22 building iis server
π΅ Internal Zone Machines
| Machine | Internal | DMZ | External |
|---|---|---|---|
| IIS Server | 172.16.200.202 | 172.16.100.202 | 172.16.10.202 |
π΅ Internal Zone Machines
-
Adapter 1: NAT (Actually used only by the Domain Controller)
-
Adapter 2: Internal-Zone
-
Adapter 3: DMZ-Zone
-
Adapter 4: External-Zone
Preparing the web server (IIS Server) using Sysprep :
After taking a clone of the Domain Controller, I ran the Sysprep tool located in C:\Windows\System32\Sysprep :
The Generalize option was activated and the OOBE (New User Experience) mode was selected, which caused the system to reboot and ask for basic settings again (language, region, and administrator password) as if the system was being booted for the first time.
Why did we take this step? (technical target)
Recruit duplicate SID: When a clone is created, the new device has the same Security Identifier (SID) value as the original device. In network environments, two devices with the same SID cannot work together properly within a domain, so we used the Generalize option to generate a new, unique SID for this server.
Converting the copy from DC to Member Server : Since the copy taken was for the Domain Controller, Sysprep cleans up the device roles and returns it as a βStand-alone Serverβ. This is necessary because we want to dedicate this machine to be an IIS Server (web server) and not another DC.
Avoid technical conflicts : Remove any special settings or definitions associated with the original device to ensure system stability when installing IIS services later, and to ensure that problems do not occur when linking the device to the original Domain with a new name.
Configuration After Join Domain :
Configuration of IP Addresses
This section is the most important to ensure proper connectivity between devices:
π΅ Internal Zone Machines
| Machine | Internal | DMZ | External |
|---|---|---|---|
| Domain Controller | 172.16.200.202 | 172.16.100.202 | 172.16.10.202 |
π΅ Internal Zone Machines
-
Adapter 1: NAT (Actually used only by the Domain Controller)
-
Adapter 2: Internal-Zone
-
Adapter 3: DMZ-Zone
-
Adapter 4: External-Zone
Use Ctrl + R : ncpa.col
In Ethernet 2 (Internal):
Then (Internal ):
DNS β IP PDC
In Ethernet 3 (DMZ):
In Ethernet 4 (External) :
Install VMWare Tools:
In Win Client ANd Server :
Then :
Then :
And Next => Next => Then Reboot/ Restart
Change Date, Time, and Time Zone
These settings are accessed through the Server Manager control panel:
The date and time are adjusted to match the geographical location (such as Cairo) to ensure proper synchronization of logs and services.
Join Domain :
Ensure the connection between the devices :
From the IIS Server, I pinged the Windows Server :
C:\Users\Administrator>ping 172.16.200.201
Pinging 172.16.200.201 with 32 bytes of data:
Reply from 172.16.200.201: bytes=32 time<1ms TTL=128
Reply from 172.16.200.201: bytes=32 time<1ms TTL=128
Reply from 172.16.200.201: bytes=32 time<1ms TTL=128
Reply from 172.16.200.201: bytes=32 time=1ms TTL=128
Ping statistics for 172.16.200.201:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\Users\Administrator>
-
How to add a IIS to a domain
To access the desired interface, follow these steps within Windows:
Settings --> System --> About --> Rename this PC (Advanced)
Objective: To access the traditional "System Properties" window .
Window: The "Computer Name/Domain Changes" window appears.
Action: Select the Domain option and enter the domain name you want to join (in this example: aas.local).
Authentication and Login :
Window: The "Windows Security" window appears.
Action: This step requires you to enter the username and password for an account with "Domain Administrator" privileges to allow the device to join.
And Window: Welcome message from Windows :
Meaning: This means that the connection between your device and the server has been successfully completed.
Restart request
Window: Windows alert message.
The system tells you that the changes will not take effect and you will not be able to log in to domain accounts until you restart your device.
And
Restart Now
OPEN PDC NOW :
And Open AD User And Computer :
And I Create OU And Move This Server :
β DONE Configuration IIS And Join Domain