Network Guide

How to setup and use a Directory Service

All Windows desktops and server computers are members of a Workgroup and any uses and groups are defined on each computer, idenpendantly of each other. This is fine for single users or small networks but as more computers and more users are added, this can become unmanagable as users, passwords and groups become out of sync and cause more problems dealing with user and permissions issues.

So, a central user, group and computer database is required, this is called a Directory Service. The service stores all the users, groups and computers in one database, and looks after all authetication to the service, and authorize access to resources and it is easily managed. On Windows Servers this is called Active Directory. A Windows Server which has Active Directory Domain Services installed and configured is called a Domain Controller. All other desktop machine and servers that are joined to the domain, are members of the domain, and can make use of the domain's features.

Installing Active Directory Domain Services

To install ADDS, you need Windows Server Essentials, Standard or Datacenter editions which has this feature. When you install ADDS, it will also install DNS service as well as it relies on this for computers to communicate with the Domain Controller.

Open Server Manager, select Add Roles and Features.
Select Role-based or feature-based installation. Next.
Select server and then next.
Tick Active Directory Domain Services.
Add the required features.
Click Next a few times and then Install.
Click Close.
Open System control panel.
Click Advanced system settings.
Select Computer name, Change.
Click More, and set Primary DNS suffix e.g. mycompany.com.
Select Restart later.
In Server Manager, select AD DS in the list. It will say 'Configuration required for Active Directory
Domain Services at compunter name'.
Click on the yellow exclamation mark next the flag.
Select 'Promote this server to a domain controller.
You can do one of the following options:
1. Add a domain controller to an existing domain.
2. Add a new domain to an existing forest.
3. Add a new forest.
For a new domain in a new forest, select add a new forest.
Enter the name of the new forest e.g. mycompany.com,
Select options for the new domain, in most cases the defaults will be fine
Enter password for administrator for DS Restore Mode.
If DNS is already installed or no DNS service is found, note the warning about delegation.
Check NetBios domain name and click next if okay.
Check paths for AD DS database, logs and Sysvol.
Review options, check prequisites and continue installation.
You can use the following consoles to manage your domain.
1. Active Directory Users and Computers
2. Active Directory Domains and Trusts
3. Active Directory Sites and Services
4. Active Directory Schema
5. Active Directory Administration Console

Installing Directory Service for Unix or Linux

The directory services for Unix or Linux systems is called OpenLDAP (or slapd). It uses most of the technologies used in Active Directory including LDAPv3 (X.500), Simple Authentication and Security Layer (SASL) ,Start TLS, and so on. This service can easily managed via a web interface called php ldap admin.

Install the package using whatever method suitable.
1. A package manager.
2. Enter apt-get update; apt-get install sldapd ldap-utils (Linux Mint, Ubuntu, Debian)
3. Enter yum update; yum install openldap compat-openldap openldap-clients openlda-servers openldap-servers-sql (see Centos)
Configuration files can be found in /etc/ldap or /etc/openldap.
1. ldap.conf - Main ldap configuration.
  1. Set a certificate.
  2. Set DNS domain name.
  3. Set Organization name.
  4. Enter administrator password.
  5. Select the backend HDB database (slapd).
Start the service.
1. service sldapd start
2. systemctl restart sldapd
Use the web frontend to add new users or groups.