ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 RedHat RHCSA and RHCE Certification Preparation Guide -| Get This Book = Menu = Menu Q Manage Samba4 Active Directory Infrastructure from Windows10 via RSAT — Part 3 Matei Cezar Last Updated: December 7, 2016 Sambad Active Directory 17 Comments In this part of the Samba AD DC infrastructure series we will talk on how join a Windows 10 machine into a Sambaé4 realm and how to administer the domain from a Windows 10 workstation. Once a Windows 10 system has been joined to Sambad4 AD DC we can create, remove or disable domain users and groups, we can create new Organizational Units, we can create, edit and manage domain policy or we can manage Samba4 domain DNS service. Alll of the above functions and other complex tasks concerning domain administration can be achieved via any modern Windows platform with the help of RSAT - Microsoft Remote Server Administration Tools. hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 18ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Requirements = Create an AD Infrastructure with Samba4 on Ubuntu 16.04 — Part 1 = Manage Sombo4 AD Infrastructure from Linux Command Line - Part 2 = Manage Samba4 AD Domain Controller DNS and Group Policy from Windows - Part 4 Step 1: Configure Domain Time Synchronization 1. Before starting to administer Samba4 ADDC from Windows 10 with the help of RSAT tools, we need to know and take care of a crucial piece of service required for an Active Directory and this service refers to accurate time synchronization. Time synchronization can be offered by NTP daemon in most of the Linux distributions. The default maximum time period discrepancy an AD can support is about 5 minutes. If the divergence time period is greater than 5 minutes you should start experience various errors, most important concerning AD users, joined machines or share access. To install Network Time Protocol daemon and NTP client utility in Ubuntu, execute the below command. $ sudo apt-get install ntp ntpdate tps: tecmint.comimanage-sambat-ad-fromavindows-via-al! 2195sai0ar2021 Manage Sambbad Active Directory Infrastructure from Windows10 via RSAT - Part 3 caine usergadoli-$ sudo apt-get inszall nvp nvpdace Install NTP on Ubuntu 2. Next, open and edit NTP configuration file and replace the default NTP pool server list with a new list of NTP servers which are geographically located near your current physical equipment location The list of NTP servers can be obtained by visiting official NTP Poo! Project webpage httpuiwww,poolntporg/en/. Comment the default server list by adding a_#_ in front of each pool line and add the below pool lines with your proper NTP servers as illustrated on the below screenshot. htps:w tacmint.comimanage-sambat-ad-fromavindows-via-al! 1951870912021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part 3 Gi nano 2.5.3 Eile: /etc/ntp cont Ipcol 9.ro.pool.ntp.org iburst pcol 1-ro.pool-ntp.org iburst pcol 2.ro.pool-ntp.org iburst lf Use Ubuntu's ntp server as a fallback. jpcol 3.ro.pool.ntp.ozg. n Ubuntu 3. Now, don't close the file yet. Move to the top at the file and add the below line after the driftfile statement. This setup allows the clients to query the server using AD signed NTP request hitps:wtecmint comimanage-samba-ad-{romavindows-via-sal!18/09/2021 Manage Sambbad Active Directory Infrastructure from Windows10 via RSAT - Part 3 Fil Sync AD with 4. Finally, move to the bottom of the file and add the below line, as illustrated on the below screenshot, which will allow network clients only to query the time on the server. hitps:wwtacmint comimanage-samba-ad-{omavindows-via-sal!on Windows 0 via RSAT - Part 3 Manage Sambad Active Directoy Infrastructure File: /etc/ntp.cont 18/09/2021 GN nano 2.5.9 Query Clients t 5. When finished, save and close the NTP configuration file and grant NTP service with the proper permissions in order to read the ntp_signed directory. This is the system path where Samba NTP socket is located, Afterwards, restart NTP daemon to apply changes and verify if NTP has open sockets in your system network table using combined with hitps:ww-tecmint.comimanage-samba-ad-{omovindows-via-sal! 6135ai0ai2021 Manage Sambbad Active Directory Infrastructure from Windows10 via RSAT - Part 3 Grant Permission to NTP Use the ntpg command line utility to monitor NTP daemon along with the flag in order to print a summary of peers state. Monitor NTP 6. Sometimes the NTP daemon gets stuck in calculations while trying to synchronize time with an upstream ntp server peer, resulting the following error messages when manually trying to force time synchronization by running ntpdate utility on a client side: hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 9518/09/2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part 3 NTP nchronization Erro when using ntpdate command with -d flag hitps:wwtacmint