You are on page 1of 4

SUMMARY

This article describes how to install and configure a new


Active Directory inst...
This article describes how to install and configure a new Active Directory installation
in a laboratory environment that includes Windows Server 2003 and Active Directory.
Note that you will need two networed servers that are running Windows Server 2003 for
this !ur!ose in a laboratory environment.
"ac to the to!
Creating the Active Directory
After you have installed Windows Server 2003 on a stand#alone server$ run the Active
Directory Wi%ard to create the new Active Directory forest or domain$ and then convert
the Windows Server 2003 com!uter into the first domain controller in the forest. To
convert a Windows Server 2003 com!uter into the first domain controller in the forest$
follow these ste!s&
'. (nsert the Windows Server 2003 )D#*+, into your com!uter-s )D#*+, or
D.D#*+, drive.
2. )lic Start$ clic Run$ and then ty!e dc!romo.
3. )lic O to start the Active Directory !nstallation "i#ard$ and then clic $e%t.
/. )lic Do&ain controller for a new do&ain$ and then clic $e%t.
0. )lic Do&ain in a new forest$ and then clic $e%t.
1. S!ecify the full DNS name for the new domain. Note that because this !rocedure
is for a laboratory environment and you are not integrating this environment into
your e2isting DNS infrastructure$ you can use something generic$ such as
mycom!any.local$ for this setting. )lic $e%t.
3. Acce!t the default domain Net"(+S name 4this is 5mycom!any5 if you used the
suggestion in ste! 16. )lic $e%t.
7. Set the database and log file location to the default setting of the c&8winnt8ntds
folder$ and then clic $e%t.
9. Set the Sysvol folder location to the default setting of the c&8winnt8sysvol folder$
and then clic $e%t.
'0. )lic !nstall and configure the D$S server on this co&'uter$ and then clic
$e%t.
''. )lic (er&issions co&'atible only with "indows )*** or "indows Server
)**+ servers or o'erating syste&s$ and then clic $e%t.
'2. "ecause this is a laboratory environment$ leave the !assword for the Directory
Services *estore ,ode Administrator blan. Note that in a full !roduction
environment$ this !assword is set by using a secure !assword format. )lic $e%t.
'3. *eview and confirm the o!tions that you selected$ and then clic $e%t.
'/. The installation of Active Directory !roceeds. Note that this o!eration may tae
several minutes.
'0. When you are !rom!ted$ restart the com!uter. After the com!uter restarts$
confirm that the Domain Name System 4DNS6 service location records for the
new domain controller have been created. To confirm that the DNS service
location records have been created$ follow these ste!s&
a. )lic Start$ !oint to Ad&inistrative Tools$ and then clic D$S to start
the DNS Administrator )onsole.
b. :2!and the server name$ e2!and ,orward -oo.u' /ones$ and then
e2!and the domain.
c. .erify that the ;msdcs$ ;sites$ ;tc!$ and ;ud! folders are !resent. These
folders and the service location records they contain are critical to Active
Directory and Windows Server 2003 o!erations.
"ac to the to!
Adding Users and Co&'uters to the Active Directory Do&ain
After the new Active Directory domain is established$ create a user account in that
domain to use as an administrative account. When that user is added to the a!!ro!riate
security grou!s$ use that account to add com!uters to the domain.
'. To create a new user$ follow these ste!s&
a. )lic Start$ !oint to Ad&inistrative Tools$ and then clic Active
Directory Users and Co&'uters to start the Active Directory <sers and
)om!uters console.
b. )lic the domain name that you created$ and then e2!and the contents.
c. *ight#clic Users$ !oint to $ew$ and then clic User.
d. Ty!e the first name$ last name$ and user logon name of the new user$ and
then clic $e%t.
e. Ty!e a new !assword$ confirm the !assword$ and then clic to select one
of the following chec bo2es&
<sers must change !assword at ne2t logon 4recommended for most
users6
<ser cannot change !assword
