Project 2

Network Administration
CIT-243

Mohammad Awais Shafiq (K-022232028)

Ahmed Shafiq (K-022232029)
Dr. Rasha Hasan
Summer-1 2024
12-06-2024

1|Page
 INDEX
Task Number Page Number

Task 1 3 to 6

Task 2-A 7&8

Task 2-B 8 to 10

Task 3-A 11 to 13

Task 3-B 14 to 17

References 18

2|Page
Task 1: Managing Active Directory

Introduction: Active Directory (AD) is a directory service developed

by Microsoft for Windows domain networks. It is included in most
Windows Server operating systems as a set of processes and services.
Originally, Active Directory was only in charge of centralized domain
management.[1] However, it has expanded to include a variety of
directory-based identity-related services. This report will focus on
managing Active Directory, highlighting the tasks performed,
challenges faced, and personal advice/observations on its
management.

Tasks Performed with Active Directory

1. User and Group Management: One of the primary tasks of
Active Directory is managing users and groups. This includes creating,
deleting, and modifying user accounts and groups. Users can be
assigned to groups to simplify the management of permissions and
access controls.[1]
• Creating Users and Groups: Administrators can create new user
accounts and groups using the Active Directory Users and
Computers (ADUC) console. This involves specifying details such
as usernames, passwords, and group memberships.
• Modifying User Accounts: Administrators can update user
account information, such as resetting passwords, modifying
group memberships, and updating contact information.
• Managing Group Policies: Group Policies allow administrators to
implement specific configurations for users and computers
within the organization. This includes setting security policies,
deploying software, and configuring system settings.

3|Page
2. Organizational Units (OUs) and Delegation: OUs are
containers within AD that can hold users, groups, computers, and
other OUs. They provide a way to organize and manage many objects
in a domain.
• Creating and Managing OUs: Administrators can create OUs to
reflect the organizational structure, such as departments or
geographical locations. This helps in applying group policies and
delegating administrative control.[1]
• Delegation of Control: Active Directory allows the delegation of
administrative tasks to non-administrative users. This is done by
delegating specific permissions on an OU to a user or group,
enabling tasks such as password resets and account
management without granting full administrative rights.
3. Managing Trust Relationships: Active Directory supports
establishing trust relationships between domains.[1] Trusts allow
users in one domain to access resources in another domain.
• Types of Trusts: There are several types of trusts, including
external trusts, forest trusts, shortcut trusts, and realm trusts.
Each type serves different purposes and provides varying levels
of access and security.

4|Page
Challenges in Managing Active Directory
1. Complexity and Scalability: Active Directory can become
complex to manage, especially in large organizations with multiple
domains and many users. Scaling AD to meet the needs of a growing
organization can be challenging and requires careful planning.[1]
2. Security and Compliance: Ensuring the security of AD is critical,
as it is a central repository for user credentials and permissions.
Administrators must implement strict security policies and regularly
audit the environment to ensure compliance with industry standards
and regulations.
3. Disaster Recovery: Maintaining a reliable disaster recovery plan
for AD is essential. This involves regular backups, testing recovery
procedures, and ensuring that domain controllers are resilient to
failures.
4. Change Management: Managing changes in AD, such as updates
to group policies or modifications to user accounts, requires careful
planning and testing to avoid disruptions and ensure that changes do
not negatively impact the environment.[1]

Personal Advice and Observations

1. Regular Audits and Monitoring: Regularly audit AD for security
vulnerabilities and configuration issues. Use monitoring tools to keep
track of changes and detect potential security breaches early.

2. Implement Role-Based Access Control (RBAC): Implement

RBAC to ensure that users have only the permissions they need to
perform their jobs. This helps minimize the risk of accidental or
malicious changes to AD.

5|Page
3. Use Group Policies Wisely: Group Policies are powerful tools for
managing user and computer configurations, but they can also
introduce complexity. Use them judiciously and document all policies
to ensure clarity and maintainability.

4. Automate Routine Tasks: Automation can help reduce the

administrative burden of managing AD. Use scripts and tools like
PowerShell to automate routine tasks, such as user provisioning and
group management.
5. Plan for Growth: Consider the future growth of the organization
when designing the AD structure. Plan for scalability and ensure that
the AD environment can accommodate new users, groups, and
applications.
6. Educate and Train Staff: Ensure that IT staff are well-trained in
AD management. Provide ongoing education and training to keep
them up to date with the latest best practices and tools.

6|Page
Task 2-A: Here are two users created with the same password and
enforcing these users to change password.

Figure 1.1: Creating a new user, Mohammad Awais Shafiq, with enforced
password change on next logon.

Figure 1.2: Creating another new user, Ahmad Shafiq, with enforced
password change on next logon.

7|Page
 Figure 1.3: Creating users in Active Directory with the same password and
enforcing a password change at the next logon.

Task 2-B: Here is a group created named IT and adding the two users
we created inside the group.

Figure 2.1: Creating a new group named "IT" in Active Directory with a global
scope and security type.

8|Page
Figure 2.2: Adding user Mohammad Awais Shafiq to the IT group by selecting
the user from Active Directory.

Figure 2.3: Adding user Ahmad Shafiq to the IT group by selecting the user
from Active Directory.

9|Page
Figure 2.4: The IT group's properties showing the members Ahmad
Shafiq and Mohammad Awais Shafiq added to the group.

10 | P a g e
Task 3-A: Here is the installation of Windows server update services
(WSUS) and Web Server.

Figure 3.1: Selecting Windows Server Update Services (WSUS) and Web
Server (IIS) roles to be installed on the server for enhanced security.

Figure 3.2: Adding required features for Windows Server Update Services.

11 | P a g e
 Figure 3.3: Choosing the content location (C:\update) for storing updates
locally on the WSUS server to ensure quick download and storage of updates.

Figure 3.4: Post-deployment configuration notification indicating that further

configuration is needed for Windows Server Update Services.

12 | P a g e
Figure 3.5: Installation progress screen showing successful installation of
Windows Server Update Services and associated features, indicating that
configuration is required to complete the setup.

13 | P a g e
Task 3-B: Here we are going to further make configuration on
windows server update services.

Figure 4.1: The "Before You Begin" screen in the WSUS Configuration Wizard
listing preliminary steps such as configuring the server firewall and ensuring
connection to the upstream server.

14 | P a g e
Figure 4.2: The "Choose Upstream Server" screen where the server is set to
synchronize updates from Microsoft Update.

Figure 4.3: The "Connect to Upstream Server" screen showing the process of
downloading update information from Microsoft Update, including types of
updates and available languages.

15 | P a g e
 Figure 4.4: The "Choose Products" screen allowing selection of specific
Microsoft products, like Windows Server, for which updates will be
synchronized.

Figure 4.5: The "Choose Classifications" screen where the user selects the
classifications of updates to download, ensuring "Update Rollups" are
included.

16 | P a g e
Figure 4.6: The "Finished" screen confirming the initial configuration of the
WSUS server and options for starting the WSUS Administration Console or
beginning initial synchronization.

Figure 4.7: The WSUS Administration Console displaying the update status
and computer status, ready for further configuration and synchronization of
updates.

17 | P a g e
References
[1] Proofpoint. (2024). From Proofpoint:
https://www.proofpoint.com/us/threat-reference/active-directory

18 | P a g e