To all the IT professionals of bit-tech, Does anyone know of any decent resources or knowledge bases for active directory that may be helpful for someone who isn't all that familiar with AD? Book suggestions are also fine! I understand the concepts behind it, and I've helped develop policies at my old work, but I've never actually gone through creating a domain and managing it myself. I've been using Google and gone through a lot of the Microsoft documents, but I feel like there is a lack of depth in specific areas. It's a bit overwhelming to be honest! For details, we're planning on setting up our AD DC's in the cloud, specifically Amazon EC2 instances. We've already got an instance configured and running windows server 2012, and I've set up our domain controller and whatnot. In order for our offices to authenticate we're going to have to set up a VPN from our offices to the instance. We have under 100 employees, so including devices we're still under 200. Internet wise, I'm not sure on our exact links but I don't think those will be an issue. Our infrastructure guy will handle the VPN and security, but they want me to help set up and manage the AD and our policy management. I've told them I've no experience with it, and they're giving me the opportunity to mess around with a test instance to do some learning. We're planning to do a test trial with a few computers as a proof of concept before we even start looking at a real forest for the company. Any resources or suggestions would be greatly appreciated.
Do you have AD at the moment? How many offices & how many people in each? It's a big project and certainly something I wouldn't want to be doing as my first AD project For learning things there's the Microsoft Academy online with videos etc
from what I read have you made a second domain on the cloud or have you joined it to your existing domain?
Our office in Toronto is about 75 people, our office in Dublin is probably under 10 people, and a few people who travel / work out of New York. We don't have an existing domain, we want to host ours in the cloud. We're doing a proof of concept with one hosted on an Amazon EC2 instance currently. I've set up our domain, promoted it to a controller and added 1 test user. Until we set up a VPN to it we can't actually test to see if it will authenticate. After that I'll need to learn how to do the group policies and organizational units. I've talked to our infrastructure guy and he's going to help me designing our hierarchy and he'll take care of all the security / vpn stuff. As I said, they've decided to let me "take a stab at it" even though I've told them I've no real experience with creating and setting it up, and it's a bit intimidating / daunting. They're willing to take their time with it and I've got lots of spare time where I can do some research during work hours. I wish it was as simple as creating a local domain here at our head office where I had a physical server I can mess with and test, as it would be much easier to extend a current setup into the cloud. The other offices are too small for extra DC's at their locations and the infrastructure guy and CEO believe we really only need 1 DC with a back-up server. @saspro thanks for the suggestion, I'll take a look into that today!
You really want a local DC at the sites as well, if not VPN down or lack of internet means people can have an issue logging in. You'll also have issues where the DNS of the network has to point at the EC2 server for login so DNS resolution will be slower surfing the web
I'll see if I can get them on board with having an onsite DC at least for our main office, then just link the DC's with trusts through a VPN. The EC2 instances, we'd probably have a backup DC in another availability zone.
I would be seriously surprised if you couldn't find a good book on it here. http://blogs.msdn.com/b/mssmallbiz/...server-lync-2013-system-center-azure-clo.aspx Might be useful for your archives too, saspro.
Make it abundantly clear that an internet outage means no ability to log in for a good chunk of users. Some will be able to use cached credentials, others won't. Also, as to make AD work properly it really needs to be your DNS resolver, you'll have Internet access issues, unless you set a secondary resolver.
@Zoon, they've told me we have a DNS resolution in place already. We host servers in a variety of geographic locations, and we have a second ISP in case the first were to go down. They understand the implications of going to the cloud, so now it's just a matter of really learning the guts of AD and policy management. For now we just need the basics of user policy management. Down the road we'll do some end point protection through AD and logging. Essentially we're using it for user identification. I brought up my inexperience with it today during our meeting and everyone seemed fine with just letting me do some research and self-learning for our trial run, and we have one employee who helped with a deployment back on windows server 2000 (I realize it's kind of like comparing apples and oranges but at least he has some knowledge of the process).
Setting up a functional DC and AD isn't really that hard. Maintaining it, adjusting it and tweaking is what requires understanding. I'd hit some basic books if I were you. Skip over the stuff you understand already and dive into anything else. I took some classes and finished the first exam (out of three) for MCSA. MS is pushing Skillpipe I think for their courses, at least that's what my school used. Pretty sure you can buy any and all books from there and then you'll have them in digital form and able to look anything up with relative ease if you need it. I'm in networking and not an expert on AD at all but like to think I know what it takes to get the basic/intermediate understanding of the work you have ahead of you. I'd recommend some Hyper-V machines set up for practice, and in fact you could setup an entire domain on VM's as a test to play with. I had 2 DC's setup with some clients while taking that course I did, and used it a lot before that exam I took. Doing it at on your work computer or at home is less stressful and if you make backups on moments when your good with the setup you can mess up freely without worrying about losing stuff. Hands on is the most important thing to have. Seems to me you've got a shot here at your work and if you dive into it you'll do fine. They seem to believe in you and its up to you to grab it mate. Very best of luck to you mate and I hope this goes well for you
If your client's aren't pointing at your DC's for DNS resolution then there's a very, very high chance they won't be able to log in or authenticate against anything. Which means adding all your forwarders, stubs etc to your AD integrated DNS zone. I'd seriously recommend getting a consultant in to help you with this
