Recipe15.1.Creating a New Active Directory Forest

Previous page
Table of content
Next page

Recipe 15.1. Creating a New Active Directory Forest

Problem

You want to promote a domain controller into an existing forest or create a new forest.

Solution

Using a graphical user interface

Run dcpromo from a command line or Start On a Windows 2000:

  1. Select Domain controller for a new domain and click Next.

  2. Select Create a new domain tree and click Next.

  3. Select Create a new forest of domain trees and click Next.

  4. Follow the rest of the configuration steps to complete the wizard.

On a Windows Server 2003:

  1. Select Domain controller for a new domain and click Next.

  2. Select Domain in a new forest and click Next.

  3. Follow the rest of the configuration steps to complete the wizard.

Discussion

To create a new forest you need to create a forest root domain. To do this, you need to use the dcpromo executable to promote a Windows 2000 or Windows Server 2003 server to be a domain controller for the new forest root domain. The dcpromo program has a wizard interface that requires you to answer several questions about the forest and domain you want to promote the server into. After dcpromo finishes, you will be asked to reboot the computer to complete the promotion process.

The two options dcpromo offers to create a new domain are adding the domain to an existing domain tree or starting a new domain tree. If you want to create a new domain that is a subdomain (contained within the same namespace) of a parent domain, you are creating a domain in an existing domain tree. If you are creating the first domain in a forest or a domain outside the namespace of the forest root, you are creating a domain in a new domain tree.

Each domain increases the support costs of Active Directory due to the need for maintaining additional domain controllers and time spent configuring and maintaining the domain. When designing an Active Directory forest, your goal should be to keep the number of domains to a minimum.

A good test to use before running dcpromo is the dcdiag command with the /test:dcpromo option. This command will examine the existing DNS infrastructure to see if any changes are required to accommodate the new domain controller (DC). With the /test option you must also specify /DnsDomain:<ADDomainName> where <ADDomainName> is the domain name that the DC will be promoted into. Then you need to include an option that specifics the type of operation you plan to perform, which can be one of /NewForest, /Newtree, /ChildDomain, or /ReplicaDC. See the dcdiag help information (run dcdiag /?) for more information.

The /test:dcpromo option is available only with the Windows Server 2003 version of dcdiag.


See Also

MS KB 238369 (HOW TO: Promote and Demote Domain Controllers in Windows 2000) and MS KB 255248 (HOW TO: Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain)


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Network Security Architectures
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Special Edition Using FileMaker 8
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy