Like AD's features, the number of AD configurations is almost limitless. Therefore, we make a number of assumptions in this section:
You are using a test computer for these tutorials, and not a computer that is in actual production.
Your Start Menu is configured to display both My Computer and My Network Places (configurable by right-clicking the taskbar , choosing Properties , clicking the Start Menu tab, clicking Customize , and checking the relevant items).
You have installed Windows Server 2003 on a separate NT File System (NTFS) formatted drive partition of at least 5GB in size and have a second NTFS hard drive connected to the system of 10GB or larger.
You have only one network interface card (NIC) attached to the test server.
You have at least two test computers running Windows 2000 Professional or Windows XP Professional; optionally , you may have two more test computers for Windows 98 and Me testing.
We are using a private IP address on the 192.168.1.x subnet.
We are using a fictitious domain name of guinea.pig
In case you're not familiar with a private subnet , here's a brief description. IP addresses based on the above 192.168.1.x (where the letter "x" stands for a number between 1 and 254) are reserved for internal network use, and cannot exist publically on the internet. For this reason, they are common on corporate and educational networks, which need IP enabled computers but don't want every machine accessing the internet. However, if internet access is required for this block of IP addresses, a system called Network Address Translation (NAT) was devised. NAT works by relaying the non-routable IPs' information to a single, internet-aware IP address. That single address then sends all request made by the 192.168.1.x block of IPs to the internet.
Before we actually start the promotion of our server to an AD Domain Controller, there are a few housekeeping chores that we must do. We must change the server's IP address to reflect the private IP address block discussed above, and also change its name on the network.
Boot Windows Server 2003 and log in as an administrator. The Administrator account was set up when you first installed the server.
Once the system is booted , right-click the My Network Places icon on the desktop and choose Properties .
On the window that appears, right-click the icon labeled Local Area Connection and choose Properties .
A list appears. Double-click the item labeled Internet Protocol (TCP/IP) .
Choose Use the Following IP Address and enter 192.168.1.1 for the IP address ; 255.255.255.0 for the subnet mask , and leave the Default Gateway blank. In the first DNS servers field, enter the IP address of your internet service provider's DNS. If you don't have one available, enter 192.168.1.1 . Leave the second DNS field blank. Click OK twice.
Right-click My Computer and choose Properties . Click the Computer Name tab at the top of the window.
Click the Change button, enter DC01 in the Computer name field, select the Workgroup item, and enter Workgroup in the field:
Click OK three times, accepting the warning that the computer needs to be restarted.
Restart the server.
Boot Windows Server 2003 and log in as the administrator.
Once the system is up, click the Start Menu and click Run.
Erase any text in the window that appears, type dcpromo , and hit Enter .
The Active Directory installation wizard appears:
Click Next . The next window warns of compatibility problems with older versions of Microsoft operating systems. Read the warning and click Next .
Since we're creating a completely new domain from scratch, select Domain controller for a new domain and click Next .
On the next screen, select Domain in a new forest and click Next .
The next screen asks for the full DNS name of the domain that we want to create. For this exercise, type guinea.pig in the box provided, and click Next .
|Get Info|| |
In the past, Microsoft has been plagued with security issues with its desktop and server operating systems. As a result, Microsoft has taken steps to reduce these shortcomings. This means dropping or reducing support for older operating systems. In particular, Windows 95 and Windows NT 4 Service Pack 3 and earlier have a definite dress code at our Active Directory party. Windows 95 must have the DSClient.exe installed in order to join the domain and connect to our server. Unfortunately, the DSClient is available only on the Windows 2000 Server CD. The best strategy is to upgrade your 95 computers. Windows NT 4 SP3 and earlier should be upgraded to Service Pack 6a or updated to Microsoft's newest operating system.
The next screen asks for the NetBIOS name of our server. The NetBIOS name is used by earlier versions of Windows that don't use DNS as their primary means of identifying the domain guinea.pig. In this case, the name is truncated to GUINEA. Leave this box as is, and click Next .
The AD installer now asks you to specify the locations to save the AD database and log files. Ideally for enhanced performance, these should be on a separate hard disk, formatted in the NTFS format. However, the defaults shown will work. You may change the locations of these files by using the Browse buttons located next to each text field.
The next screen asks for a location in which to keep the SYSVOL folder. The SYSVOL folder houses public files on the domain controller that are replicated to other domain controllers if they are present. Accept the default and click Next .
Active Directory relies heavily on DNS, and so our server must be able to provide this service. The AD installer prompts you to install and configure the DNS server. Select the option marked Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS server as shown below. Click Next .
|Get Info|| |
DNS (Domain Name Service), is the network standard that translates IP addresses, such as 192.168.1.1, into names that real people can actually understand (such as dc01.guinea.pig). Most of the time, the DNS name is registered with an internet naming authority such as internic.com; that's how other people can reach a web site by simply typing its domain name into a browser instead of a cumbersome IP address. However, it is possible to have a server running a DNS naming scheme that is not registered for outside internet use, reserved only for an internal corporate network or for testing.
The installer now asks for information on your server working environment. If you plan on running server based applications on your server and these applications require older Microsoft server operating systems (pre-Windows 2000/2003 Server), then select the first option. If, however, you know for a fact that the applications running on your server have no problems with the newer Windows 2000/2003 Server AD architecture, then select the second option. The second option is a bit more secure, as anonymous users are not allowed to see information on the domain. For this exercise, we use the second option:
The final data entry screen for the AD installation wizard asks you for another administrator password. This password is different from the administrator password that you entered when first installing Windows Server 2003. The password you enter on this screen allows you to access the server when it starts in Directory Services Restore Mode , a special mode used when restoring backup information. Enter whatever password you wish here, and click Next ( Note: always remember your passwords ).
The window presents you with a summary of the data entered through the AD installation wizard. Click Next . The installer configures AD for your server. You may need to insert the Windows Server 2003 CD in order to continue. Once the installation completes, restart the server when prompted.
Congratulations! You now have a living, breathing AD Domain Controller.