Installing Active Directory

team lib

In Windows NT, you set up each server's type during installation. The server's function could be in one of the following roles:

  • Stand-alone/member server

  • PDC

  • BDC

With the exception of PDC/BDC swapping, a server's role could not be changed without reinstalling the software. For example, it wasn't possible to change a member server to a domain controller without reinstalling Windows NT.

Windows Server 2003 has left all that behind by allowing you to install all servers as normal servers. You can use a wizard (covered in the following section) to convert normal servers to domain controllers, or domain controllers to normal servers. This facility also gives you the ability to move domain controllers from one domain to another by demoting a domain controller to a member server and then promoting it to a domain controller in a different domain. In the Windows NT environment, demoting and promoting domain controllers typically requires reinstalling the operating system or jumping through some pretty major hoops.

Promoting domain controllers

Windows Server 2003 allows you to convert servers from normal servers to domain controllers and vice versa. To do this, you use the Active Directory Installation Wizard. This wizard can be accessed through the Configure Your Server tool (Start All Programs Administrative Tools Configure Your Server - see Chapter 10) or by executing DCPROMO from the Run command (or Command Prompt). The Active Directory Installation Wizard can be used also to remove Active Directory from a domain controller; this returns the system to a member server state. For the step-by-steps to installing Active Directory and creating a domain controller, go to Chapter 10 and review the "Planting your first forest" section.

Active Directory's database and shared system volume

Although you should think of Active Directory as an information bubble, it's stored in file form on each domain controller in the file named %systemroot%\NTDS\ntds.dit. This file is always open and cannot be backed up using a simple file copy operation. However, like old methods for backing up SAM in Windows NT 4.0, the new NTBACKUP program included with Windows Server 2003 includes an option to take a snapshot of Active Directory and back up that information (this option is called System State). There's even a special directory restoration mode you must boot into to restore an Active Directory backup! (Chapter 17 covers backups in detail.)

The share system volume , or SYSVOL, is the replication root for each domain. Its contents are replicated to each domain controller in the domain using the File Replication Service. The SYSVOL must reside on an NTFS 5.0 volume, because that's a File Replication Service requirement.

SYSVOL is also a share that points (by default) to %systemroot%\SYSVOL\sysvol , which contains domain-specific areas, such as logon scripts. For example, the logon share NETLOGON for domain savilltech.com points to %systemroot%\SYSVOL\sysvol\savilltech.com\SCRIPTS . You can simply copy files used for logging on to or log off this directory, and the change will be replicated to all other domain controllers in the next replication interval (which by default is set to 15 minutes).

Modes of domain operation

Windows Server 2003 domains operate in four modes: mixed, native, .NET, and .NET interim. Mixed-mode domains allow Windows NT 4.0 BDCs to participate in a Windows Server 2003 domain. In native mode , only Windows Server 2003-based and Windows 2000-based domain controllers can participate in the domain, and Windows NT 4.0-based BDCs can no longer act as domain controllers. In .NET mode , only servers running Windows Servers 2003 can act as domain controllers. The .NET interim mode is used when upgrading a Windows NT 4.0 domain to the first domain in a new Windows 2003 forest.

Warning 

The switch from mixed to native mode or native mode to .NET mode can't be reversed , so don't change the mode until all domain controllers are converted to Windows Server 2003 or Windows 2000 for native mode or just Windows Server 2003 for .NET mode. Also, note that you can't add any Windows NT 4.0-based BDCs after the mode of the domain is switched.

In addition, the switch to native mode allows the use of universal groups , which, unlike global groups, can be nested inside one another. Older NetBIOS-based clients will still be able to log on using the NetBIOS domain name even in native mode. Universal groups are supported also in .NET mode.

Warning 

Changing the domain's mode is known as raising a domain's functionality. You can choose to step up to native mode from mixed mode, step up to .NET mode from native mode, or jump directly to .NET mode from mixed mode. Just be careful: This is a one-way switch. After you raise the functionality, you'll have to reinstall to return to a lower functionality.

To raise a domain's functionality, perform the following steps on a Windows Server 2003 domain controller:

  1. Start Active Directory Domains and Trusts (Start Administrative Tools Active Directory Domains and Trusts).

  2. Select the domain you want to change.

  3. Choose Action Raise Domain Functional Level.

    The Raise Domain Functionality dialog box appears.

  4. Use the pull-down list to select Windows 2000 native or Windows.NET Server 2003 mode, and then click Raise.

    A confirmation message is displayed.

  5. Click OK.

    A warning is displayed stating that the domain mode change can take up to 15 minutes.

  6. Click OK.

You also need to check all other domain controllers in the domain. Make sure each domain lists the correct mode on its properties dialog box (right-click the domain and select Properties). If any domain controller is not reflecting the change after 15 to 20 minutes, reboot it. This forces a replication.

If a domain controller can't be contacted when you make the change (for example, if it's located at a remote site and connects to the main site only periodically), the remote domain controller will switch its mode the next time replication occurs.

team lib


Windows Server 2003 for Dummies
Windows Server 2003 for Dummies
ISBN: 0764516337
EAN: 2147483647
Year: 2003
Pages: 195

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net