UEU-co logo

ch08lev1sec3.html


Previous Page Next Page

Installing Active Directory Domain Services and Creating the Root Domain

Active Directory Domain Services is a server role. You can start the Add Role Wizard from the Initial Configuration Tasks window or the Server Manager.

By the Way

To install Active Directory Domain Services, you need to have access to at least one server on your network that provides the Domain Name Service (DNS). This can actually be the server on which you are installing Active Directory Domain Services or another server on the network. Bottom line: The Active Directory hierarchy and the DNS namespace are tightly wound together. See Hour 15 for more information on installing and configuring DNS.

Let’s assume that you are starting from scratch in terms of establishing your Active Directory hierarchy. This means that you first need to establish a new forest. Then you need a domain controller for the root domain (basically the root of the first tree in your new forest).

The result is a two-step process. First you add the Active Directory Domain Services role and then you specify the current server as a domain controller for the root domain.

To install Active Directory Domain Services, follow these steps:

1. Open the Add Roles Wizard (click the appropriate icon) in either the Initial Configuration Tasks window or the Server Manager (with the Roles node selected).

2. The first wizard screen suggests that before installing a server role you should assign a strong password to the administrator account, configure static IP addressing (if required by the role), and install the latest Windows 2008 security updates. After you have confirmed that these tasks have been completed, click Next to continue.

3. On the next screen, select the Active Directory Domain Services role (select the appropriate check box as shown in Figure 8.2). Then click Next.

Figure 8.2. Select the Active Directory Domain Services.

[View full size image]

4. The next screen provides a list of things to note as you proceed with the installation. For example, it suggests that you have at least two domain controllers for each domain (to provide redundancy for logging in users), and that Active Directory requires DNS and you will be prompted to install DNS on the server if you do not have a DNS server on the network. After reading through the notes (additional help links related to AD DS are also provided), click Next.

By the Way

If you don’t have a DNS server available on the network when you attempt to install the Active Directory Domain Services role, it will be added to the server when you promote the server to a domain controller.

5. The Install window appears, listing the server roles you will install. In the case of Active Directory Domain Services, it also notes that you will need to use the Active Directory Domain Services Installation Wizard to promote the server to a domain controller. Click Install to continue.

6. The next screen tracks the progress of the Active Directory Domain Services role. When the installation is complete, the Installation Results screen appears. On this screen, click Close This Wizard and Launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).

By the Way

You can start the Active Directory Domain Services Installation Wizard on any server you want to promote to a domain controller by running dcpromo.exe in the Windows Run dialog box (Start, Run).

The Add Roles Wizard closes and the Active Directory Domain Services Installation Wizard opens. This wizard enables you to specify the new forest name and promote the server to a domain controller. Follow these steps:

1. Click Next to bypass the opening wizard screen.

2. On the next screen, click Create a New Domain in a New Forest (see Figure 8.3). Then click Next.

Figure 8.3. Specify that a new forest and new domain be created.

[View full size image]

3. On the next screen, type the fully qualified domain name (FQDN) for the forest root domain. This would be the FQDN as defined by your DNS namespace hierarchy. Click Next to continue.

4. The wizard checks to see whether the forest name is already in use and also checks the NetBIOS equivalent name (for the FQDN).

5. The next wizard screen provides a drop-down list that enables you to set the functional level for your forest. The domain functional level is discussed in greater detail in Hour 9; however, the bottom line related to the functional level is that it determines what version of Windows Server (2000, 2003, 2008) you can run on your servers and the additional features that are provided by the functional level.

The Windows 2000 functional level enables you to have domain controllers in the forest that run Windows 2000 Server, Windows Server 2003, or Windows Server 2008. However, as you raise the functional level (say from Windows 2000 to Windows 2003 or to Windows 2008) you can only use domain controllers with the appropriate version of the Windows NOS installed, but you get more unique and advanced features the newer the NOS.

Select the appropriate functional level for your forest and then click Next.

By the Way

If you select Windows Server 2008 as your functional level, you can run domain controllers only when using Windows Server 2008. If you select Windows Server 2003 you can run domain controllers using 2003 and 2008.

6. The next screen provides a list of additional options for the server, including DNS server, Global Catalog, and Read-Only Domain Controller (RODC). The additional options suggested for installation are based on your network and server configuration (such as an already existing DNS server). Select or deselect options as needed and then click Next.

By the Way

The first domain controller in the forest must be a global catalog server and also cannot be a read-only domain controller.

7. The next screen asks you to specify the location for the database folder, the log file, and the SYSVOL folder. Select a location for these files and folders, using the appropriate text boxes (see Figure 8.4), and then click Next.

Figure 8.4. Specify the location for the database folder, log file, and SYSVOL folder.

[View full size image]

Did you Know?

You should configure your network server with multiple volumes. At least two volumes are required if you want to back up database, log, and SYSVOL files using the Windows Backup feature. The backup files are held on the volume that does not serve as the volume where you installed the database folder, log file, and SYSVOL folder when installing Active Directory. Working with server drives and volumes is discussed in Hour 6, “Managing Hard Drives and Volumes.”

8. On the next wizard page, you must set the Directory Services Restore Mode Administrator password. This password is used to start the Active Directory in the Directory Service Restore Mode. As with all passwords, you should use a strong password, which takes advantage of numbers, alphanumeric characters and different case levels. Enter the password and then enter it a second time to confirm the password, and then click Next.

9. The summary screen then appears, listing your selections and settings. If you need to change any of these settings, click Back. To continue, click Next.

10. The Active Directory Domain Services will be configured according to your settings and selections. When the wizard has completed the configuration, the exit screen appears. Click Finish. You need to restart the server to complete the installation and configuration of Active Directory. Click Restart Now.

After you’ve installed Active Directory Domain Services, established the forest (and root domain), and brought the first domain controller online, you are ready to begin expanding the logical hierarchy for your network. This process includes the addition of child domains (if needed), the deployment of additional domain controllers, and the population of the Active Directory with users and devices. Let’s take a look at adding a child domain and then take a walkthrough of the various Active Directory tools you will typically use.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited