Installing Active Directory using PowerShell involves several steps, including installing the necessary Windows features and promoting the server to a domain controller. Here’s a detailed guide: Ports Pre-requisite: Port 53 TCP/UDP — DNS Port 88 TCP/UDP — Kerberos Port 336 TCP/UDP — LDAPS Port 389 TCP/UDP — LDAP (Lightweight Directory Access Protocol) ********************************************************************************************************************************** Configure TCP/IP Uncheck IPv6 on TCP/IP settings in Windows Server, you typically go through the network adapter properties. Here’s how you can do it: PowerShell Get-NetAdapterBinding Get-NetAdapterBinding PowerShell Get-NetAdapterBinding -Name "Ethernet" Get-NetAdapterBinding -Name "Ethernet" PowerShell Disable-NetAdapterBinding -Name "Ethernet0" -ComponentID ms_tcpip6 -Confirm:$false Disable-NetAdapterBinding -Name "Ethernet0" -ComponentID ms_tcpip6 -Confirm:$false PowerShell $IPAddress = "10.1.0.4" $SubnetMask = "255.255.255.0" $Gateway = "10.1.0.1" $IPAddress = "10.1.0.4" $SubnetMask = "255.255.255.0" $Gateway = "10.1.0.1" PowerShell New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress $IPAddress -PrefixLength 24 -DefaultGateway $Gateway New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress $IPAddress -PrefixLength 24 -DefaultGateway $Gateway Set DNS Servers: PowerShell $PrimaryDNS = “168.63.129.16” $SecondaryDNS = "8.8.8.8" $PrimaryDNS = “168.63.129.16” $SecondaryDNS = "8.8.8.8" PowerShell Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses $PrimaryDNS,$SecondaryDNS Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses $PrimaryDNS,$SecondaryDNS Verify TCP/IP Setting To verify that the settings have been applied correctly, you can use PowerShell cmdlets to check the network configuration: ipconfig /all Step 1: Install Active Directory Domain Services (AD DS) Open PowerShell as Administrator: Right-click the PowerShell icon and select “Run as Administrator.” Install the AD DS Feature: Execute the following command to install the AD DS role: PowerShell Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools Step 2: Configure a New Active Directory Forest Promote the Server to a Domain Controller: Replace TIC.local with your desired domain name. Entre the DSRM Password (The DSRM password is a unique password used to access the Directory Services Restore Mode in Windows Server’s Active Directory domain services.): PowerShell Import-Module ADDSDeployment Install-ADDSForest -DomainName "Tic.local" -InstallDNS Import-Module ADDSDeployment Install-ADDSForest -DomainName "Tic.local" -InstallDNS PowerShell Import-Module ADDSDeployment Install-ADDSForest -DomainName "Tic.local" -InstallDNS SafeModeAdministratorPassword: ************ Confirm SafeModeAdministratorPassword: ************ Import-Module ADDSDeployment Install-ADDSForest -DomainName "Tic.local" -InstallDNS SafeModeAdministratorPassword: ************ Confirm SafeModeAdministratorPassword: ************ Step 3: Verify Installation Check Installation Status : After the server reboots, open PowerShell and run: PowerShell Get-Service adws,kdc,netlogon,dns Get-Service adws,kdc,netlogon,dns Check DNS Configuration: Open PowerShell as Administrator. Run the following command to check DNS settings Step 4: Optional Post-Installation Steps Create Users and Groups: Create a new user: PowerShell New-ADUser -Name "Alex Due" -GivenName Alex -Surname Due -SamAccountName adue -UserPrincipalName adue@tic.local -Path "CN=Users,DC=Tic,DC=local" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true New-ADUser -Name "Alex Due" -GivenName Alex -Surname Due -SamAccountName adue -UserPrincipalName adue@tic.local -Path "CN=Users,DC=Tic,DC=local" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true Create a new group: PowerShell New-ADGroup -Name "SalesGroup" -GroupScope Global -Path "CN=Users,DC=Tic,DC=local" New-ADGroup -Name "SalesGroup" -GroupScope Global -Path "CN=Users,DC=Tic,DC=local" Add user to the group: PowerShell Add-ADGroupMember -Identity "SalesGroup" -Members "adue" Add-ADGroupMember -Identity "SalesGroup" -Members "adue" est Domain Controller FunctionalityJoin a test machine to the “Tic.local” domain to ensure that domain controller functionality is operational.
