How do I install Active Directory on my Windows Server 2003 server?

http://www.petri.co.il/how_to_install_active_directory_on_windows_...

How do I install Active Directory on my Windows Server 2003 server?
by Daniel Petri - January 8, 2009 Printer Friendly Version

First make sure you read and understand Active Directory Installation Requirements. If you don't comply with all the requirements of that article you will not be able to set up your AD (for example: you don't have a NIC or you're using a computer that's not connected to a LAN). Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as a new replica DC in an existing domain. In order to install a Windows Server 2003 DC in an EXISTING Windows 2000 Domain follow the Windows 2003 ADPrep tip. Windows 2000 Note: If you plan to install a new Windows 2000 DC please read How to Install Active Directory on Windows 2000. Windows 2008 Note: Install Active Directory on Windows Server 2008 provides complete instruction details for working with Windows Server 2008. Windows Server 2003 Note: If you plan to install a new Windows Server 2003 DC in an existing AD forest please read the page BEFORE you go on, otherwise you'll end up with the following error:

Here is a quick list of what you must have: An NTFS partition with enough free space An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows Server 2003 CD media (or at least the i386 folder) Brains (recommended, not required...) This article assumes that all of the above requirements are fulfilled.

Step 1: Configure the computer's suffix
1 of 8

17/08/2010 1:04 PM

Click Ok to restart. Make sure you got it right. and then click Properties. Set the computer's NetBIOS name. Click Ok. Read more about it on my Windows 2003 Domain Rename Tool page. this CAN be changed after the computer has been promoted to Domain Controller. can be done via the Dcpromo process). Although the domain name CAN be changed after the computer has been promoted to Domain Controller. You'll get a warning window. 4. In Windows Server 2003.How do I install Active Directory on my Windows Server 2003 server? http://www. I thought I did it right. then Change. Configure TCP/IP 1. Click the Computer Name tab. 11. 3. 2. 10. this is not a procedure that one should consider lightly. Double-click Network and Dial-up Connections. Click Ok. especially because on the possible consequences. 2 of 8 17/08/2010 1:04 PM . 3.co. No spelling mistakes.. no "oh. 7. Click Start. Click Ok. Check your settings. 12.".petri. 8. Step 2: Configuring the computer's TCP/IP settings You must configure the would-be Domain Controller to use it's own IP address as the address of the DNS server. (Not mandatory. Right-click Local Area Connection. Click More. In the Primary DNS suffix of this computer box enter the would-be domain name. 2. 5.. You'll get a warning window. Right click My Computer and choose Properties.. 1. 9.il/how_to_install_active_directory_on_windows_. so it will point to itself when registering SRV records and when querying the DNS database. point to Settings and then click Control Panel. 6.. See if they're correct.

13. Click OK to close the Advanced TCP/IP Settings properties. it is assumed that the DC will also be it's own DNS server. Click the DNS Tab.il/how_to_install_active_directory_on_windows_. 10. 12. 11. Creating a Standard Primary Forward Lookup Zone 1. Furthermore. If that is not the case. point to All Programs.Note: This is true if the server itself will also be it's own DNS server. If this is not the case. 5. Click OK to close the Local Area Connections properties. Enter the server's IP address in the Preferred DNS server box.enter that server's IP address instead: 6. Click Internet Protocol (TCP/IP). If this Windows 2000/2003-based DNS server is on an intranet. This article assumes that you already have the DNS service installed. Select "Append primary and connection specific DNS suffixes" Check "Append parent suffixes of the primary DNS suffix" Check "Register this connection's addresses in DNS". Click Start. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone. it should have a forwarder configured.How do I install Active Directory on my Windows Server 2003 server? http://www. and then click Properties. 7..co. can be done via the Dcpromo process). you'll end up with errors and the process will fail. it should only point to its own IP address for DNS. 3 of 8 17/08/2010 1:04 PM . and if you try to run DCPROMO without doing so. If this server needs to resolve names on the Internet. you MUST configure another Windows 2000/2003 server as the DNS server. Step 3: Configure the DNS Zone (Not mandatory. Click OK to accept the changes to your TCP/IP configuration. 4. 8. and then click DNS Manager. Assign this server a static IP address. 9. please read Create a New DNS Server for AD. subnet mask.petri. Click Advanced. and gateway address.. point to Administrative Tools. do not enter IP addresses for other DNS servers here. If you have another operational Windows 2000/2003 server that is properly configured as your DNS server (read my Create a New DNS Server for AD page) .