=assword never e2!ires
Account is disabled
)lic $e%t.
f. *eview the information that you !rovided$ and if everything is correct$
clic ,inish.
2. After you create the new user$ give this user account membershi! in a grou! that
!ermits that user to !erform administrative tass. "ecause this is a laboratory
environment that you are in control of$ you can give this user account full
administrative access by maing it a member of the Schema$ :nter!rise$ and
Domain administrators grou!s. To add the account to the Schema$ :nter!rise$ and
Domain administrators grou!s$ follow these ste!s&
a. +n the Active Directory <sers and )om!uters console$ right#clic the new
account that you created$ and then clic (ro'erties.
b. )lic the Me&ber Of tab$ and then clic Add.
c. (n the Select 0rou's dialog bo2$ s!ecify a grou!$ and then clic O to
add the grou!s that you want to the list.
d. *e!eat the selection !rocess for each grou! in which the user needs
account membershi!.
e. )lic O to finish.
2. The final ste! in this !rocess is to add a member server to the domain. This
!rocess also a!!lies to worstations. To add a com!uter to the domain$ follow
these ste!s&
a. >og on to the com!uter that you want to add to the domain.
b. *ight#clic My Co&'uter$ and then clic (ro'erties.
c. )lic the Co&'uter $a&e tab$ and then clic Change.
d. (n the Co&'uter $a&e Changes dialog bo2$ clic Do&ain under
Me&ber Of$ and then ty!e the domain name. )lic O.
e. When you are !rom!ted$ ty!e the user name and !assword of the account
that you !reviously created$ and then clic O.
A message that welcomes you to the domain is generated.
f. )lic O to return to the Co&'uter $a&e tab$ and then clic O to
finish.
g. *estart the com!uter if you are !rom!ted to do so.
"ac to the to!
Troubleshooting
You Cannot O'en the Active Directory Sna'1ins
After you have com!leted the installation of Active Directory$ you may not be able to
start the Active Directory <sers and )om!uters sna!#in$ and you may receive an error
message that indicates that no authority can be contacted for authentication. This can
occur if DNS is not correctly configured. To resolve this issue$ verify that the %ones on
your DNS server are configured correctly and that your DNS server has authority for the
%one that contains the Active Directory domain name. (f the %ones a!!ear to be correct
and the server has authority for the domain$ try to start the Active Directory <sers and
)om!uters sna!#in again. (f you receive the same error message$ use the D)=*+,+
utility to remove Active Directory$ restart the com!uter$ and then reinstall Active
Directory.
?or additional information about configuring DNS on Windows Server 2003$ clic the
following article numbers to view the articles in the ,icrosoft @nowledge "ase&
323370 4htt!&AAsu!!ort.microsoft.comAbA323370A:N#<SA 6 Bow To )onfigure DNS for
(nternet Access in Windows Server 2003
32/209 4htt!&AAsu!!ort.microsoft.comAbA32/209A:N#<SA 6 Bow To )onfigure DNS in a
New orgrou! :nvironment in Windows Server 2003
323/'7 4htt!&AAsu!!ort.microsoft.comAbA323/'7A:N#<SA 6 Bow To (ntegrate DNS with
an :2isting DNS (nfrastructure (f Active Directory (s :nabled in Windows Server 2003
323/'3 4htt!&AAsu!!ort.microsoft.comAbA323/'3A:N#<SA 6 Bow To (ntegrate Windows
Server 2003 DNS with an :2isting DNS (nfrastructure in Windows Server 2003
32/210 4htt!&AAsu!!ort.microsoft.comAbA32/210A:N#<SA 6 Bow To )onfigure DNS
*ecords for Cour Web Site in Windows Server 2003
323//0 4htt!&AAsu!!ort.microsoft.comAbA323//0A:N#<SA 6 Bow To )reate a New Done
on a DNS Server in Windows Server 2003
"ac to the to!
$ote This is a 5?AST =<">(SB5 article created directly from within the ,icrosoft
su!!ort organi%ation. The information contained herein is !rovided as#is in res!onse to
emerging issues. As a result of the s!eed in maing it available$ the materials may
include ty!ogra!hical errors and may be revised at any time without notice. See Terms of
<se 4htt!&AAgo.microsoft.comAfwlinAE>in(dF'0'0006 for other considerations.