Monday, December 16, 2013

Lab # 3 - Active Directory Preparation

In this Lab
  1. We will create the top level OU (UNIX) in our Active Directory and we'll delegate control to the UNIX administrator
  2. We will create the SubOUs  (Licenses, Zones, Roles, UNIX Groups, Servers and Computer Groups)
  3. We will create the AD Security Groups for Roles and Computer Groups
Create the top level OU (UNIX) and delegate control to the UNIX administrator

  1. Log on to CLIENT1 with Bryant Wheeler (Windows Administrator)
  2. Press Start-All Programs-Administrative Tools and click Active Directory Users and Computers (ADUC)
  3. On the left pane, right click the corp.contoso.com domain, select New-Organizational Unit
  4. Name it UNIX and Press OK
  5. In the View Menu, select Advanced Features (this enables the Security tab)
  6. Right-click the UNIX OU and select properties.   Go to the Security tab and click the Advanced button
  7. In the Permissions tab, click Add. In the Object name box, type Jessie.Matthews and click check names (this resolves the name) press OK.
  8. In the permission entry Window, check the Full Control box under the Allow column, and press OK 3 times.
  9. Close ADUC and log off CLIENT1
At this point Jessie the UNIX administrator has delegated access to this OU.  This will allow him to create objects and join systems under that OU. 

Create the SubOUs  (Licenses, Zones, Roles, UNIX Groups, Servers and Computer Groups)

  1. Log on to CLIENT1 with Jessie Matthews (UNIX Administrator)
  2. Press Start-All Programs-Administrative Tools and click Active Directory Users and Computers (ADUC)
  3. On the left pane, expand the corp.contoso.com domain, click the UNIX ou select New-Organizational Unit
  4. Name it Licenses and press OK.  Repeat the same steps for these OUs:
Licenses: container to store the Centrify license object  (already created)
Zones: zones are like folders that hold systems, users, groups and authorization data.
Servers:  to store the computer objects and to link the OU.
Roles:  to store the AD security groups that will be assigned roles
UNIX groups:  to store the AD security groups that will map to UNIX groups
Computer Groups:  to store the AD security groups that will group systems.

Create the AD Security Groups for Roles and Computer Groups
  1. Right-click the Roles OU (under UNIX) and select New-Group.
  2. Name it UNIX Super Users and press OK.
  3. Right-click the Roles OU (under UNIX) and select New-Group.
  4. Name it UNIX Regular Users and press OK.
  5. Right-click the Computer Groups OU (under UNIX) and select New-Group.
  6. Name it UNIX Database Servers and press OK.
  7.  Right-click the Computer Groups OU (under UNIX) and select New-Group.
  8. Name it UNIX Web Servers and press OK.

No comments:

Post a Comment