comimanage-samba-ad-{romavindows-via-sal! 8135a10ai2021 Manage Sambad Active Directory Infrastructure from Windows10 via RSAT - Part 3 NTP Server Dropped Leap Not in Sync 7. To circumvent this issue, use the following trick to solve the problem: On the server, stop the NTP service and use the ntpdate client utility to manually force time synchronization with an external peer using the -b flag as shown below: Force NTP Time Synchronizatior 8, After the time has been accurately synchronized, start the NTP daemon on the server and verify from the client side if the service is ready to serve time for local clients by issuing the following command: hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! iaai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part 3 Verify NTP Time Synchroniz« By now, NTP server should work as expected. 9. As we saw in our previous tutorial, Sambad Active Directory can be managed from command line using samba-tool utility interface which can be accessed directly from server's VTY console or remotely connected through SSH. Other, more intuitively and flexible alternative, would be to manage our Samba4 AD Domain Controller via Microsoft Remote Server Administration Tools (RSAT) from a Windows workstation integrated into the domain. These tools are available in almost all modern Windows systems. The process of joining Windows 10 or older versions of Microsoft OS into Samba4 AD DC is very simple. First, make sure that your Windows 10 workstation has the correct Samba4 DNS IP address configured in order to query the proper realm resolver. hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 10195e0oan021 Manage Sambad Active Directry Ifasructure from Windowst0 via RAT - Pat 9 Open Control panel -> Network and Internet -> Network and Sharing Center -> Ethernet card -> Properties -> IPv4 -> Properties -> Use the following DNS server addresses and manually place Samba AD IP Address to the network interface as illustrated in the below screenshots. ‘4 > ContotPan > NeorokandItomet > Nebr and Sng Center View your basic network information and set up connections Network, Acces tye _tnemet 9 treme Pepe 3 1 es 12574 at ws Cocn (Cate) ‘Sot 10 1 TBc8 Packt Scher = relay Tpoey Dicey Mapper One 1D Mc two tr tr eto Pec owen 6 TCP V8 oo Homerowp “orig Crtl Potton Plea Th fk eect accede come join Windows to Samba4 AD hips: tacmint.comimanage-sambad-ad-fromavindows-via-sal! 5ai0ai2021 Manage Sambbad Active Directory Infrastructure from Windows10 via RSAT - Part’3 ‘Add DNS and Sambad AD IP Address Here, 192.168,1.254 is the IP Address of Samba4 AD Domain Controller responsible for DNS resolution. Replace the IP Address accordingly. 10. Next, apply the network settings by hitting on OK button, open a Command Prompt and issue a ping against the generic domain name and Samba4 host FQDN in order to test if the realm is reachable through DNS resolution. ping tecmint.1an ping adc1.tecmint.1an tps: tacmint.comimanage-sambad-ad-fromavindows-via-sal! vatasa10ar2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Check Network Connectivity Between Windows and Samba4 AD 11. If the resolver correctly responds to Windows client DNS queries, then, you need to assure that the time is accurately synchronized with the realm. Open Control Panel -> Clock, Language and Region -> Set Time and Date -> Internet Time tab -> Change Settings and write your domain name on Synchronize with and Internet time server field Hit on Update Now button to force time synchronization with the realm and hit OK to close the window. hitps:ww tacmint.comimanage-sambat-ad-fromavindows-via-sal! 19195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Synchronize Time with Internet Server 12. Finally, join the domain by opening System Properties -> Change -> Member of Domain, write your domain name, hit OK, enter your domain administrative account credentials and hit OK again. Anew pop-up window should open informing you're a member of the domain, Hit OK to close the pop-up window and reboot the machine in order to apply domain changes. The below screenshot will illustrate these steps. hitps:wwntacmint.comimanage-sambat-ad-fromavindows-via-sal! aiaai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Join Windows Domain to Samba4 AD htps:w tacmint.comimanage-sambat-ad-fromavindows-via-al! 15195a109i2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Enter Domain Administration Login Domain Joined to Sambad AD Confirmation hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 16195ai0ai2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Restart Windows Server for Changes 13. After restart, hit on Other user and logon to Windows with a Sambad4 domain account with administrative privileges and you should be ready to move to the next step. htps:iww tacmint.comimanage-sambat-ad-fromavindows-via-sal! viasai0ai2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Login