2. Click Primary. Check the spelling on your zone and compare it to the suffix you created in step 1. In the IP address box enter the IP address of the DNS servers you want to forward queries to typically the DNS server of your ISP. Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. zone.net". 7. and click Properties. 3. and then click Next.co. click "Allow both nonsecure and secure dynamic updates"..net". or "net".net".How do I install Active Directory on my Windows Server 2003 server? http://www. Click Next. Type the name of the 5. or be a logical DNS container for that name. For example. 2.petri. Accept the default name for the new zone file. Notice that the computer should by now be listed as an A Record in the right pane. Click Finish. and then click Next. 4. Right click the DNS Server object for your server in the left pane of the console. 5.. Enable DNS Forwarding for Internet connections (Not mandatory) 1. and if it does not respond within a given time limit .dpetri. Click OK. Click Next. Check your IP settings. The name of the zone must be the same as the name of the Active Directory domain. Click the Forwarders tab.. 4 of 8 17/08/2010 1:04 PM .dpetri. To be able to accept dynamic updates to this new zone.. duh.). You can also move them up or down.the query will be forwarded to the next server in the list. "dpetri. if the Active Directory domain is named "lab. Go to the Command Prompt (CMD) and run "ipconfig /registerdns" (no quotes. legal zone names are "lab.il/how_to_install_active_directory_on_windows_. 6. 3. open the new zone and refresh it (F5). Start the DNS Management Console. Right click Forward Lookup Zones and choose to add a new zone. You should now make sure your computer can register itself in the new zone. 4. The one that is highest in the list gets the first try. Go back to the DNS console. If it's not there try to reboot (although if it's not there a reboot won't do much good).

. don't worry about it). point to Run and type "dcpromo". 3. In the Operating System Compatibility windows read the requirements for the domain's clients and if you like what you see .petri. Enter the full DNS name of the new domain. For example.kuku. can't you? Step 4: Running DCPROMO After completing all the previous steps (remember you didn't have to do them) and after double checking your requirements you should now run Dcpromo. for example .168. and the same as the computer name suffix you've created in 5 of 8 17/08/2010 1:04 PM .0 (DNS will append a long name to it. 6. Choose Create a new Domain in a new forest and click Next. I guess you can do it on your own by now.this must be the same as the DNS zone you've created in step 3.press Next. if your IP address is 192. 4. Creating a Standard Primary Reverse Lookup Zone You can (but you don't have to) also create a reverse lookup zone on your DNS server.co. Click Start. Choose Domain Controller for a new domain and click Next.co. The zone's name will be the same as your TCP/IP Network ID. 2.200.0..il .How do I install Active Directory on my Windows Server 2003 server? http://www.168. 1. 5.exe from the Run command. then the zone's name will be 192.il/how_to_install_active_directory_on_windows_. You should also configure the new zone to accept dynamic updates. The wizard windows will appear. Click Next.

in this case it's KUKU. 11. Click Next. Accept the the down-level NetBIOS domain name. 6 of 8 17/08/2010 1:04 PM . and you should not change it unless you have performance issues in mind. 2 and 3. 12.petri.How do I install Active Directory on my Windows Server 2003 server? http://www.co.. Click Next.".il/how_to_install_active_directory_on_windows_. In Windows Server 2003 this password can be later changed via NTDSUTIL.. Click Next 8. Accept the Sysvol folder location dialog box (unless you want to change it of course). or it did contact it but could not find a zone with the name of the future domain. 9. select "Install and configure the DNS server. If you want. create the appropriate zone. configure it to accept dynamic updates. you'll get a confirmation window. Go back to steps 1. This folder will hold all the GPO and scripts you'll create. Click Next. The location of the files is by default %systemroot%SYSVOL.. Accept the Database and Log file location dialog box (unless you want to change them of course). Just click Next.You have an option to let Dcpromo do the configuration for you. If your DNS server. The location of the files is by default %systemroot%\NTDS.To let Dcpromo do the work for you. If your DNS settings were right. 7. Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings. unless you have legacy apps running on Pre-W2K servers. 10. Otherwise. Click Next. This step might take some time because the computer is searching for the DNS server and checking to see if any naming conflicts exist. zone and/or computer name suffix were not configured correctly you will get the following warning:This means the Dcpromo wizard could not contact the DNS server. Dcpromo can install the DNS service. You should check your settings. and configure the TCP/IP settings for the DNS server IP address. Click Next.. and will be replicated to all other Domain Controllers. step 1. Enter the Restore Mode administrator's password. and you should not change it unless you have performance issues in mind.0 partition. you can accept the default choice and then quit Dcpromo and check steps 1-3. 13. This folder must be on an NTFS v5. Click Ok.

How do I install Active Directory on my Windows Server 2003 server? http://www. Review your settings and if you like what you see .il/how_to_install_active_directory_on_windows_. Run Active Directory Sites and Services. see that the Administrative Tools folder has all the AD management tools installed.. your AD functions will be broken (a good sign of that is the long time it took you to log on. either with the computer suffix name or with the IP address of the DNS server (see steps 1 through 3).). Whatever you do . and that in it your server is listed. If you see you made a mistake and want to undo it. Step 5: Checking the AD installation You should now check to see if the AD installation went well.petri. Run Active Directory Users and Computers (or type "dsa. 1. 4. Another reason for the lack of SRV records (and of all other records for that matter) is the fact that you DID configure the DNS server manually. See the wizard going through the various stages of installing AD. 3. 18. If they don't (like in the following screenshot). The "Preparing Network Connections" windows will sit on the screen for many moments. 15.. = BadThis might happen if you did not manually configure your DNS server and let the DCPROMO process do it for you.msc" from the Run command).NEVER click Cancel!!! You'll wreck your computer if you do. If all went well you'll see the final confirmation window.Click Next.co.. remember? Duh. you'd better let the wizard finish and then run it again to undo the AD. but you made a mistake. 14. See that within it you have the 4 SRV record folders. First. 17. See that all OUs and Containers are there. 2. See that you have a zone with the same name as your AD domain (the one you've just created. Click Finish. You must reboot in order for the AD to function properly. They must exist. Click Restart now. and even when you do log on many AD operations will give you errors when trying to perform them). Open the DNS console. 16.. = Good 7 of 8 17/08/2010 1:04 PM . See that you have a site named Default-First-Site-Name.

9. 8. Right-click the zone you created. 7. Let it finish. Check the SYSVOL folder for the presence of the required subfolders. On the General tab. Also check the computer's suffix (see step 1). Check the NTDS folder for the presence of the required files. 8 of 8 17/08/2010 1:04 PM . If the 4 SRV records are still not present double check the spelling of the zone in the DNS server. groups and other objects in place. click your zone and refresh it (F5). 6. click to select "Nonsecure and secure" from the drop-down list. and then click OK to accept the change. but if you have a spelling mistake you'd be better off by removing the AD now. You won't be able to change the computer's suffix after the AD is installed. type "net start netlogon". I think it's safe to say that your AD is properly installed..co. AWS Privacy Policy | Contact | Advertise ©2010 Blue Whale Web Inc. If all of the above is ok.. If all is ok you'll now see the 4 SRV record folders. go back to the DNS console. under Dynamic Update. and then after repairing the mistake . before you have any users.You can do it from the Services console in Administrative tools: Or from the command prompt type "net stop netlogon".il/how_to_install_active_directory_on_windows_. To try and fix the problems first see if the zone is configured to accept dynamic updates. and their location. 5. and then click Properties.You should now restart the NETLOGON service to force the SRV registration. and after it finishes.re-running DCPROMO. Check to see if you have the SYSVOL and NETLOGON shares. If not. It should be exactly the same as the AD Domain name.How do I install Active Directory on my Windows Server 2003 server? http://www.petri. read Troubleshooting Dcpromo Errors and re-read steps 1-4 in this article.

Sign up to vote on this title
UsefulNot useful