not able to ping linux machine by its hostname.

Please suggest.

Thanks.