Lesson 1: Installing Active Directory

This lesson presents information on installing and removing Active Directory including using the Active Directory Installation Wizard. The lesson also discusses the database and shared system volume that Active Directory creates during installation and setting up Domain Name System (DNS) for Active Directory. Finally, the lesson discusses domain modes.


After this lesson, you will be able to

  • Install Active Directory
  • Remove Active Directory from a domain controller

Estimated lesson time: 25 minutes


The Active Directory Installation Wizard

The Active Directory Installation Wizard can perform the following tasks:

  • Add a domain controller to an existing domain
  • Create the first domain controller of a new domain
  • Create a new child domain
  • Create a new domain tree
  • Install a DNS server
  • Create the database and database log files
  • Create the shared system volume
  • Remove Active Directory services from a domain controller

To launch the Active Directory Installation Wizard, run Configure Your Server on the Administrative Tools menu of the Start menu, or run dcpromo from the command prompt. These two methods run the Active Directory Installation Wizard on a standalone server and help you through the process of installing Active Directory on the computer and creating a new domain controller.

As you install Active Directory, you can choose whether to add the new domain controller to an existing domain or create the first domain controller for a new domain.

Adding a Domain Controller to an Existing Domain

If you choose to add a domain controller to an existing domain, you create a peer domain controller. You create peer domain controllers for redundancy and to reduce the load on the existing domain controllers.

Creating the First Domain Controller for a New Domain

If you choose to create the first domain controller for a new domain, you create a new domain. You create domains on your network to partition your information, which enables you to scale Active Directory to meet the needs of your organization. When you create a new domain, you can create a new child domain or a new tree. Table 17.1 describes creating a new child domain and creating a new domain tree.

Table 17.1 Creating New Domains

Creating a new domain Description
New child domain When you create a child domain, the new domain is a child domain in an existing domain.
New domain tree When you create a new tree, the new domain is not part of an existing domain. You can create a new tree in an existing forest, or you can create a new forest.

Configuring DNS for Active Directory

Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. To find a domain controller in a particular domain, a client queries DNS for resource records that provide the names and Internet Protocol (IP) addresses of the Lightweight Directory Access Protocol (LDAP) servers for the domain. LDAP is the protocol used to query and update Active Directory, and all domain controllers run the LDAP service. You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. However, you can install DNS separately without Active Directory.

You can configure your Windows 2000 DNS server automatically using the Active Directory Installation Wizard. Unless you are using a DNS server other than Windows 2000 or you want to perform a special configuration, you do not need to manually configure DNS to support Active Directory. However, if you want to set up a configuration other than the default configuration that the Active Directory Installation Wizard sets up, you can manually configure DNS using the DNS console.

The Database and Shared System Volume

Installing Active Directory creates the database and database log files, as well as the shared system volume. Table 17.2 describes these files.

Table 17.2 Types of Files Created by Installing Active Directory directory services

Type of file created Description
Database and database log files The database is the directory for the new domain. The default location for the database and database log files is systemroot\Ntds, where systemroot is the Windows 2000 directory. For best performance, place the database and the log file on separate hard disks.
Shared system volume The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the group policy objects for both the current domain and the enterprise. The default location for the shared system volume is systemroot\Sysvol. The shared system volume must be located on a partition or volume formatted with Microsoft Windows NT file system (NTFS) 5.0.

Replication of the shared system volume occurs on the same schedule as replication of Active Directory. As a result, you may not notice file replication to or from the newly created system volume until two replication periods have elapsed (typically, 10 minutes). This is because the first file replication period updates the configuration of other system volumes so that they are aware of the newly created system volume.

Domain Modes

There are two domain modes: Mixed mode and Native mode.

Mixed Mode

When you first install or upgrade a domain controller to Windows 2000 Server, the domain controller is set to run in Mixed mode. Mixed mode allows the domain controller to interact with any domain controllers in the domain that are running previous versions of Windows NT.

Native Mode

When all the domain controllers in the domain run Windows 2000 Server, and you do not plan to add any more pre—Windows 2000 domain controllers to the domain, you can switch the domain from mixed mode to Native mode.

