You are on page 1of 2

Creating the Active Directory

After you have installed Windows Server 2003 on a stand-alone server, run the Active Directory Wizard to create the new Active Directory forest or domain, and then convert the Windows Server 2003 computer into the first domain controller in the forest. To convert a Windows Server 2003 computer into the first domain controller in the forest, follow these steps: 1. Insert the Windows Server 2003 CD-ROM into your computer's CD-ROM or DVD-ROM drive. 2. Click Start, click Run, and then type dcpromo. 3. Click OK to start the Active Directory Installation Wizard, and then click Next. 4. Click Domain controller for a new domain, and then click Next. 5. Click Domain in a new forest, and then click Next. 6. Specify the full DNS name for the new domain. Note that because this procedure is for a laboratory environment and you are not integrating this environment into your existing DNS infrastructure, you can use something generic, such as mycompany.local, for this setting. Click Next. 7. Accept the default domain NetBIOS name (this is "mycompany" if you used the suggestion in step 6). Click Next. 8. Set the database and log file location to the default setting of the c:\winnt\ntds folder, and then click Next. 9. Set the Sysvol folder location to the default setting of the c:\winnt\sysvol folder, and then click Next. 10. Click Install and configure the DNS server on this computer, and then click Next. 11. Click Permissions compatible only with Windows 2000 or Windows Server 2003 servers or operating systems, and then click Next. 12. Because this is a laboratory environment, leave the password for the Directory Services Restore Mode Administrator blank. Note that in a full production environment, this password is set by using a secure password format. Click Next. 13. Review and confirm the options that you selected, and then click Next. 14. The installation of Active Directory proceeds. Note that this operation may take several minutes. 15. When you are prompted, restart the computer. After the computer restarts, confirm that the Domain Name System (DNS) service location records for the new domain controller have been created. To confirm that the DNS service location records have been created, follow these steps: a. Click Start, point to Administrative Tools, and then click DNS to start the DNS Administrator Console. b. Expand the server name, expand Forward Lookup Zones, and then expand the domain. c. Verify that the _msdcs, _sites, _tcp, and _udp folders are present. These folders and the service location records they contain are critical to Active Directory and Windows Server 2003 operations.

Adding Users and Computers to the Active Directory Domain


After the new Active Directory domain is established, create a user account in that domain to use as an administrative account. When that user is added to the appropriate security groups, use that account to add computers to the domain. 1. To create a new user, follow these steps: a. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console. b. Click the domain name that you created, and then expand the contents. c. Right-click Users, point to New, and then click User. d. Type the first name, last name, and user logon name of the new user, and then click Next. e. Type a new password, confirm the password, and then click to select one of the following check boxes:

Account is disabled Click Next. f. Review the information that you provided, and if everything is correct, click Finish. After you create the new user, give this user account membership in a group that permits that user to perform administrative tasks. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps: On the Active Directory Users and Computers console, right-click the new account that you created, and then clickProperties. a. Click the Member Of tab, and then click Add. b. In the Select Groups dialog box, specify a group, and then click OK to add the groups that you want to the list. c. Repeat the selection process for each group in which the user needs account membership. d. Click OK to finish. The final step in this process is to add a member server to the domain. This process also applies to workstations. To add a computer to the domain, follow these steps: Log on to the computer that you want to add to the domain. a. Right-click My Computer, and then click Properties. b. Click the Computer Name tab, and then click Change. c. In the Computer Name Changes dialog box, click Domain under Member Of, and then type the domain name. Click OK. d. When you are prompted, type the user name and password of the account that you previously created, and then click OK. A message that welcomes you to the domain is generated. Click OK to return to the Computer Name tab, and then click OK to finish. Restart the computer if you are prompted to do so.

Users must change password at next logon (recommended for most users) User cannot change password Password never expires

e. f.

Before You Start


Before you start to configure your DNS, you must gather some basic information. Internic must approve some of this information for use on the Internet, but if you are configuring this server for internal use only, you can decide what names and IP addresses to use. You must have the following information: The IP address and host name of each server that you want to provide name resolution for. Note: The servers may be your mail servers, public access servers, FTP servers, WWW servers, and others. Before you configure your computer as a DNS, verify that the following conditions are true:

Your domain name (approved by Internic).

Your operating system is configured correctly. In the Windows Server 2003 family, the DNS service depends on the correct configuration of the operating system and its services, such as TCP/IP. If you have a new installation of a Windows Server 2003 operating system, then you can use the default service settings. You do not have to take additional action. You have allocated all the available disk space. All the existing disk volumes use the NTFS file system. FAT32 volumes are not secure, and they do not support file and folder compression, disk quotas, file encryption, or individual file permissions

Install DNS
1. Open Windows Components Wizard. To do so, use the following steps: a. Click Start, click Control Panel, and then click Add or Remove Programs. b. Click Add/Remove Windows Components. In Components, select the Networking Services check box, and then click Details. InSubcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then clickNext. If you are prompted, in Copy files from, type the full path of the distribution files, and then click OK.

2. 3. 4.

Configure DNS
1. 2. 3. Start the Configure Your Server Wizard. To do so, click Start, point to All Programs, point to Administrative Tools, and then click Configure Your Server Wizard. On the Server Role page, click DNS server, and then click Next. On the Summary of Selections page, view and confirm the options that you have selected. The following items should appear on this page:

Run the Configure a DNS Wizard to configure DNS If the Summary of Selections page lists these two items, click Next. If the Summary of Selections page does not list these two items, click Back to return to the Server Role page, click DNS, and then click Next. 4. When the Configure Your Server Wizard installs the DNS service, it first determines whether the IP address for this server is static or is configured automatically. If your server is currently configured to obtain its IP address automatically, the Configuring Components page of the Windows Components Wizard prompts you to configure this server with a static IP address. To do so: a. In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP), and then click Properties. b. In the Internet Protocols (TCP/IP) Properties dialog box, click Use the following IP address, and then type the static IP address, subnet mask, and default gateway for this server. c. In Preferred DNS, type the IP address of this server. d. In Alternate DNS, type the IP address of another internal DNS server, or leave this box blank. e. When you finish setting up the static addresses for your DNS, click OK, and then click Close. 5. After you click Close, the Configure a DNS Server Wizard starts. In the wizard, follow these steps: . On the Select Configuration Action page, select the Create a forward lookup zone check box, and then clickNext. a. To specify that this DNS hosts a DNS zone that contains DNS resource records for your network resources, on the Primary Server Location page, click This server maintains the zone, and then click Next. b. On the Zone Name page, in Zone name, specify the name of the DNS zone for your network, and then clickNext. The name of the zone is the same as the name of the DNS domain for your small organization or branch office. c. On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates, and then click Next. This makes sure that the DNS resource records for the resources in your network update automatically. d. On the Forwarders page, click Yes, it should forward queries to DNS servers with the following IP addresses , and then click Next. When you select this configuration, you forward all DNS queries for DNS names outside your network to a DNS at either your ISP or central office. Type one or more IP addresses that either your ISP or central office DNS servers use. e. On the Completing the Configure a DNS Wizard page of the Configure a DNS Wizard, you can click Back to change any of the settings. To apply your selections, click Finish. After you finish the Configure a DNS Wizard, the Configure Your Server Wizard displays the This Server is Now a DNS Serverpage. To review all the changes that you made to your server in the Configure Your Server Wizard or to make sure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at %systemroot%\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.

o o

Install DNS