Installation of Active Directory Domain Service
Before installation Active Directory domain service (AD DS) for the first time we need to plan
various things in-order to meet our organization requirement. Below are the list of information
which you need to plan before installing AD DS.
• Domain name for the organization (eg. Vision.com) and NetBIOS domain name (eg.
Vision)
• Domain and Forest functional level
• Installation of DNS service
• Location of NTDS Database and logs file
• Name of the server
• IP address for the DNS Server
• Administrator password and DSRM password
Now let start the procedure to install AD DS role on the server and make the server works as
domain controller for a new forest/domain.
The AD DS process is divided into 2 parts i.e.
• Installation of AD DS role
• Installation of AD using dcpromo.exe
Installation of AD DS role
Inorder to install AD DS role we require to have Windows 2008 server DVD ready with us. Now
follow the below given steps to install AD DS role
Go to Server Manager from Start – Programs – Administrative tools
In the Server Manager console select Role option
Next click on Add role to bring the Add role wizard window as shown below
Select the Active directory domain service role and then click on next button to continue to begin
the process of installing AD DS role
After completion of AD DS role installation the next step is to installation AD DS service using
dcpromo.exe
Installation of AD using dcpromo.exe
To installation all the feature of AD you need to run dcpromo.exe as we where using in earlier
version of Windows. Below are the steps to perform this action
Go to Start – Run and type dcpromo.exe to start the installation process of AD.
After running dcpromo.exe a window appear on screen as shown below to start AD DS
installation wizard. Click the Use Advance mode installation option and click Next button to
continue.
Vision Infosystems (VIS)
Page No. : 20
Next it will display information about compatibility with previous version of Windows Server
operating system. Click next to continue.
Now select Create a new domain in new forest if you are installation the first DC in a forest
and then click Next.
Vision Infosystems (VIS)
Page No. : 21
Next type the Fully Qualified Domain Name (FQDN) for the domain (i.e. vision.com)
Next type the NetBIOS domain name for the domain (i.e. VISION)
Now select the Forest function level which suits our organization requirement.
Vision Infosystems (VIS)
Page No. : 22
Next select the addition service which are require to installation before installation AD DS.
These are
DNS : You have a option to do not install DNS server if required. But in our case since we are
installation the first domain controller this option must be selected.
Global Catalog : By default the first server in the forest is GC by default.
RODC : This role is not available on the First DC.
Vision Infosystems (VIS)
Page No. : 23
Next specify the location of Active Directory database file, log files and sysvol folder.
Next you have to specify DSRM password for restoring and performing active directory database
related function.
Note : This password is different from normal administrator password.
Vision Infosystems (VIS)
Page No. : 24
Next it will show the summary of various options you have selected during the installation of AD
DS wizard.
Next the installation process begins. Wait for few minute to complete the process.
Vision Infosystems (VIS)
Page No. : 25
After completion of installation of AD DS you need to restart the server for changes to take
effect.
When AD DS is installed on a Windows 2008 server you have 3 consoles installed to manage
your active directory forest. They are as under :
• Active directory users and computer : This snap-in or console is use manage active
directory objects like uses, groups, OU, etc.
• Active directory sites and services : This snap-in or console is used to manage active
directory sites which are used for managing replication and finding resources.
• Active directory domains and trust : This snap-in or console is used to manage trust
relationship.
Also two forward lookup zones are created in DNS. They are as under
• <domain.com>
• _msdcs.<domain.com>
Exampe : if you domain name is vision.com then the two zone will be named as 1) vision.com
and 2) _msdcs.vision.com.
Vision Infosystems (VIS)
Page No. : 26
Installation of Addition Domain Controller
1) To set up an Additional Domain Controller, use the dcpromo.exe command. To use the
command, click on Start > Run > and then write dcpromo > Click OK
2) The system will now start checking if Active Directory Domain Services ( AD DS) binaries
are installed, then will start installing them. The binaries could be installed if you had run the
dcpromo command previously and then canceled the operation after the binaries were installed.
3) The Active Directory Domain Services Installation Wizard will start, either enable the
checkbox beside Use Advanced mode installation and Click Next , or keep it unselected and
click on Next.
4) The Operating System Compatibility page will be displayed, take a moment to read it and
click Next.
5) On the Choose a Deployment Configuration page, click Existing forest, click Add a domain
controller to an existing domain, and then click Next.
Vision Infosystems (VIS)
Page No. : 27
6) On the Network Credentials page, type your domain name, in our case it is vision.com
7) To set up an Additional Domain Controller, you will need an account that must be either a
member of the Enterprise Admins group or the Domain Admins group.
