Share via

AD DS ko install krain Microsoft Windows Server 2016 Urdu Hindi zuban me (UR-HI)

  • Article

Umeed ha ap sb theek hn gy

Is article me ap ap ko btau ga

  • Workgroup 
  • Domain 
  • Why Microsoft 
  • Why not Linux 
  • Windows Server Security 
  • Create a Domain Environment

Workgroup
Jese Figure show ho rahi ha 1.1 humarey pas aik bus topology hai r is me 8 systems T-connector k sath connect hain. Koi b system kuch b independently kuch b kr skta ha jo b us ka user chahey. Hum ko pta ha k ager hum koi system use krna chahain to us k liye lazmi us computer ka user hona chahiye bgair user k hum us system ko use nahi kr pain gy. Hum assume krtey hain k humarey pas 8 computers k 1 network ha. Hum ne system1 p user create kiya jis ka nam "Cortana" rakha. Ab ager Cortana ager system2 ya kisi b system p login hona chahey system1 k ilawa wo login nahi ho skta. Ager hum ko un systems p b login krna ho to waha b same name ka user bnana ho ga wrna login nahi kr pain gy. Pr ager kisi waja sey humara system1 he kisi waja sey bnd ho jata ha to hmara network he kam nahi krey ga hum i msley ko Figure 1.2 me solve krtey hain

**                                                                              Figure 1.1**

Ager hum aik shared folder system4 p bnain r us ko as a database use krain r sbhi systems usi database sey authenticate hn phir hw wo login ho sktey hain age kisi usey ne galat credentials diye hain to wo login nahi kr paye ga. Lakin ager humarey network me 400 users hn r 1 user create krney me 1 minute lgta ho to total time 8 hours or 20 minutes lg jain gy jb k humara job time 7 hours ka hota ha mtlb k 2 din me sirf uses he create krain gy ager hum ko Group Policy lgain ho sbhi systems p, security permissions implement krni ho ya Windows updates install krni ho to hum ko physically uth k jana prey ga r akeley akeley system p installation krni prey gi.

**                                                                                  Figure 1.2**

Workgroup me passwords humarey SAM database file me save hotey hain (Security Account Manager)
NTLM protocol authentication k liye workgroup me use hota ha (New Technology LAN Manager)
Ye aik Decentralized Database, Authentication separately r sbhi systems independent systems hain.

Domain
Jesa k ap dekh sktey hain hum ne aik system ki jga server lga diya ha ab sbhi systems server machine sey authenticate hn gy r user hum server p create krain gy r usey porey network me kahi b login kr pain gy. Ab ager 400 user create krney hn to wo seconds me create hn jain gy. Ager password change krna ho to sirf server sey beth k right click kr k reset password p click kr k password change kr pain gy. Group Policy b hum Server sey beth k he implement kr pain gy. Hum Windows updates b install kr pain gy Windows Server sey built-in role WSUS (Widnows Server Update Services) sey. Server sey sbhi client machines p updates b install ho jain gi.

**                                                                                    Figure 2.1**
**
**Domain me humari domain AD DS (Active Directory Domain Services) hoti ha r shbi users AD DS sey he authenticate hotey hain
NTDS.DIT database file ha (New Technology Directory Services Directory Information Tree)
Centralized authentication hoti hai through Kerberos protocol

Is k mazeed ye b nam hain

  • Dependent on Windows Server
  • Client Server Model 
  • Centralized Database 
  • Centralized Management 
  • Centralized Authentication
  • Centralized Authorization

Why Microsoft
Microsoft dunia ki sb sey bari IT company ha, jo k humey hardware r software product dy raha ha. Microsoft Operating System me ye khasiat ha k ager koi error b ajaey ya koi b disaster ajaey to sirf restart krney sey ap ka system theek ho jata ha r bilkul theek sey kam krta ha ap mukhtilif softwares is aik Operating System p install kr sktey hain kisi b problem ko manually ya automatic internet sey solve kr sktey hain (Jis k liye Windows register hona lazmi ha)

Why not Linux
Ager ap linux use krna chahtey hain to ap ko phley lazmi linux seekhna prei gi na k Microsoft ki trha bgair perhey ap use kr sktey hain ap ko bohat lmbey lmbey code yad krna prtey hain sb sey buri bat ye ha k ap is p mukhtalif software install nahi kr sktey Ager ap Adobe Photoshop use krna chahtey hain us k liye ap ko linux ka alg version use krna ho ga ager ap VLC use krna chahtey hain to us k liye ap ko alg linux ka version use krna ho ga

**Windows Server Security
**Hr koi khta ha linux zyada secure ha pr Microsoft linux sey bohat zyada bhtr ha. Hum apne Windows Server GUI ko kisi b wqt CLI me convert kr sktey hain r khabi b CLI ko GUI me convert kr sktey hain with one command. CLI ko hack krna mushkil ha mene khud koshish ki thi r Kali Linux 2.0 sey koshish krta raha lakin hack na hua

Create a Domain Environment
Install Microsoft Windows Server 2016 on your machine.

