In this Lab we configured a system on a Windows server VM that provides an domain name and active directory service for my network

Prerequisites:

You should have completed "SYS255-Entry for: Lab 01 Virtual Firewall and Windows 10 Configuration", and WKS01 should be able to ping champlain.edu via the default gateway(fw01) at 10.0.5.2.

Setup notes

As the setup is quite uniform, it is contained all on 1 page:

Setup Notes

Terms

Active Directory - Active Directory Domain Services (AD DS) give a way of storying hierarchical structure information about objects on the network, also known as a directory, thereby making this information available to network admins/users. Active Directory is essentially a directory of directories. Some of the terms associated with Active Directory are:

• The schema - defines the classes of attributes and objects that are contained in the directory, limits instances of the objects, and formats names

• Global catalog - holds information about every object that is in said directory

• Query and index mechanism - mechanism for making sure that properties of objects can be published/found by network users/applications

• Replication service - essentially each domain controller containing a complete copy of directory information which can be used in other domains

(SOURCE: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview)

DNS - Domain Name System (DNS) is a database that is distributed representing a namespace. This namespace will contain all the information that a client would need to look up any name. Meaning that any DNS server will be able to answer queries about names stored within its namespace. Microsoft notes that a DNS server can answer queries in one of the following way:

• If the answer is in its cache, it answers the query from the cache.
• If the answer is in a zone hosted by the DNS server, it answers the query from its zone. A zone is a portion of the DNS tree stored on a DNS server. When a DNS server hosts a zone, it is authoritative for the names in that zone (that is, the DNS server can answer queries for any name in the zone). For example, a server hosting the zone contoso.com can answer queries for any name in contoso.com.
• If the server cannot answer the query from its cache or zones, it queries other servers for the answer.

DNS also has several important core features:

• Delegation - To answer queries, a DNS server must have a path to every zone in a namespace. Delegation is the way these paths are created. A delegation does this via a record in the parent zone that shows a name server that is the authority for that zone in the upper level of the hierarchy. Thus delegations give the ability to refer clients in one zone to other zones.
• Recursive name resolution - This is the process in which a DNS server uses delegations and the hierarchy of zones to respond to queries that it doesn't have authority for. This can be achieved by either forwarding the queries to a different server or using hints in the queries, such as IP addresses, to query the DNS root servers.

(SOURCE: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts)

A number related tech-Port 22 - Port 22 is the port used for Secure Shell (SSH) communication, for example it can allow a remote admin access to a VM. This traffic is almost always encrypted and requires password authentication. It is a TCP protocol.

(SOURCES: https://www.ibm.com/docs/en/storediq/7.6.0?topic=requirements-default-open-ports)