8) To enter the Alternate credentials, click Set. In the Windows Security dialog box, enter the
user name and password for an account that must be either a member of the Enterprise Admins
group or the Domain Admins group > then click Next.
Vision Infosystems (VIS)
Page No. : 28
9) On the Select a Domain page, select the domain of the Additional Domain Controller, and
then click Next, as I already have only one domain, then it will be selected by default.
10) On the Select a Site page, either enable the checkbox beside Use the site that corresponds to
the IP address of this computer, this will install the domain controller in the site that corresponds
to its IP address, or select a site from the list and then click Next. If you only have one domain
controller and one site, then you will have the first option grayed and the site will be selected by
default as shown in the following image
11)On the Additional Domain Controller Options page, By default, the DNS Server and Global
Catalog checkboxes are selected. You can also select your additional domain controller to be a
Read-only Domain Controller (RODC) by selecting the checkbox beside it.
Vision Infosystems (VIS)
Page No. : 29
My primary domain controller is a DNS Server is well, and this can be verified by reading the
additional information written in the below image, that there is currently 1 DNS server that is
registered as an authoritative name server for this domain. I do want my Additional DC to be a
DNS server and a Global catalog, so I will keep the checkboxes selected. Click Next
12) If you select the option to install DNS server in the previous step, then you will receive a
message that indicates a DNS delegation for the DNS server could not be created and that you
should manually create a DNS delegation to the DNS server to ensure reliable name resolution.
If you are installing an additional domain controller in either the forest root domain (or a tree
root domain) , you do not need to create the DNS delegation. In this case, you can safely ignore
the message and click Yes.
13) In the Install from Media page ( will be displayed if you have selected Use advanced mode
installation on the Welcome page, if you didn't select it, then skip to step # 15), you can choose
to either replicate data over the network from an existing domain controller, or specify the
location of installation media to be used to create the domain controller and configure AD DS. I
want to replicate data over the network, so I will choose the first option > click Next
Vision Infosystems (VIS)
Page No. : 30
14) On the Source Domain Controller page of the Active Directory Domain Services Installation
Wizard, you can select which domain controller will be used as a source for data that must be
replicated during installation, or you can have the wizard select which domain controller will be
used as the source for this data. You have two options :
Vision Infosystems (VIS)
Page No. : 31
15) Now you will have to specify the location where the domain controller database, log files
and SYSVOL are stored on the server.
16) In the Directory Services Restore Mode Administrator Password (DSRM) page, write a
password and confirm it. This password is used when the domain controller is started in
Directory Services Restore Mode, which might be because Active Directory Domain Services is
not running, or for tasks that must be performed offline.
17) Summary page will be displayed showing you all the setting that you have set . It gives you
the option to export the setting you have setup into an answer file for use to automate subsequent
Vision Infosystems (VIS)
Page No. : 32
AD DS operations, if you wish to have such file, click on the Export settings button and save the
file. Then click Next to begin AD DS installation
18) Active Directory Domain Services installation will be completed, click Finish, then click on
Restart Now to restart your server for the changes to take effect.
19) Open Active Directory Users & Computers, and then click on the Domain Controllers
Organizational Unit, and you will see your Additional Domain Controller along with your
Primary Domain Controller.
Installation of Child Domain
To create a new domain in a new forest
1. Open the Active Directory Installation Wizard.
2. On the Domain Controller Type page, click Domain controller for a new domain, and
then click Next.
3. On the Create New Domain page, click Domain in a new forest, and then click Next.
4. On the New Domain Name page, type the full DNS name for the new domain, and then
click Next.
5. On the NetBIOS Domain Name page, verify the NetBIOS name, and then click Next.
6. On the Database and Log Folders page, type the location in which you want to install
the database and log folders, or click Browse to choose a location, and then click Next.
7. On the Shared System Volume page, type the location in which you want to install the
Sysvol folder, or click Browse to choose a location, and then click Next.
8. On the DNS Registration Diagnostics page, verify if an existing DNS server will be
authoritative for this forest or, if necessary, choose to install and configure DNS on this
server by clicking Install and configure the DNS server on this computer, and set this
computer to use this DNS server as its preferred DNS server, and then click Next.
9. On the Permissions page, select one of the following:
o Permissions compatible with pre-Windows 2000 Server operating systems
o Permissions compatible only with Windows 2000 or Windows Server 2003
operating systems
10. Review the Summary page, and then click Next to begin the installation.
No comments:
Post a Comment