Powered By Blogger

Thursday 26 September 2013

How to add a computer to a Domain.

Adding a Computer to an Active Directory Domain

Adding a Computer to an Active Directory Domain is not hard by any means, but there are 3 things you should always remember:
  • Rename the machine to a user friendly, recognizable name before adding it to the Domain.
  • Make sure your DNS settings are pointing to the correct DNS Server for the domain.
  • You have to have access to a Domain account that is part of the Domain Admins security group.

Joining a Machine To a Domain

Open Computer and click on the System Properties button.
Now click on the Advanced system settings link on the left hand side.
When the advanced system settings open, switch to the computer name tab.
Click on the change button, from here you can change your Computers Name to a more friendly name.
Now switch the radio button, in the bottom section, from Workgroup to Domain. This will make the text box become available.
Now type in the name of your domain, ours is howtogeek.local, but yours will be whatever you made it when you set up Active Directory.
When you hit enter, or click ok, you will be asked for the user name and password of a Domain Admin user account.
If you specify the correct credentials you will be welcomed to the Domain.

Thats all done!!!
Anzil Ali Liyakkath
anzilali.webhostrepo@gmail.com

ADS uses Domain Name System (DNS) to locate resources on a network. Without a reliable DNS infrastructure, domain controllers on your network will not be able to replicate with each other, your clients will not be able to log on to the network, and Microsoft Exchange Server will not be able to send e-mail. Essentially, if your DNS implementation is not stable, your Windows Server 2003 network will fail. This means you must have a thorough knowledge of DNS concepts and the Windows Server 2003 implementation of DNS if you are going to manage a Windows Server 2003 Active Directory environment.
We have installed DNS Server during the ADS configuration wizard. But if you have skipped the configuration of DNS Server at that moment see our previous article to install it from control panel.


To configure DNS server

Click on start button select administrator tools and click on DNS
path of dns server
If you do not see the DNS option in Administrator tools sub menu it means you haven't installed it. See our previous article to installed it.
In left pane expand the Server. Here you can see default forward and reverse zone which were configured during the ads configuration. Delete the defaults zone files.
delete zone data
Make sure you remove both forward and reverse lookup zone files before start configurations
Now we will create new forward and reverse zone file for DNS.
Right click on forward lookup zone and select new zone files
right click on forward zone
Click on next on welcome screen 
welcome screen of dns
Select primary zone.
We need not to store zone in ADS so Remove check mark from Store the zone in Active Directory
 Select primary zone
Give a relative name for this zone file. For local network we suggest you to give your domain name for this zone file.
Our domain is Example.com so I set Zone name to Example.com
zone name
We are creating first zone So select Create a new file with this file name, do not change default name just click on next
zone file name
We are going to use this DNS server in local network so select Allow both nonsecure and secure dynamic updates. Don't use this option in public network.
select both secure and nonsecure update
On summary table just click on finish
dns server finish
___________________________________________________________________________________________


Configure Reverse Look up zone
We have configured Forward look up zone. Now we need to create Reverse look up zone before we use it.
Do Right click on Reverse Lookup zones 
Right click on Reverse look up
On welcome screen click on Next 
welcome on reverse zone
Select primary zone.
We need not to store zone in ADS so Remove check mark from Store the zone in Active Directory
primary zone
Give the network ID from the IP address of server. Our server IP is 192.168.0.1 so I will set here 192.168.0 [ network partition of IP] 
give network id of server
Keep the default name for zone file and click on next 
zone file name
Select Allow both nonsecure and secure dynamic updates. Don't use this option in public network.
allow both update
On summary table just click on finish
finish

We have created both zone file for DNS server. Now we need to tell DNS server about our pointer for DNS server.
Expand Reverse Lookup Zones and select 192.168.0.x Subnet [ if you have used different ip for server then here you will find your IP address's subnet ].
Right click on it and select New pointer
new pointer
Now give the host ID from IP address. We will give 1 as we are using 192.168.0.1 ip address. 
new ptr
At this point we have configured both forward and reverse lookup zone. But all these effect will take place after restart of DNS. DNS service can be restart in two ways either by restarting the service or do a complete restart of server.
To restart the DNS service Right click on Server and select restart from all task
 restart the dns server
Configuration of DNS server can be verify by launching nslookup. To launch nslookup right click on Server and select nslookup
 select nslook up
If you see the default server name in output mean DNS server has been properly configured and functioning. But we haven’t restarted the server so you will not see the server name here.
 nslookup

To apply all these change Restart the server, After Restart verfiy it again and you will see default server name in nslookup
nslookup
Additional testing of DNS can be done by pinging it by name. Go on any client computer and ping the DNS server. [ Before doing this set preferred dns ip to 192.168.0.1 on client.]

