Skip to main content

SafeDNS AD Agent environment configuration

The manual below describes the whole process of the preparation, configuration, and installation of the Agent under the Active Directory environment. The user operating system used is Windows 11 while the server version OS: Windows Server 2019 Standard.

Prerequisites: fresh installed Windows Server 2019 Standard, fresh installed Windows 11

Important Notice:

I: If the Active Directory is already installed and configured, while the Group Policy Management is not configured, please proceed with the installation of the Group Policy Management.

II: If the Active Directory and Group Policy Management are already installed and configured, please proceed to step 3 - Creating Users/Groups.

III: If the Active Directory and Group Policy Management are already installed and configured and Users/Groups exist, please proceed to step 4 - MSI File Preparation on the Server

Installing Agent in the AD environment without AD functionality

If you need to set up the Agent in the AD environment without using the AD functionality (e.g. adding AD users to SafeDNS Dashboard), you need the special build of the .msi file.

To get the special .msi build, please follow these steps:

  1. Send the request for the .msi file to the Support (support@safedns.com) or your SafeDNS Manager.
    The request should contain username, password and PIN code.
    PIN code is required to enter the Agent GUI. If PIN is not provided, it will be generated randomly.
  2. Wait until the .msi file is created and sent to you.
  3. Upload the .msi file to the server and hosted in the folder that is available on the network to the end-user computer - we recommend setting the access level to Everyone.
  4. Add the .msi file to the following path using the Group Policy Management console:
    Computer Configuration > Policies > Software Settings > Software Installation

The .msi file installation will start after the end-user computer restart.
The installation can be forced by running the following command on the end-user computer: gpupdate /force

This process for the NOAD agent installation follows exactly the same steps as described below. The only difference is that the NOAD agent uses credentials instead of an AD key and has the AD module disabled using the /noad key.

1. Server installation Part. Installation of the Roles and Features.

Start the Server Manager and initiate the installation of the Roles:

image-1719873513183.png

image-1719873557001.png

Selecting Role-based or feature-based installation:

image-1719873584888.png

Selecting the local server from the Server Pool:

image-1719873617241.png

Selecting the Active Directory Domain Services role and in the small window taping the Add Features button:

image-1719873688795.png

The next step is to select the Role of the DNS Server, accepting the proposed Features list:

image-1719873785690.png

Accept the selected before Roles and tap the Next button:

image-1719873996913.png

Select the Group Policy Management feature:

image-1719874023816.png

Brief information about Azure Active Directory Domain Services(promo):

image-1719874060407.png

Brief information about installing DNS server:

image-1719874123270.png

The summary with the list of installing Roles and Features:

image-1719874166388.png

The installtion process begins:

image-1719874227531.png

Once installed, the wizard shows the results of the installation:

image-1719875358686.png

We are set with the installation of the Roles & Features. Please close the window.

2. Active Directory Configuration process.

Start the Server Management and promote the server as a domain controller:

image-1719875481886.png

Creating a new forest and name it accordingly:

image-1719875665812.png

Leaving the options by default. Please set the DSRM password:

image-1719875707416.png

Configure the delegation options (if there is a need for that):

image-1719876092400.png

Configure the NETBIOS name:

image-1719876146683.png

Configuring the system folders:

image-1719876165886.png

The preview of the installing options:

image-1719876207394.png

Prerequisites check and install:

image-1719876234499.png

3. Creating User/Groups on the AD.

The new group and user should be created for the Agent Software delivery to the end-user computers. The application installation starts immediately after first user logon to the computer.

3.1. Creating a new user.

Open the Active Directory Users and Computers, select the recently created domain, then Users => New => User:

image-1719876407599.png

Setting the username:

image-1719876466036.png

Password:

image-1719876540954.png

Reviewing the object(User) summary and finishing the process:

image-1719876563571.png

3.2. Creating of the User Group.

Users can be part of one group within the AD environment. The application can be applied to a group of users optimizing the configuration and management of the Application Rollout.

Active Directory Users and Computers, Selecting our domain, and then tap on the Users => New => Group:

image-1719876621028.png

Entering the data of the Group and tap OK:

image-1719876851444.png

Please check that User and group has been created:

image-1719876932012.png

3.3. User added to the group.

Select the group and in the context menu tap the Properties:

image-1719876972656.png

On the appeared window select Members and tap the Add button. Enter the username in the search field and press OK:

image-1719877100730.png

Select the user safedns_win11_test and tap OK button:

image-1719877211354.png

Check the result and press OK button:

image-1719877253089.png

The user creation part is over, now we need to configure GPO.

4. MSI file Preparation on the server.

The MSI Agent package should be prepared and copied to the folder on the Active Directory Server.

The MSI Agent package is prepared by SafeDNS. Our technical team generates and inserts your personal identification token into the package.

The folder with the Agent package should be avalable from the client's computer.

image-1719877376881.png

The folder permissions should be the following. User Everyone should have access to the read&execute:

image-1719930007444.png

The preparation of the file process is over.

5. Group Policy Configuration.

Open the Group Policy Management console

Select the current domain, then Group Policy Objects and open the context menu => New

image-1719930175238.png

Please name the Group Policy accordingly:

image-1719930314761.png

Once the policy is created, please set the User/Group applied the GPO installation:

image-1719930359537.png

In the appeared window select the Group safedns_agent - with the user safedns_win11_test:

image-1719930504658.png

Once the GPO is created, tap the context menu of the object and click on Edit button:

image-1719930644053.png

Important notice: There are 2 possible ways of the MSI package installation:

  1. Installation Policy applied to the computer - Computer Configuration
  2. Installation Policy applied to the user - User configuration


image-1719930802132.png

The second option - User Configuration requires user actions on the computer to start the package installation and will require Administrator credentials.

In the Group Policy Management Editor select Computer Configuration then Policies => Software Settings => Software Installation.

Tap the context menu button and select New=>Package:

image-1719931149148.png

Select the SafeDNS Agent installation package. The path should be the following: \\server\share\SafeDNS_AD_Agent_3.0.5.msi

image-1719931222454.png

Select the Assigned deploy method:

image-1719931383646.png

Once the Application package is added, the new record should appear in the list:

image-1719931442193.png

The installation is finished, the Agent should be installed after the next login to the computer.

Depending on the MSI package settings, after the installation the following objects should appear:

  1. SafeDNS Agen icon on the Desktop
  2. SafeDNS Agent service
  3. SafeDNS icon on the system tray

image-1719931503726.png

If there is a need to start the MSI package installation before restarting/new login please start the CMD command line and run the following command:

gpupdate /force

This command will initiate the installation process:

image-1719931829481.png

Once the computer restarted, the applicaation will appear on the Desktop, the service created and the icon appeared in the system tray:

image-1719931964437.png