Aik Machine (PC, Laptop) par Microsoft Windows Server 2016 OS install krain

Installation sey phley ye verify kr lain k

  • Apne password strong diya ha Administrator ka jese “Pa$$w0rd”
  • Windows Server ki nyi updates install ki honi chahiye (zarori nahi ha)
  • Static IP Address hona chahiye Microsoft ne kaha ha
  • Agar ap ak password r IP Address strong nahi ha to ap ko error a skta ha

Yad rahey: Network adapter settings ka icon disable nahi hona chahiye (mtlb red cross na lga ho us p) wrna ap install he nahi kr pain gy r error ajaey ga.

AD DS Installation

Server Manager p click krain start menu me sey phir dashboard me sey Add reols and features p click krain next press kr k

Jis Server Pool p installation krni ha usey select krain r next ka button dubain

AD DS ko select krain r isey check kr k next krain

AD DS ap k objects ki information ko store krta ha r is information ko secure rakhta ha. AD DS domain controller ko use krta ha user ko access deney k liye r permit krney k liye jese he user network me login krta ha

Microsoft khta ha k ap lazmi ADC (Additional Domain Controller) install kro ager ap k aik server kam na krey to ap ki sbhi traffic na rukey mtlb network sara na bnd ho 

Ager ap ne DNS server kisi or server p install kiya ha to ap us machine kai p address is system k DNS me dy sktey hain DNS set krney  k liye “ncpa.cpl”

Microsoft ne phli bar ye option di ha Windows Server 2016 me. Jo k ap ko apki on-premises Domain create krney ki facility deti ha. Jis k liye ap ko Azure Active Directory ko Office 365.

Office 365 aik cloud services ha ap is waja sey b isey configure kr sktey hain ager ap ko instant messages ki option chahiye call ki option chahiye store b chahiye jaha file save kr sky phir is me yammer r kafi options hain ap apni required k mutabik ya CRM (Customer Relationship Management) k liye b ap isey use kr sktahain hain ap apni company achi trha sey operate kr sktey collaboration user k drmian ho skey

Ab AD DS install ho gyi ha.
Promote this server to a domain controller pr click krain

AD DS Configuration
Add a new forest p click krain

Ager koi phley sey domain bnai *** ha r ADC install krna chahtey hain to first option ko select krain

Ager ap ne koi forest bnaya hua ha r us me Child Domain ya Tree Domain ko add krna chahtey hain to is option ko select krain

Lakin ager koi domain nahi bnai *** to is option ko select krain

Yad rahey: dote apne domain name k phley nahi lgana

Root domain apki forest me sb sey phli domain ko root domain khtey hain baki sbhi child domains is ki hn gi

Directory Services Restore Password (DSRM)

Ager galti sey apki active directory kam krna chor dy ya koi b masla ajaey to ap ye password restore k doran dy k resotre kr sktey hain

DNS delegation sirf caution ha k wo DNS delegation b bnaney lga ha

NetBIOS domain name frzi nam ha is ka r is ki limit 15 characters sey zyada nahi honi chahiye

Functional levels is me ap ye decide krtey hain k kon kon sey systems ap sey contact kr skey jb ap ADC wagera add kro gy tb

Global Catalog (GC) kisi b book k start p jis trha indexing page hota ha ye wo he kam krta ha r btata ha k apka object kaha pra hua ha

GC k pas five rights b hotey hain

1  Schema Master

2  Domain Naming Master

3  RID Pool Master

4  PDC Master

5  Infrastructure Master

Har role alg alg kam krta ha ager ap installation k bad isey uncheck kr dain to phir koi b user authenticate nahi ho pye ga

Database folder jaha ap NTDS.DIT database file ko save krain gy “New Technology Directory Services, Directory Information Tree”

Log file folder, ap k porey network k logs bnain gy chahey wo server ho ya client

SYSVOL folder ap ki GPOs is me save ho gi r Global Groups ki settings b yaha save krey ga

System ko restart krney k bad ap domain controller ko use kr sktey hain r is p objects create kr sktey hain.