Cheers & regards,
Anzil Ali Liyakkath
anzilali.webhostrepo@gmail.com

Install and Configure the Email Server in Windows Server 2003

Introduction

This tutorial will help you to install and set up a few email accounts, by using the built-in POP3 Service in Windows Server 2003. I will assume you have basic knowledge about the Windows Server family and Mail Servers, but I have tried to make this tutorial as easily comprehensible as possible. The tutorial has been tested on Windows Server 2003 Enterprise Edition but should also work on Windows Server 2003 Standard Edition. I will not cover MX records and other similar things in this release.
To follow this tutorial you need a stand alone server. You can of course use a Domain Controller, but that assumes you understand when to not follow the tutorial and use other settings (i.e. authentication method).

Install the Email Server

You can install the Email Server by using Add or Remove Windows Components or Manage Your Server. In this tutorial we will use the latter, because it's the quickest way to get this up and running. Manage Your Server is a bit easier to use too, because it will prompt you for the domain you want to use during setup. That will not Add or Remove Windows Components do, and we have to do everything manually.
If it's not open, start Manage Your Server by clicking Start->Programs->Administrative Tools->Manage Your Server.
  • Click on Add or remove a role.


This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.
  • Click Next
The wizard will now detect your network settings. This will take a while depending on how many network connections you have
We now come to the step where we add and remove roles for our server. We will add the Mail Server role. I also suggest that before you click Next, click Read about mail servers because this tutorial is not a complete reference.
  • Click Mail server (POP3, SMTP)
  • Click Next
You will now specify the type of authentication and type the email domain name. In this tutorial we will use Windows Authentication, and I will use my domain name, ilopia.com. You should of course use your domain name.
  • Click Next
Next step is to confirm the options you have selected.
  • Click Next
The installation will start, and will also start the Windows Components Wizard. When you get prompted to insert your Windows Server 2003 CD-ROM into your CD-ROM drive, do so. If you didn't get prompted to do that, you maybe already have it in the drive. Hopefully within some minutes you get this screen:
You can now see the log, click view the next steps for this role, or click Finish. Do whatever you feel you want to do before continuing.
  • Click Finish
You have now successfully installed the mail server, congratulations!

Configure the Email Server

So, it is no fun with a mail server installed, if we can't use it. And to use it, we have to configure it. This section will help you configure the mail server.
  • Click Start, then run, and type p3server.msc
This will open up the POP3 Service. This is where you configure and manage the POP3 part of the mail server.
  • Click on <ComputerName> in the left pane
  • Click on Server Properties in the right pane
This brings up the Properties for our Mail Server.
As you can see, we have a lot of settings. We will use the standard setup in this tutorial, but I will explain every setting we can change in case you want to change something in the future.

Authentication Method

There are three different authentication methods you can use; Local Windows Accounts, Active Directory Integrated and Encrypted Password File. It is an important decision which method to use, because once you have chosen, you must delete all email domains on the server to change method (from now on, you can migrate Encrypted File user accounts to AD, but nothing else can be migrated).
  • Local Windows Accounts
    If your server is stand alone (not member of an Active Directory domain), and you want to have the user accounts on the same local computer as the POP3 service, this is the best option. By using this option, you will use the SAM (Security Accounts Manager) for both the email user accounts, and the user accounts on the local computer. This means that a user can use the same user name and password to be authenticated for both the POP3 service and Windows on the local computer. But there is a limitation, although you can host multiple domains on the server, there must be unique user names for all domains. So, let us say you have two users named Sandra. One working at company1.com and another one working at company2.com. Their user name used will be sandra@company1.com and sandra@company2.com. But in SAM, they will both have the same user name, sandra, so one of them must be renamed to something else (if we don't want them to read each other's emails).