During the conversion from Mixed mode to Native mode, the following changes take place:

  • Support for pre—Windows 2000 replication ceases. Because pre—Windows 2000 replication is gone, you can no longer have any domain controllers in your domain that are not running Windows 2000 Server.
  • You can no longer add new pre—Windows 2000 domain controllers to the domain.
  • The server that served as the primary domain controller (PDC) during migration is no longer the domain master, and all domain controllers begin acting as peers.

NOTE


The change from Mixed mode to Native mode is one way only; you cannot change from Native mode to Mixed mode.

Follow these steps to change the domain mode to Native mode:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click the domain and then click Properties.
  3. On the General tab, click Change Mode.
  4. In the Active Directory message box, click Yes, and then click OK.
  5. Restart your computer.

Removing Active Directory Services from a Domain Controller

Running dcpromo from the Run dialog box on an existing domain controller allows you to remove Active Directory from the domain controller, thus demoting it to a member server. If the domain controller is the last domain controller in the domain, it becomes a standalone server. If you remove Active Directory from all domain controllers in a domain, you also delete the directory database for the domain, and the domain no longer exists. Computers joined to this domain can no longer log on to the domain or use domain services.

Follow these steps to remove Active Directory from a domain controller:

  1. Log on as Administrator.
  2. Click Start, click Run, and then type dcpromo in the Open box and click OK.

    The Active Directory Installation Wizard appears.

  3. Click Next on the Welcome To The Active Directory Installation Wizard page.
  4. If the server is the last domain controller in the domain, select the check box, and then click Next.
  5. Enter a user name and password with Enterprise Administrator privileges for the domain, and then click Next.
  6. Enter and confirm the password to be assigned to the server Administrator account, and then click Next.
  7. Click Next on the Summary page.
  8. Click Finish to complete the removal of Active Directory from the computer.

Practice: Installing Active Directory

In this practice you install Active Directory on your standalone server, which makes the server a domain controller of a new domain. In Exercise 1 you use the DCPROMO program and Active Directory Installation Wizard to install Active Directory. In Exercise 2 you view the domain you have created. In Exercise 3 you are introduced to the Active Directory Users and Computers console. In Exercise 4 you confirm that the DNS service is working.

Exercise 1: Promoting a Standalone Server to a Domain Controller

In this exercise, you run DCPROMO to install the Active Directory service on your standalone server, making it a domain controller in a new domain, in a new tree, and in a new forest.

  1. Restart your computer and log on as Administrator.
  2. If the Windows 2000 Configure Your Server page opens, close it because the dcpromo program will be used instead to accomplish the tasks in this practice.
  3. Click Start and then click Run.

    The Run dialog box appears.

  4. Type dcpromo in the Open box and click OK.

    The Active Directory Installation Wizard appears.

  5. Click Next.

    The Domain Controller Type page appears.

  6. Select Domain Controller For A New Domain, and then click Next.

    The Create Tree Or Child Domain page appears.

  7. Ensure that Create A New Domain Tree is selected, and then click Next.

    The Create Or Join Forest page appears.

  8. Select Create A New Forest Of Domain Trees, and then click Next.

    The New Domain Name page appears.

  9. In the Full DNS Name For New Domain box, type microsoft.com and click Next.

    (If you are not using microsoft.com as your DNS domain name, type the name you are using for your DNS domain name.)

    After a few moments, the NetBIOS Domain Name page appears.

  10. Ensure that MICROSOFT (or a shortened form of the DNS name you have chosen) appears in the Domain NetBIOS Name box, and then click Next.

    The Database and Log Locations page appears.

  11. Ensure that systemroot\NTDS is the location of both the database and the log and click Next. (If you did not install Windows 2000 in the WINNT directory, both locations should default to the NTDS folder in the folder where you installed Windows 2000.)

    The Shared System Volume page appears.

  12. Ensure that the SYSVOL folder location is systemroot\SYSVOL. (If you did not install Windows 2000 in the WINNT directory, the SYSVOL location should default to a SYSVOL folder in the folder where you installed Windows 2000.)

