hierarchical：階層型 implement specific configurations：特定の構成を実装できるようにする can also be userd to define：定義する為に使用できる
If we want to same setting, we can use Group Policy.
If we don’t use DHCP Server, we have to set IP address to all clients. to select an unused IP address：未使用のIPアドレスを選択する dynamically allocate：動的に割り当てる
This mark means exclusion. If we know hostname (computer name), we can search IP address.
decentralized naming system：分散ネーミングシステム nslookup proxy, nslookup www.google.co.bw 126.96.36.199 : Computer understands. But people are difficult to understand. www.google.co.bw : People are easy to understand.
description format：記述形式 com, co : commercial ac : academic go : goverment
The part surrounded by a circle is called a domain. Each domain has a DNS server. Check DNS server setting screen.
• VMware ESXi Server (Primary/Secondary)
- Domain controller (ocaat1) … DHCP/DNS Server
- Domain controller (staff1) … DNS Server
- Domain controller (student1) … DNS Server
• File Server (for staff/student)
• Backup Server
• WSUS Server
• Terminal Server 1/2
Domain controller & Active Directory
•Domain: A mechanism for managing
computers and users in a company as a
•Domain controller: a server that provides
•Active Directory: Name of function group
(brand name) provided by Microsoft
centered on domain function 4
About Organization Unit (OU)
Organization Unit :
Something like a folder to store various objects of Active
Our staff domain controller has three OUs as below.
Start -> Active Directory Users and Computers
- OCAAT GROUPS
- OCAAT ACCADEMIC OU
- OCAAT NON-ACCADEMIC OU
How to add user account 1
Action menu -> New -> User
• Type First name & Last name: John Brown
• Type User logon name: jbrown
• Click Next
• Type Password: ******
• Click Finish
How to add user account 2
• (User profile) Logon script: WKIX32.exe loginscript.kix
• (Home folder) Connect: O:
Member of tab:
• Click Add
• Type object name: ICT SUPPORT
• Click OK -> Click OK again
about logon script 1
• A series of instructions the client machine follows each time
the user log on.
• Describe the processing to be executed at logon.
about logon script 2
if ingroup("ICT SUPPORT")
; INFORMATION TECHNOLOGY SUPPORT
shell 'net use O: "nx3000staff.staff1.XXXXX.ac.bwMANAGEMENT_HOME$%username%"'
shell 'net use P: "nx3000staff.staff1.XXXXX.ac.bwSTAFF_SHARE$"'
shell 'net use R: "nx3000staff.staff1.XXXXX.ac.bwICT SUPPORT$"'
If group is “ICT SUPPORT”, execute below command line.
net use command: Map shared folder to local drive
nx3000staff: Staff File Server
How to add user account 3
Make personal share folder
• login File Server (nx3000staff)
- Open Explorer
- Folder: D:STAFFSTAFF HOME DIRECTORYMANAGEMENT_HOME
- File: jbrown
•File server is a server installed for sharing
files over a network such as LAN or WAN.
Make share folder
•Login File Server
•Right-click folder -> Click Properties
•Select Sharing tab -> Advanced Sharing
•Check “Share this folder”
•Click Permissions -> Add Share
Group Policy 1
• Group Policy is a hierarchical infrastructure that
allows a network administrator in charge of
Microsoft's Active Directory to implement specific
configurations for users and computers.
• Group Policy can also be used to define user,
security and networking policies at the machine
Group Policy 3
•Minimum password length : 6
•proxy settings : 10.XX.29.6 3128
•Schedule : At 11:00 PM every Friday of every
/f /s /t 600
•Home page: http://www.ocaat1.ce.ac.bw/
DHCP Server 1
•DHCP (Dynamic Host Configuration
Protocol) is a function to select an unused
IP address and dynamically allocate it to
DHCP Server 2
•Start -> DHCP
•We have four Scope
- 10.XX.24.0/22 (Students)
- 10.XX.29.0/25 (Default)
- 10.X.29.128/25 (Miscellaneous) *not use
- 10.XX.30.0/23 (Staff)
DHCP Server 3
Address Pool: Available IP address range
Address Leases: Address Lease Status
Reservations: IP address can be reserved
Scope Options: Configuration Router/IP PHONE
DNS Server 1
•The Domain Name System (DNS) is a hierarchical
decentralized naming system for computers or
other resources connected to the Internet or a
•It serves as the phone book for the Internet by
translating human-friendly computer hostnames
into IP addresses.
•For example, the domain name www.google.co.bw
translates to the addresses 188.8.131.52.
DNS Server 2
The description format that combines host name and domain name like
"www.google.co.bw" is called Fully Qualified Domain Name (FQDN).
www. google. co. bw
Host name Domain name
Top Level Domain (bw,jp,com,etc)
Second Level Domain (co,ac,go,etc)
Third Level Domain
(company name and organization, etc)
Forth Level Domain (hostname)
DNS Server 3
<Name resolution flow>
1. Ask ocaat1’s DNS Server
2. If ocaat1’s DNS Server don’t know, ask /(root) DNS Server.
3. /(root) domain DNS server queries bw domain.
4. Bw domain DNS Server queries co domain.
5. Co domain DNS Server queries google domain.
6. Google DNS server will answer IP address.