    If you create the user account when you create the mail box (by using the POP3 interface), the user will be added to the POP3 user group. Members of this group are not allowed to logon locally. The fact that the users are added to the POP3 group does not mean that you must be a member of this group to have a mailbox. You should however be careful adding mailboxes to users that are not member of the POP3 group, because the password used for email can for example be sniffed (if you are not using SPA), or someone can brute force the password and gain access to the server.
  • Active Directory Integrated 
    You can select this option if the server is a member of an Active Directory domain or is a Domain Controller. By using this you will integrate the POP3 Service with you AD domain. AD users can use their user name and password to send and receive email. Of course you have to create mailboxes to them first. UnlikeLocal Windows Accounts you can use the same user name on different domains. So sandra@company1.com and sandra@company2.com will have different mailboxes. There is however one thing you should know about, that does not affect the mailbox name and email-name, and the pre-Windows 2000 user name can be changed. Active Directory do not support the same pre-Windows 2000 user name, and this name is usually the same as the user name, which means that if you create a mailbox and user with the same pre-Windows 2000 user name, it will rename the pre-Windows 2000 user name.
  • Encrypted Password File 
    This is the option you want to select if you don't use Active Directory or don't want to create users on the local computer. Like Active Directory Integratedyou can have the same user name on different domains, but you cannot assign the same user name to several mailboxes within the same domain.
    This method works by creating an encrypted file stored in each user's mailbox. This file contains the password for the user. When the user wants to check his/her email, the password that the user supplies is encrypted and compared to the one in the file.
    It is possible to migrate Encrypted File user accounts to AD user accounts.

Server Port

I strongly recommend that you use port 110 because this is the standard port for the POP3 protocol. If you change this, make sure you notify all users so they can configure their email clients to use this other port. Also make sure you restart the POP3 service if you change this.

Logging Level

Four options to choose between. If you change this, remember that you must restart the POP3 service.
  • None 
    Nothing is logged.
  • Low 
    Only critical events are logged.
  • Medium 
    Both critical and warning events are logged.
  • High 
    Critical, warning and informational events are logged.

Root Mail Directory

If you don't want to use the default Mail Directory, you can choose another one. Make sure the path is not more than 260 characters and you can also not store to the root of a partition (i.e. C:). It is strongly recommended that you use a NTFS formatted partition. You can't use a mapped drive, but the UNC name (\\servername\share) can be used. If you later change the store, and there are still emails in one or more boxes, you must manually move the folders in which there are emails to the new location. You must also reset the permissions on the directory by using winpop set mailroot.

SPA

Enable SPA if you want to have a secure communication between your email sever and email clients. This will send both the user name and password encrypted from the client to the server, instead of sending it in clear text. SPA supports only Local Windows Accounts and Active Directory Integrated Authentication. It is recommended to use this. Remember to restart the POP3 service if you change this.

Create a mailbox

The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane. Remember to set the properties before you add the domain.
  • Click on your domain (ilopia.com in my case) in the left pane.
  • Click Add Mailbox in the right pane.
This will open up the Add Mailbox window.
  • Write bob in Mailbox Name
  • Write bob as password (of course this is not a password you should use in a production environment, it's too short)
  • Click OK
A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not.
  • Click OK
What we just did was not only creating a mailbox named bob, but we also created a user bob. We will also create a mailbox for an existing user - ariel. To do that we simply perform the same steps, but we uncheck Create associated user for this mailbox. Remember that the mailbox name must be less then 21 characters (64 for Encrypted Password File and Active Directory). Periods are allowed to use, but not as the first or last character.
So, we have now two users. Are they equally? No, bob is a member of the POP3 Users group, which is denied to logon locally. Ariel is not member of this group, and can still logon locally and access her mailbox.

