How to know my AD installation proper

We all know how to install ActiveDirectory.Installation some times only few clicks to finish,but how will know AD installation is proper.

Once the installations compleate check Default shares are working

c:\>net share
NETLOGON
SYSVOL

In services.msc unique services for Active directory Key Distribution Center (KDC) will be running

What is KDC?
_____________
The Key Distribution Center (KDC) is implemented as a domain service. It uses the Active Directory as its account database and the Global Catalog for directing referrals to KDCs in other domains.

As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services:

* Authentication Service (AS)

This service issues ticket-granting tickets (TGTs) for connection to the ticket-granting service in its own domain or in any trusted domain. Before a client can ask for a ticket to another computer, it must request a TGT from the authentication service in the client’s account domain. The authentication service returns a TGT for the ticket-granting service in the target computer’s domain. The TGT can be reused until it expires, but the first access to any domain’s ticket-granting service always requires a trip to the authentication service in the client’s account domain.

* Ticket-Granting Service (TGS)

This service issues tickets for connection to computers in its own domain. When clients want access to a computer, they contact the ticket-granting service in the target computer’s domain, present a TGT, and ask for a ticket to the computer. The ticket can be reused until it expires, but the first access to any computer always requires a trip to the ticket-granting service in the target computer’s account domain.

The KDC for a domain is located on a domain controller, as is the Active Directory for the domain. Both services are started automatically by the domain controller’s Local Security Authority (LSA) and run as part of the LSA’s process. Neither service can be stopped. If the KDC is unavailable to network clients, then the Active Directory is also unavailable—and the domain controller is no longer controlling the domain. The system ensures availability of these and other domain services by allowing each domain to have several domain controllers, all peers. Any domain controller can accept authentication requests and ticket-granting requests addressed to the domain’s KDC.

The security principal name used by the KDC in any domain is “krbtgt”. An account for this security principal is created automatically when a new domain is created. The account cannot be deleted, nor can the name be changed. A password is assigned to the account automatically and is changed on a regular schedule, as are the passwords assigned to domain trust accounts. The password for the KDC’s account is used to derive a cryptographic key for encrypting and decrypting the TGTs that it issues. The password for a domain trust account is used to derive an inter-realm key for encrypting referral tickets.

All instances of the KDC within a domain use the domain account for the security principal “krbtgt”. Clients address messages to a domain’s KDC by including both the service’s principal name, “krbtgt”, and the name of the domain. Both items of information are also used in tickets to identify the issuing authority. For information about name forms and addressing conventions.

Check c:\windows\sysvol have these folders created
Domain,Staging,Staging Areas,Sysvol

Under Forward lookup zone in DNS has SRV Resource Records

_msdcs
_ Service ._ Protocol . DcType ._msdcs. DnsDomainName

SRV Records Registered by Net Logon

_ldap
_ldap._tcp. DnsDomainName
_ldap._tcp. SiteName ._sites. DnsDomainName

_gc
_ gc._tcp. SiteName ._sites. DnsForestName

_kerberos
_kerberos._udp. DnsDomainName and _kerberos._tcp. DnsDomainName

DNSDomainName

Note:The SRV record is used to map the name of a service (in this case, the LDAP service) to the name of a server that offers that service. Windows is using LDAP resource record locates a domain controller.

Advertisements

Posted on April 12, 2011, in Uncategorized, Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: