Installing and configuring Active Directory
For this paper, I will be using Windows Server 2003 to install and configure Active Directory. Active Directory is a way to manage multiple users with a single server. These users, when using a client of the domain, log in to the Active Directory server for authentication. This server provides information on the users privileges, groups and file access rights. Active Directory is commonly used in business places, as well as schools as a means of managing their users, employees, or students.
The first step in installing Active Directory is to install Windows Server 2003 (most versions of Windows work, though) and making sure that it runs correctly. Then you need to run dcpromo to begin the Active Directory installation.
Use the dialog boxes and windows provided to set up a Domain Controller for your new domain. You must choose create domain in new forest to set it up. As an example domain for you could use mydomain.com. Accept the defaults for Database and Log folders as well as Shared System Volume’s Folder Location.
On the DNS Registration Diagnostics page, choose Install and Configure DNS server on this computer and set this computer to use this DNS server as its preferred DNS. Depending on your range and versions of the client or node computers, you may or may not choose to allow only Windows 2000 or Windows Server 2003 access to your Active Directory server.
Be sure to enter a good password for the administrative account. It should be at least eight characters long and contain upper and lower case letters as well as numbers and symbols.
One method of keeping your Active Directory server secure is by modifying the Administrator account. This account exists on all installations and cannot be deleted; it can be disabled, however. To keep people from breaking into it, it should be renamed to something else, something inconspicuous. A false Administrator account should be created that has absolutely no privileges. This account could mislead an attacker intent on breaking into your server. Another method is making the Guest account look as if it is a real user’s account. This could possibly fend off any attacks that are able to work through the Guest account.
All administrative accounts should be added to a new organizational unit (OU). These organizational units allow you to organize users and groups and apply special security measures to each group. If you follow the above suggestions, and remember to use strong passwords and use a little common sense, your server should be safe from most attacks.