Configure the SMTP Server

Actually, that's it! It is this simple to configure the POP3 part. But it is not yet working as we want, we have to configure the SMTP part to be able to receive and send emails. Yes, I said receive emails. A common mistake is to think that the POP3 server receives the emails. But that is not true, all the POP3 is doing is 'pop' the emails out to the clients. It's the SMTP server that is communicating with other SMTP servers and receives and sends emails.
  • Open Computer Management
  • Expand Services and Applications, expand Internet Information Service
  • Right click Default SMTP Virtual Server and click Properties
  • Click the Access tab
  • Click the Authentication button and make sure Anonymous Access and Integrated Windows Authentication is enabled.
  • Click the Relay button and make sure Allow all computers which successfully... is enabled and Only the list below is selected.
First of all, Authentication and Relay is not the same thing. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers. So enabling Anonymous here is not a security issue, in fact, it's required if we want our server to be able to receive emails from other servers on Internet (I doubt you want to tell all administrators of email servers on Internet how they should logon to yours). We also need Windows Authentication so the email clients can authenticate to the server and be able to relay (send emails).
As Relay Restrictions we selected Only the list below because we do not want to be used by spammers to send emails. But we never specified any computers. That is valid, because we wants our clients to always use the username and password to authenticate, no matter where they are.
If you want users to only be allowed to relay if they are on a private network, then you can uncheck Windows Authentication as allowed authentication method, and specify the IP range for your network in the Relay Restrictions window.
Is that all? Do we have a working email server now? Well, the answer is yes. But we still haven't configured the email clients.

Configure the email client

We will use Outlook Express as email client.
  • Start Outlook Express (any computer that is connected to the email server)
  • Click Tools and then Accounts
  • Click the Add button and select Mail
A wizard starts. Use the following table to complete the wizard:
Display nameBob
E-mail addressbob@<your domain> (bob@ilopia.com)
Incoming mail server is aPOP3
Incoming mail server<your domain> (ilopia.com)
Outgoing mail server<your domain> (ilopia.com)
Account namebob@<your domain> (bob@ilopia.com)
Passwordbob
Remember PasswordChecked
SPAUnchecked
Are we finished now? Well, let us try to send an email. Didn't work, did it? I'm sure you got an error message similar to this one:
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'webmaster@ilopia.com'. Subject 'Test', Account: 'ilopia.com', Server: 'ilopia.com', Protocol: SMTP, Server Response: '550 5.7.1 Unable to relay for webmaster@ilopia.com', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
The reason why we got this is written in the error message. 'Unable to relay for <email address>'. This means that we didn't get authenticated to the SMTP server. So, let us take a look at the email client's settings again.
  • Click Tools, then Accounts.
This will bring up this window:
  • Click the correct account and then the Properties button
  • Click the Servers tab
  • In the Outgoing Mail Server section enable My server requires authentication.
  • Click Apply, click OK, click Close
  • Create a new email, and send it
And hopefully you will receive an email within some minutes (if you sent it to your own email account).

Enable SPA

Of course we want our network as secure as possible, so we prefer to use SPA (Secure Password Authentication). This will, as stated before, send the user name and password from the client encrypted, instead of clear text.
  • Click Start, then Run
  • Type p3server.msc
  • In the right pane, right click your computer's name and click Properties
  • Check the box Require Secure Password Authentication...
  • Click OK
  • You will be prompted to restart the Microsoft POP3 Service, click Yes
We must also change some settings for the email clients.
  • Start Outlook Express
  • Click Tools, click Accounts
  • Click the Mail tab, click the name of your email account, click Properties
  • Click the Servers tab, and click Log on using Secure Password Authentication
  • Change the account name from bob@<your domain> to bob
  • Click Apply, click OK

More help

If you need more help, or are curious about things, take a look at the help files in Windows Server 2003. They are excellent and you will find out that there are more features that I have not talked about.

Links

Advanced Mail Server Configurations
http://www.microsoft.com/windowsserver2003/techinfo/overview/advmail.mspx

Comparing the POP3 Service and Configuring Coexistence with Exchange
http://www.microsoft.com/downloads/details.aspx?FamilyID=46e9cdd0-95f0-4db6-a4d2-874f4abb09e5&displaylang=en

Setting up 'Catch-all' e-mail account in Windows Server 2003
http://isorecorder.alexfeinman.com/catchall.htm

FAQ

Q. I have configured the email server and I can send emails without problems. But all emails the server receives ends up in the Drop folder and are not moved to the proper mailbox. What is wrong?