to Windows Using Samba4 AD Account Step 4: Administer Samba4 AD DC with RSAT 14. Microsoft Remote Server Administration Tools (RSAT), which will be further used to administer Samba4 Active Directory, can be downloaded from the following links, depending on your Windows version: = Windows 10: https:/www.microsoft.com/en-us/download/details.aspx? id=45520 = Windows 8.1: http:/www.microsoft,com/en-us/download/details.aspx? id=39296 hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 19195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 = Windows 8: http:/www.microsoft.com/en-us/download/details aspx? id=28972 = Windows 7: http:/iwww.microsoft.com/en-us/download/details.aspx?id=7887 Once the update standalone installer package for Windows 10 has been downloaded on your system, run the installer, wait for the installation to finish and restart the machine to apply all updates. After reboot, open Control Panel -> Programs (Uninstall a Program) -> Turn Windows features on or off and check all Remote Server Administration Tools. Click OK to start the installation and after the installation process finishes, restart the system. Administer Samba4 AD from Windows 15, To access RSAT tools go to Control Panel -> System and Security -> Administrative Tools. The tools can also be found in the Administrative tools menu from start menu Alternatively, you can open Windows MMC and add Snap-ins using the File -> hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 19198ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 ‘Add/Remove Snap-in menu Access Remote Server Administration Tools The most used tools, such as AD UC, DNS and Group Policy Management can be launched directly from Desktop by creating shortcuts using Send to feature from menu. 16. You can verify RSAT functionality by opening AD UC and list domain Computers (newly joined windows machine should appear in the list), create a new Organizational Unit or a new user or group. Verify if the users or groups had been properly created by issuing whinfo command from Sambad server side. htps:iww tacmint.comimanage-sambat-ad-fromavindows-via-sal! 20135ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Active Directory Users and Computers Create Organizational Units and New Users tps: tacmint.comimanage-sambat-ad-fromavindows-via-sal! 218a10ai2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Confirm Samba4 AD Users That's it! On the next part of this topic we will cover other important aspects of a Samba4 Active Directory which can be administered via RSAT, such as, how to manage DNS server, add DNS records and create a reverse DNS lookup zone, how to manage and apply domain policy and how to create an interactive logon banner for your domain users. ® Samba Active Directory < Redirect a Website URL from One Deal: Learn IT Security with This White Server to Different Server in Apache Hat Hacker 2017 Bundle > hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 22sai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section. lf You Appreciate What We Do Here On TecMint, You Should Consider: TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all If you like what you are reading, please consider buying us a coffee ( or 2) as a token of appreciation. We are thankful for your never ending support. Related Posts hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal!ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Integrate VMware ESXI to Samba4 AD Domain Controller — Part 16 hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 20195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Integrate Ubuntu to Samba4 AD DC with SSSD and Realm - Part 15 hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 25195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Integrate CentOS 7 to Samba4 AD from Commandline - Part 14 hitps:ww tacmint.comimanage-sambat-ad-fromavindows-via-sal! 265ai0ai2021 Manage Samibad Active Directory Infrastructure from Windows10 via RSAT - Part’3 How to Configure Thunderbird with iRedMail for Samba4 AD - Part 13 How to Integrate iRedMail Roundcube with Samba4 AD DC - Part 12 hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 27198ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 How to Configure and Integrate iRedMail Services to Samba4 AD DC - Part 11 17 thoughts on “Manage Samba4 Active Directory Infrastructure from Windows10 via RSAT - Part 3” «<— Older Comments hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal!ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Justom Griggs January 24, 2020 at 3:34 am Hello, I'm stuck on Step 10. When | run ping, I get these errors: C:\Users\Juston Griggs> ping relic.goneoweb.1an Ping request could not find host relic.goneoweb.lan. Please check the name and try again. C:\Users\Juston Griggs>ping goneoweb. lan Ping request could not find host goneoweb.lan. Please check the name and try again. but | can successfully ping just “relic” C:\Users\Juston Griggs>ping relic Pinging relic [10.16.24.16] with 32 bytes of data Reply from 10.16.24.16: bytes=32 time<1ms TTL=64 Reply from 10.16.24.16: bytes=32 time<1ms TTL=64 Reply from 1016.24.16: bytes=32 time<1ms TTL=64 Reply from 10.16.24.16: bytes=32 time<1ms TTL=64 Ping statistics for 10.16.24.16: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = Oms, Maximum = Oms, Average = Oms So I'm stuck on what might have gone wrong. Any suggestions? Thanks! Reply hitps:ww tacmint.comimanage-sambat-ad-fromavindows-via-sal! 20195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 Shah, Kamal December 8, 2019 at 5:52 am Hello, I tried to make the samba traffic encrypted by putting this smb encrypt = required at the GLOBAL section. Everything is fine except when I tried to launch rsat, request can't be done with the error. Reply Pluto August 30, 2019 at 2:13 am Hello, Me and my friend have exactly the same problem. When we try to join the domain we have that error “The join operation was not successful. This could be because an existing computer account having name "XXX" was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting account. The error was: Access is denied” Can u help us with that? Tried to reinstall like 5 times and always the same error. Cheers Reply hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 0195ai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 « Older Comments Got something to say? Join the discussion. Have a question or suggestion? Please leave a comment to start the discussion Please keep in mind that all comments are moderated and your email address will NOT be published. Name * Email * Website O Save my name, email, and website in this browser for the next time | comment. Notify me of followup comments via e-mail. You can also subscribe without commenting This site uses Akismet to reduce spam. Learn how your comment data is processed. Over 3,500,000+ Readers hitps:ww tacmint.comimanage-sambat-ad-fromavindows-via-sal! ansa10ai2021 Manage Sambbad Active Directory Infrastructure from Windows10 via RSAT - Part’3 A Beginners Guide To Learn Linux for Free [with Examples] Red Hat RHCSA/RHCE 8 Certification Study Guide [eBooks] Linux Foundation LFCS and LFCE Certification Study Guide [eBooks] Learn Linux Commands and Tools How to Block or Disable Normal User Logins in Linux vlock - A Smart Way to Lock User Virtual Console or Terminal in Linux 3 Useful Hacks Every Linux User Must Know Learn How to Use ‘fuser’ Command with Examples in Linux 10 Most Dangerous Commands - You Should Never Execute on Linux Zaloha.sh — A Simple Local Directory Synchronizer Script for Linux hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! sansai0ai2021 Manage Samad Active Directory Infrastructure from Windows10 via RSAT - Part’3 #TECMINT #1 Worip's LEADING LINUx BLOG Do You WANT TO LEARN LINUX? Get weekly Linux tutorials, tricks & tips and other useful Open Source resources in your INBOX. If You Appreciate What We Do Here On TecMint, You Should Consider: Linux Server Monitoring Tools ngxtop ~ Monitor Nginx Log Files in Real Time in Linux Load Testing Web Servers with Siege Benchmarking Tool How to Install Tripwire IDS (Intrusion Detection System) on Linux systemd-analyze — Find System Boot-up Performance Statistics in Linux hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! sas‘002001 Manage Sambal Active Directory Iitastucur from Windowst0 via RSAT - Part’ linux-dash: Monitors “Linux Server Performance” Remotely Using Web Browser How to Setup and Manage Log Rotation Using Logrotate in Linux Learn Linux Tricks & Tips Show a Custom Message to Users Before Linux Server Shutdown Linux Tricks: Play Game in Chrome, Text-to-Speech, Schedule a Job and Watch Commands in Linux How to Find Difference Between Two Directories Using Diff and Meld Tools mimipenguin — Dump Login Passwords From Current Linux Users Add Rainbow Colors to Linux Command Output in Slow Motion How to Check Remote Ports are Reachable Using ‘nc’ Command Best Linux Tools 10 Best Open Source Forum Software for Linux 6 Online Tools for Generating and Testing Cron Jobs for Linux 6 Best Email Clients for Linux Systems The 5 Best Command Line Music Players for Linux 16 Best Web Browsers | Discovered for Linux in 2020 16 Open Source Cloud Storage Software for Linux in 2020 Donate to TecMint Contact Us Advertise on TecMint Linux Services Copyright Policy Privacy Policy Career Sponsored Post inux Howtos, Tutorials & Guides © 2021. All Rights Reserved. site cannot be republished either online or offline, without our permission. Hosting Sponsored by : Linode Cloud Hosting hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 30195ai0ai2021 Manage Sambad Active Directory Infrastructure from Windows10 via RSAT - Part 3 hitps:ww tacmint.comimanage-sambad-ad-fromavindows-via-tsal! 35195