Installing and configuring an Active Directory (AD) Primary and Secondary Domain Controller
Introduction This guide provides a detailed step-by-step process for setting up an Active Directory (AD) environment with two domain controllers (DCs). It covers the installation of virtual machines, applying system updates, configuring Active Directory Domain Services (AD DS), creating a domain forest, and ensuring proper replication between the two domain controllers. This setup ensures redundancy and enhances the reliability of the AD infrastructure. Step 1: Preparing the Infrastructure Installation of Two Virtual Machines (VMs) Create VMs on Hyper-V, Azure or your preferred hypervisor a) VM1 DC1 – Primary Domain Controller. b) VM2 DC2 – Secondary Domain Controller. c) Configure Network Settings. . d) Apply Patches to Both VMs. a) Open Settings > Windows Update b) Download and install all updates c) Restart both servers. Step 2: Deploying Active Directory Install Active Directory Domain Services (AD DS) a) Install AD DS Role on DC1. 2) Create the Active Directory Forest : for example (TIC.local) 2.1 Promote DC1 as the Primary Domain Controller. 3) Add DC2 as a Secondary Domain Controller. 3.1 Join DC2 to the Domain. 3.2 Promote DC2 as a Domain Controller. 3.3 Verify Replication. Conclusion. Step 1: Preparing the Infrastructure —Installation of Two Virtual Machines (VMs) Create VMs on Hyper-V, Azure or your preferred hypervisor a)VM1 DC1 – Primary Domain Controller 4 vCPU, 4 GB RAM, 60 GB disk Windows Server 2019 b) VM2 DC2 – Secondary Domain Controller 4 vCPU, 4 GB RAM, 60 GB disk Windows Server 2019 c) Configure Network Settings DC1: IP: 10.0.0.4 DNS: 127.0.0.1 Gateway: 10.0.0.1 DC2: IP: 10.0.0.5 DNS: 10.0.0.4 1) Apply Patches to Both VMs a) Open Settings > Windows Update. b) Download and install all updates. a) Restart both servers. Step 2: Deploying Active Directory -Install Active Directory Domain Services (AD DS) Install AD DS Role on DC1 Open Server Manager. Click Manage > Add Roles and Features. Select Role-based or feature-based installation Select the server and check Active Directory Domain Services Click Next Click Next and Install. After completing the AD DS installation, let’s create the Active Directory Forest 1) Create the Active Directory Forest : for example (TIC.local) – Promote DC1 as the Primary Domain Controller In Server Manager, click Promote this server to a domain controller. Select Add a new forest and enter ( TIC.local ). Choose Forest and Domain Functional Level: Windows Server 2016. NOTE: If you’re installing Windows Server 2025, you should set both the Forest and Domain Functional Levels to Windows Server 2025 to take advantage of the latest Active Directory features and security enhancements. Set a Directory Services Restore Mode (DSRM) password. Important Note: Ensure you remember the DSRM password, as it is required to restore the NTDS database in case of server failure or database corruption. Losing this password could prevent the recovery of your Active Directory environment. DNS delegation is not needed at this stage as no DNS server has been configured yet. For more information of DNS server check this link . click Next Enter the NetBIOS domain name (default recommended by Microsoft). Specify the database, log, and SYSVOL paths (default recommended by Microsoft). Click Next and Install Note: The server will restart automatically to complete the installation. If it does not restart by itself, reboot manually to continue. 1) Add DC2 as a Secondary Domain Controller -Join DC2 to the Domain Open System Properties. Click Change settings > Change. Enter TIC.local and provide domain admin credentials. Restart the server. Install AD DS role. Follow the steps of DC1 installation -Promote DC2 as a Domain Controller In Server Manager, click Promote this server to a domain controller. Select Add a domain controller to an existing domain. Provide credentials and select DNS Server and Global Catalog (GC). Do not select DNS delegation, as DNS will be configured later. click Next Choose Replication from: Any domain controller (default) OR A specific domain controller. Specify the database, log, and SYSVOL paths (default recommended by Microsoft) Click Next and Install. The server will restart automatically to complete the installation. If it does not restart by itself, reboot manually to continue. Verify Replication To verify Active Directory (AD) replication using the GUI, follow these steps: Open Server Manager. Click on Tools in the top-right corner Select Active Directory Sites and Services Expand Sites → Default-First-Site-Name → Servers Click on the first Domain Controller (DC1) Right-click on the Connection Object (under NTDS Settings) Select Replicate Now. A confirmation message should appear indicating success Conclusion With this setup, your Active Directory environment is fully configured for user and group management, policy enforcement, and secure authentication. To ensure long-term stability and security, it is essential to regularly monitor replication, apply system updates, and follow best practices for backup and disaster recovery Abdelhak HABIBY MCT & Expert Cloud Architect All Posts
Securing Your Data: How to Prevent OneDrive Integration with ChatGPT
Nowadays, AI tools like ChatGPT play a major role in optimizing work and improving productivity. However, when it comes to integration with cloud storage services such as OneDrive, concerns about the security of sensitive company data arise. This article guides you through the essential steps to prevent users from connecting their OneDrive accounts to ChatGPT, thereby strengthening the security of your information. Why is this important? Integrating OneDrive with ChatGPT allows users to easily access their files stored in the cloud directly from the ChatGPT interface. While this functionality can enhance efficiency and collaboration, it also presents potential security risks. Administrators must be aware that this integration could expose the organization’s sensitive data to unauthorized access. Authorization Conditions for Connecting OneDrive to ChatGPT When a user attempts to connect their OneDrive account to ChatGPT, they must give consent on behalf of the organization. The permissions requested by ChatGPT include: These permissions allow ChatGPT to access a large amount of sensitive data, which can lead to critical information exposure if security is not adequately managed. Measures to Prevent OneDrive Integration with ChatGPT Here are some key steps to prevent this integration and protect your data: Conclusion While integrating OneDrive with ChatGPT can offer benefits in terms of productivity and collaboration, it is crucial to take proactive measures to protect your organization’s sensitive data. By controlling permissions, configuring security policies, monitoring activities, and training your employees, you can minimize risks and ensure the security of your information. Abdelhak HABIBY MCT & Expert Cloud Architect All Posts