• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

PROJECT LOG Qubit’s Mini Data Centre Project for 2011

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
qubit

qubit

Registered
Joined
Dec 12, 2010
Location
The quantum well (UK region)
And by mini, I mean a full-on Active Directory implementation with Exchange Server, at home. Welcome to my project!

Why am I doing this? I work in IT support (desktop and Helpdesk) and our organization uses Active Directory. I got sent on a Windows 2003 server course a while ago that explained the basics of AD and I got interested in it, so I want to learn more. Therefore, what better way than to be your own enterprise admin at home? I’ve got various books on this now, see the full book list, below.


The Mission

To run Server 2008 Datacentre running these roles in an AD environment:

  • Exchange Server 2010
  • WSUS (Windows Server Update Services)
  • Data backup, including backups of the server installation in case of failure
  • Learn about Active Directory, Group Policy and managing servers in general (this is geeky heaven, I tell you)
  • Implement roaming profiles: see identical desktop on all computers with minimal configuration plus profile backup
  • Eventually upgrade to Server 2008 R2 Datacentre
  • Implement anything else on the way that seems worthwhile
  • The server hardware will reside in the same room that I sleep in (studio flat) so will have to be very quiet if it’s to be left on 24/7 like I intend to. Using quiet fans and hard drives is a must and I have these.

Current Status

I have previously subbed to Microsoft TechNet, so I have downloaded all the high-end software that comes with that subscription, including multiple keys for a genuine and permanent Windows Server 2008 (or R2) Datacentre installation.

I’ve read up on DNS (heavy subject!) and Active Directory (even heavier) and I understand all the principles now. However, I peg my level of working knowledge to that of a baby crawling around and reaching out to play with things he shouldn’t. J Stop that!

I’m currently running Server 2008 Datacentre 32-bit on an old P4 Northwood with HT 2.8GHz o/c 3.5GHz rock solid stable on an Abit AI7 mobo & 2GB RAM. Windows Server is on an 80GB IDE drive and the data backup & WSUS drive is a 1.5TB WD GreenPower drive.

I’ve got a 2GHz Athlon 64X2 knocking around, but I wanted to give this old girl some use for now – and she’s not bad looking either.

All the P4 is doing at the moment is operating as a WSUS server and as a backup drive for the umpteen gigs worth of crap, err, data I’ve accumulated over the years. It’s not set as a domain controller right now.

However, I have used a couple of laptops (yes, really, for the novelty hehe) to play around with AD. So far, I’ve set them both up as domain controllers, with both of them working on the same domain. Why this configuration? Simply because I’m following the examples in the book. Next configuration will be parent-child DCs and then a forest of two or three domains. I expect to actually have only one domain for my home system, but this may change depending on requirements.


Other Stuff

Why Server 2008 and not Server 2008 R2? Because the Microsoft Press books I want only cover Server 2008. There’s no Inside Out or other major MS Press books for R2, for some reason. However, there is the Administrator’s Pocket Consultant 2nd Edition which covers R2, but that doesn’t explain things from the ground up like the Inside Out book does. Therefore, I’m sticking with the older OS for now.

I’ve been thinking hard about what to call my domain, but I’ve finally come up with a name. I like cats, so I think I’ll call it tabby.cat Cute, huh?
Also, skynet.t2 or cyberdyne.t2 from the Terminator films are tempting me…

Internet security: I run Kaspersky Internet Security on my main PC. Unfortunately, neither this nor any other standard consumer security software will run on a server OS, presumably because they want to charge one a lot more for the privilege of running a “professional” product just for servers. Any suggestions for security software appreciated, especially free ones.


BOOKS (all Microsoft Press)

Windows Server 2008 Inside Out
Windows Server 2008 Administrator's Pocket Consultant 2nd Edition (updated for Server 2008 R2)
Active Directory Resource Kit (covers Server 2008)
Windows Group Policy Resource Kit (covers Server 2008)
Microsoft Exchange Server 2010 Inside Out
Windows PowerShell 2.0 Administrator's Pocket Consultant

As you can see, these are pretty heavy reads, so it will take time and dedication to get through these thousands of pages and become proficient. Perfect for a project. :D

Happy New Year everybody! :)
 
This is similar to what I did in virtual machines on my server. If I had a copy of Windows that would allow me to add it to a domain, I would have attached my desktop to it as well. Good luck with the project, these are always the best ones. :thup:

If you have the hardware to run a few VM's, you may want to consider using those for a test environment. Gives you a few more machines to work with. As a challenge, you should attempt to add linux systems as well, or even let one be the domain controller or part of the forest (Kerberos).
 
Thanks thideras. This thread has been languishing without interest for three days and I didn't think anyone would reply. :cry:

Anyway, I hadn't thought of using Linux on the domain, it would be cool and using Linux as a domain controller would be surreal. :D I'll find the best books for Linux when the time comes.

Indeed my hardware is powerful enough to run some VMs and I've done so in the past - see sig specs. I will certainly do that if I need to explore domains further and I need more computers. Now, how about joining a VM to a domain controller on a real PC? That would be cool. :)

I would have installed R2 straight off to have the latest, but unfortunately, given that all the books, except for one reference refer to the older version and most of my hardware is 32-bit, I have to start with the older version.
 
The best books on linux are on the internet. There is a ton of information freely and widely available.
 
Last edited:
Ok, here's a little update, people.

I'm doing little bits here and there, in between all the other things in life, so it's going at a leisurely pace.

Server is now a domain controller, managing the tabby.cat domain. There are no backup DCs or backup DC install media for this domain. Yet.

Discovered the hard way that non-admin accounts cannot directly log onto a DC. Took a while to figure that one out from the cryptic error message about an invalid login method that referred me to my administrator, lol.

I don't need advanced security from internal threats in my home, so I have it switched off. This means that on my regular Windows 7 machine, I log in with an admin level account, which has no password and Windows is configured to boot straight into it, using Control Userpasswords2. Very convenient, as you can imagine.

However, this doesn't quite work on the DC, even though I've switched off password complexity in the domain default group policy. At bootup, it reports "The user name or password is incorrect." Clicking ok and pressing Enter at the password prompt reports the same thing. I have to click on Switch User and then log in with that account, pressing Enter for a blank password and then it goes in.

Not sure how to get round this one, but it might be more forgiving logging in with a computer joined to the domain. I don't have any at the moment and it will be a little while until I get round to it.

Incidentally, I don't have any backup for the DC at the moment, so I wonder what would happen if a PC was joined to the domain and the DC died? Is there any way to remove that orphaned PC from the dead domain? I have a feeling that a reformat and install is the only answer...

Fear not however, as this is currently my exercise book for learning and not a "production" machine, so if anything dies, it doesn'really matter.
 
Last edited:
Typically, passwords are required on domain controllers as well. They are not configured for passwordless access. Set up your administrative account with the format listed above and a relatively complex password for best results. The password behavior can be set through domain controller policies, if necessary.
 
You can set up a local acct to log on to the BOX but you will have to authenticate against the domain to do Domain related tasks.

If the DC died, and you didnt have a backup DC (DC1, DC2), the systems would use cached credentials until either you either removed them from the domain, you added them to the new domain, or GP caused issues relating to password expiration etc..

One thing you might want to play with in your whole experiment is, setting up a couple VM's to handle the various tasks. That way you have the ability to almost instantly replace one, your failover changes from ~hours to minutes, and you can learn VM's at the same time.
 
Thanks for all the replies people. This project is going at a really glacial pace right now, which is why I've had no activity on here.

thideras said:
How do you have the username specified? Going off the Microsoft knowledgebase article here (search the page for "domain"), you need this format:

domain\username
Click to expand...

It was indeed domain\username and I eventually found the GP to allow non-admin accounts to log onto a DC.

Xaotic said:
Typically, passwords are required on domain controllers as well. They are not configured for passwordless access. Set up your administrative account with the format listed above and a relatively complex password for best results. The password behavior can be set through domain controller policies, if necessary.
Click to expand...

Of course, this would be there default config, given the environment they're designed for. I tried to set it up for booting straight into the administrator account, like on the Win7 box, but it's not quite working: it demands a login. Haven't sorted that one out yet, but I'm sure it's another obscure domain GP setting I have to uncheck somewhere. I had a look, but I have to read up further on how GP is applied to domains.

For home use, I really do wanna set this up for max convenience. Doing this also teaches me about boundary conditions that one wouldn't normally see with domain controllers (and I'm always interested in boundary conditions for anything) and also challenges me to resolve the odd responses one gets from opening up the system so completely. And if it all goes south, I can always wipe the PC and start over! Heck, it's a bit of geek fun!


Adragontattoo said:
You can set up a local acct to log on to the BOX but you will have to authenticate against the domain to do Domain related tasks.

If the DC died, and you didnt have a backup DC (DC1, DC2), the systems would use cached credentials until either you either removed them from the domain, you added them to the new domain, or GP caused issues relating to password expiration etc..

One thing you might want to play with in your whole experiment is, setting up a couple VM's to handle the various tasks. That way you have the ability to almost instantly replace one, your failover changes from ~hours to minutes, and you can learn VM's at the same time.
Click to expand...

But can you take a PC off the domain, if that domain is permanently unavailable? I'm curious about this. And yes, I know I can google it, or search the MS KB or read my resource kit book on AD! :)

Those VMs are a very good idea. I've got experience with Virtual PC, so I'll (eventually) set up a couple of servers using it.
 
qubit said:
Thanks for all the replies people. This project is going at a really glacial pace right now, which is why I've had no activity on here.



It was indeed domain\username and I eventually found the GP to allow non-admin accounts to log onto a DC.



Of course, this would be there default config, given the environment they're designed for. I tried to set it up for booting straight into the administrator account, like on the Win7 box, but it's not quite working: it demands a login. Haven't sorted that one out yet, but I'm sure it's another obscure domain GP setting I have to uncheck somewhere. I had a look, but I have to read up further on how GP is applied to domains.

For home use, I really do wanna set this up for max convenience. Doing this also teaches me about boundary conditions that one wouldn't normally see with domain controllers (and I'm always interested in boundary conditions for anything) and also challenges me to resolve the odd responses one gets from opening up the system so completely. And if it all goes south, I can always wipe the PC and start over! Heck, it's a bit of geek fun!




But can you take a PC off the domain, if that domain is permanently unavailable? I'm curious about this. And yes, I know I can google it, or search the MS KB or read my resource kit book on AD! :)

Those VMs are a very good idea. I've got experience with Virtual PC, so I'll (eventually) set up a couple of servers using it.
Click to expand...

Assuming that you have someone listed as domain admin already on the system? Yes.

It is no different then pulling someone off the domain from offsite.
 
You must log in or register to reply here.

Similar threads

CYRIX
Wrong RAM memory recognition
Replies
3
Views
606
freeagent
freeagent
BROOKLYN ZOO
coldboot (warmboot) issues @ R7-5800x | B550 Aorus Elite V.2 rev.1.0 | AGESA 1.2.0.5
2
Replies
31
Views
952
EarthDog
EarthDog
D
New Laptop this year
Replies
8
Views
420
Dravenspur
D
Kenrou
Microsoft Will Offer Extended Support For Windows 10 IF YOU PAY
2
Replies
26
Views
722
Woomack
W
Nimblor
Fractal Design R5 hard drive cooling?
Replies
10
Views
349
Nimblor
Nimblor
Back