This can happen if you have moved the mail root recently and forgot to cycle the server. To cycle it, open the Services snap-in and find Simple Mail Transfer Protocol (SMTP) in the list. This problem can also occur if you created the SMTP account manually through the IIS snap in. What you have to do in this case is to delete the domain from SMTP and then re-add it using the POP3 tools.

Q. Does the built-in email server support Internet Access Message Protocol (IMAP)?

No, the built-in email server does not support IMAP. If you want or need IMAP support you'll have to look at Exchange 2003, Exchange 2000 running on a Windows 2000 Server machine in a Windows Server 2003 domain, or use a third party email server.

Q. I want the users to be able to read and write email from Internet. Does the built-in email server offer a web interface?

No, the built-in email server is very limited and is only a basic email server. So this feature is not included in it.

Q. I cannot find the SMTP Snap-In in IIS Manager. How do I get it back?

This is a known issue, and should be fixed in Service Pack 1 for Windows Server 2003. To fix it, follow these steps:
  • Click Start, then Run and type cmd and press ENTER.
  • Type regsvr32 %systemroot%\system32\inetsrv\smtpsnap.dll
Uninstall and re-install the SMTP Service will not fix this.

Q. Where are the POP3 logfiles?

The POP3 Service logs to the Event Logs, which can be viewed by using Event Viewer.


Cheers & thanks,

Anzil Ali Liyakkath
anzilali.webhostrepo@gmail.com

How do I create a new website on my Windows server?


The following article explains how to create a new website on your Windows server in IIS. IIS (Internet Information Services) controls the configuration of each website on the server. There are two types of websites that can be configured, IP based sites and Name based sites*.

To create a new site in IIS, please follow these steps:

  1. Log into your server through Terminal Services or Remote Desktop Connection.
  2. Click StartProgramsAdministrative ToolsInternet Services Manager. This will open the IIS manager. 
  3. In the left column you will see the machine name. Open the New Site Wizard:
    • In IIS 5.0, right click the machine name and select NewWebsite.
    • In IIS 6.0, expand local machine and right click on ‘Web Sites’ and select NewWebsite.
  4. Click Next to begin.
  5. Type in a description for the website. This is usually the domain name but can be anything that you prefer to distinguish the site from others. 
  6. Click Next.
  7. Type in the IP address of your new site. TCP port should be 80.
    • If the site is an IP based site you can leave the host header line blank. 
    • If the site is a name based site you will need to enter the domain name in the host header line. If you prefer to view the name-based site using the IP address, leave the host header line blank. 
  8. Click Next.
  9. Enter or browse to the path where the website will have its root directory. This is the directory where the home page should go. 
  10. Select the check boxes for the type of permissions you would like.
    • Read: allows your site to be visible through a web browser
    • Run Scripts: allows scripts such as ASP and ASP.Net to be run
    • Execute: allows .exe and .dll files to be run (we do not recommend this method)
    • Write: allows certain browsers to write to files in your website (we do not recommend this method)
    • Browse: if there is no index page, this option will display a listing of all the pages in your folder (we do not recommend this method)
  11. Click Next and then Finish.
  12. If this is a name based site, right click the domain name you just created and selectProperties.
  13. On the Web Site tab, click Advanced
  14. Click Add
  15. Enter the requested information:
    • IP address: enter the same IP address for the website
    • TCP port: enter 80
    • Host Header value: enter the domain name with www. as the prefix
  16. Repeat steps 12 through 15 for each additional domain name that will be used to access this specific website.
You have now created a new website. If you need to setup an FTP site, please see How do I create an FTP account with IIS?.
*An IP-based website has a unique IP address. No other website uses this IP address. If you need multiple IP-based websites, you will need to contact us to add the IP addresses to your server.
A name-based website shares a single IP address with each website on the server. You are able to make as many name-based sites as you wish with your single IP address.


Anzil Ali Liyakkath
anzil09@gmail.com