Domain Controller (Active Directory) Setup
Introduction
There aren't any guidelines or instructions on the functioning of the Uplevel Domain Controller because it acts essentially identically to a conventional Microsoft Domain Controller from the standpoint of workstations. Microsoft offers a variety of online guides, including: https://docs.microsoft.com/en-us/windows/win32/ad/active-directory-domain-services
Setup:
Creating a Domain is straightforward, yet dissimilar enough from MS Server that using it, for the first time, can be disorienting. We can gladly join you on a video call to assist you with domain configuration and testing.
- Connecting a Gateway to the Internet
- Connecting a host computer to the Gateway
- Logging in to the Uplevel Portal
- Creating a Domain in the Portal > Directory section
- Adding a Computer to the Domain - Portal > Directory > Computers tab
- Creating a User - Portal > Directory > Users tab
- Joining a Computer to the Domain - Microsoft Documentation
- Logging in as a Domain User
In the Portal > Directory > Computers Tab, enter the hostnames of all computers that will be joining the domain. To find the hostname, type 'hostname' into the CMD or PowerShell prompt. Operating Systems
To join a Domain, you do not need to install any software. In any operating system, you will use the normal setup techniques for joining Domains:
- Windows Professional
- OSX
- Linux
- Android
- IOS
Windows Home Edition does not support Active Directory in any way. You must have a Widows Pro or Enterprise license to join a domain.
Administration (Microsoft RSAT toolset):
Starting with Windows 10 October 2018 Update, RSAT is
included as a set of "Features on Demand" in Windows 10 itself. Installation instructions are available on the Learn Microsoft Site or install all RSAT snap-ins with a single command.
From an Administrator Powershell you can install all RSAT tools with a single command:
- Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
You'll use the same administration tools you're used to for day-to-day administration and configuring common Microsoft Domain Controller services, Microsoft Remote Administration Tools (RSAT), to configure all Active Directory and Domain features. You will only use the Uplevel Portal to add Users and add Computers. Once a User and a Computer are added to the Directory you will use the RSAT ADUC (Active Directory Users and Computers) snap-in to manage all aspects of the account.
From the LAN side the Uplevel's Directory looks and feels just like Microsoft's Directory. You
join your workstation to the domain with any domain user credentials and then
log in.
We recommend installing these RSAT tools, at the minimum, to manage your Domain:
Directory Settings
Domain Admin
From the Director Settings window you will need to create the password for your domain_admin user. Once you have set the domain_admin credentials you will be able to manage all aspects of your domain from the RSAT tools. It is best practice to never join a domain with a user in the "Domain Admins", you will only want to open the RSAT tools as a "Domain Admin" using the runas command to open a program as another user.
Common Group Policies:
- Folder Redirection
- Mobile Profiles
- Granular Directory Permissions
- Enable Audit Logs
- Password Policy
- Screen Lockout Time
- Account Lockout Policy
- Restrict access to the command prompt and PowerShell
- Limit access to Control Panel options
- Limit who can install software
- Turn off forced restarts
- Monitor Changes to GPO Settings
- Block Microsoft Store
- Limit access to the Registry
- Centrally manage Windows Defender Firewall
Limitations:
The
Uplevel Directory can perform almost everything that a Windows Server
in a small business context can do. There are some limitations - we
don't support multiple domain forests, syncing with Azure AD isn't yet
supported, and primary/secondary domain controller relationships are
still in the works - but we haven't yet encountered anything significant
in the small business environment that the Uplevel Directory couldn't
handle.
Related Articles
Active Directory GPO - Folder Redirection
Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview If you deploy roaming user profiles with folder redirection in an environment with existing local user profiles, ...Active Directory GPO - Folder Redirection
Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview Introduction When a user with the folder redirection GPO logs into a Domain joined host, a copy of their directories ...Active Directory GPO - Roaming Profiles
Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles Introduction A roaming user profile is a file synchronization concept in the Windows operating system that allows users ...Active Directory - Export Microsoft Domain to CSV File
How to Export User Accounts Using Active Directory Users and Computers You'll be happy to know you can easily export all Active Directory information through the GUI ADUC or with a Powershell script. You only need to open ADUC, navigate to your ...Azure vs. Uplevel Active Directory
Portions of this article are from the Blog post on our website - https://www.uplevelsystems.com/blog/uplevel-ad-vs-azure-ad-whats-the-difference Introduction On-premises Microsoft Active Directory, Uplevel Active Directory compatible Directory ...