Context
A company has 3 sites, each with 1 Windows server:
- SRV-CHA (AD) in Chassignieu (company headquarters)
- SRV-VIR in Virieu
- SRV-BLA in Blandin
Each site contains 2 departments:
- Administrative
- Technical
And the headquarters contains 3:
- Management
- Administrative
- Technical
Organization Units (OU) Structure
βΆοΈSRV-CHAβββ π¨βπ¦βπ¦Managementβ βββ GG-CHA-DIRβ βββ π§CEOβ βββ π§HRβββ π¨βπ¦βπ¦Administrativeβ βββ GG-CHA-ADMβ βββ π§ADM1Cβββ π¨βπ¦βπ¦Technical βββ GG-CHA-TECH βββ π§TECH1C
βΆοΈSRV-VIRβββ π¨βπ¦βπ¦Administrativeβ βββ GG-VIR-ADMβ βββ π§ADM1Vβββ π¨βπ¦βπ¦Technical βββ GG-VIR-TECH βββ π§TECH1V
βΆοΈSRV-BLAβββ π¨βπ¦βπ¦Administrativeβ βββ GG-BLA-ADMβ βββ π§ADM1Bβββ π¨βπ¦βπ¦Technical βββ GG-BLA-TECH βββ π§TECH1BThe GG (Global Groups) link users to LGs.
They group all users from the same department.
Each user belongs to their departmentβs GG.
Shares and Permissions
βΆοΈSRV-CHAβββ πDATA-CHAβ βββ πTech-Commonβ β βββ πGL-SRV-CHA-DATA-TECH-COMMON-FCβ βββ πAdm-Commonβ β βββ πGL-SRV-CHA-DATA-TECH-COMMON-FCβ β βββ πGL-SRV-CHA-DATA-ADM-COMMON-Rβ βββ πAdm-Chassignieuβ β βββ πGL-SRV-CHA-DATA-ADM-CHASSIGNIEU-FCβ β βββ πGL-SRV-CHA-DATA-ADM-CHASSIGNIEU-Rβ βββ πTech-Chassignieuβ β βββ πGL-SRV-CHA-DATA-TECH-CHASSIGNIEU-FCβ βββ πManagement | πGL-SRV-CHA-DATA-MANAGEMENT-FCβ βββ πInvestmentsβ βββ πHRβββ πPROFILES-CHAβββ πDBASE-CHA
βΆοΈSRV-VIRβββ πDATA-VIRβ βββ πAdm-Virieuβ β βββ πGL-SRV-VIR-DATA-ADM-VIRIEU-FCβ β βββ πGL-SRV-CHA-DATA-ADM-VIRIEU-Rβ βββ πTech-Virieuβ βββ πGL-SRV-VIR-DATA-TECH-VIRIEU-FCβββ πPROFILES-VIRβββ πDBASE-VIR
βΆοΈSRV-BLAβββ πDATA-BLAβ βββ πAdm-Blandinβ β βββ πGL-SRV-BLA-DATA-ADM-BLANDIN-FCβ β βββ πGL-SRV-CHA-DATA-ADM-BLANDIN-Rβ βββ πTech-Blandinβ βββ πGL-SRV-BLA-DATA-TECH-BLANDIN-FCβββ πPROFILES-BLAβββ πDBASE-BLAWe will use the above topology for this entire practical work.
The steps detailed below indicate the procedure to follow to create each element.
Creating an OU
OU Organizational Unit is an element in Active Directory that allows us to manage a set of elements.
In the diagram above, we can see there are βsub-Organizational Unitsβ:
For example: The user: CEO is located in SRV-CHA > Management
So in the sub-OU Management which depends on SRV-CHA
- Go to server
SRV-CHA(active directory):
Creating a GG
A Global Group allows grouping one or more users.
Creating a User
Creating an LG
LG (Local Domain Groups) apply rights to resources.
FC Full Control
R Read
Creating the βDATAβ shared folder
Enable Access-based Enumeration
Enabling enumeration shows only the folders that the user has access to.
Linking a User to GG
Linking a GG to LG
Applying an LG to Shared Directory
Allows applying permissions to the shared path.
Base Folder
The base folder is simply an empty directory for each user, where they can store their documents for example. This folder is in a shared path.
Create network share
Link base folder to user
Mapping Network Drives
Each user will automatically map 3 network drives to their session (common, partitioned, and base folder, depending on their location), using the script assigned to them:
Chassignieu:
net use Y: \\SRV-CHA\DATA-CHA$Note
Contains only 2 since both Common and Partitioned folders are in DATA-CHA
Virieu:
net use Y: \\SRV-CHA\DATA-CHA$net use Z: \\SRV-VIR\DATA-VIR$Blandin:
net use Y: \\SRV-CHA\DATA-CHA$net use Z: \\SRV-BLA\DATA-BLA$Example: Letβs take the example of a user in Blandin:
-
X:will contain the shared directory\\SRV-BLA\DBASE-BLA$\USER_NAME -
Y:will contain the common shared directory\\SRV-CHA\DATA-CHA$(user will only see folders where they have access (minimum read) from the common share). -
Z:will contain the shared directory\\SRV-BLA\DATA-BLA$if Iβm in Blandin (user will only see folders where they have access (minimum read), site partitioning).
Create scripts
Link script to user
Roaming Profiles
Roaming Profiles facilitate machine or location changes. The user profile is stored remotely on a shared directory.
Create shared directory
Link profile to user
Testing a Domain User
Warning
You must be a local administrator of the machine to join the domain.