    What is the one SYSVOL location requirement?

    What is the function of SYSVOL?

    Answer

  13. Click Next to accept systemroot\SYSVOL (or the path where you installed Windows 2000) as the path for Sysvol.

    The Active Directory Installation Wizard message box appears, reminding you to install and configure a DNS server. Click OK. The Configure DNS page appears.

  14. Select Yes, Install And Configure DNS On This Computer, and then click Next.

    The Permissions page appears.

  15. Unless your network administrator tells you to do otherwise, select Permissions Compatible Only With Windows 2000 Servers, and then click Next.

    The Directory Services Restore Mode Administrator Password page appears.

  16. Type the password you want to assign to this server's Administrator account in the event the computer is started in Directory Services Restore mode, and then click Next.

    The Summary page appears, listing the options that you selected.

  17. Review the contents of the Summary page, and then click Next.

    The Configuring Active Directory progress indicator appears as the Active Directory service is installed on the server. This process takes several minutes, during which you are prompted to place the Windows 2000 Server CD-ROM into your CD-ROM drive.

  18. When the Completing The Active Directory Installation Wizard page appears, click Finish, and then click Restart Now.

Exercise 2: Viewing Your Domain using My Network Places

In this exercise, you view your domain to verify Active Directory installation.

  1. Log on as Administrator.
  2. If the Windows 2000 Configure Your Server page appears, close it.
  3. Double-click My Network Places.

    The My Network Places window appears.

    What selections do you see?

    Answer

  4. Double-click Entire Network, and then double-click Microsoft Windows Network.

    What do you see?

    Answer

  5. Close the Microsoft Windows Network window.

Exercise 3: Viewing a Domain Using the Active Directory Users And Computers Console

In this exercise, you use the Active Directory Users And Computers console to view your domain.

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users And Computers.

    Windows 2000 displays the Active Directory Users And Computers console.

  2. In the console tree, double-click microsoft.com (or the name of your domain).

    What selections are listed under microsoft?

    Answer

  3. In the console tree, click Domain Controllers.

    Notice that SERVER01 appears in the details pane. If you did not use SERVER01 as your server name, the DNS name of your server appears in the details pane.

  4. Close the Active Directory Users And Computers console.

Exercise 4: Testing Your DNS Server

In this exercise, you confirm that your DNS service is working.

  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. The DNS console appears. In the DNS console tree, right-click SERVER01 (or the name of your server), and then click Properties.

    The SERVER01 Properties dialog box appears. (If you did not use SERVER01 as your server name, the dialog box reflects your server name.)

  3. Click the Monitoring tab.
  4. Under Select A Test Type, select the A Simple Query Against This DNS Server check box and the A Recursive Query To Other DNS Servers check box, and then click Test Now.

    On the SERVER01 Properties dialog box, under Test Results, you should see PASS in the Simple Query and Recursive Query columns.

  5. Click OK.
  6. Close the DNS console.

Lesson Summary

In this lesson you learned about installing Active Directory, including running Windows 2000 Configure Your Server to start the Active Directory Installation Wizard. You can also go to a command prompt and type dcpromo to launch the Active Directory Installation Wizard. You can use the Active Directory Installation Wizard to add a domain controller to an existing domain, to create the first domain controller of a new domain, to create a new child domain, and to create a new domain tree. You also learned how the Active Directory Installation Wizard can be used to remove Active Directory from a domain controller.

In this lesson you also learned about the Active Directory database, which is the directory for the new domain, and the database log files. The default location for the database and database log files is systemroot\NTDS. You also learned about the shared system volume that Active Directory creates during installation. The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the group policy objects for both the current domain and the enterprise. The default location for the shared system volume is systemroot\SYSVOL.

You learned how Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. You can configure your Windows 2000 DNS server automatically by using the Active Directory Installation wizard. Unless you are using a DNS server other than Windows 2000 or you want to perform a special configuration, you do not need to configure DNS manually to support Active Directory.

You also learned about Mixed and Native domain modes. Mixed mode allows compatibility with previous versions of Windows NT. Native mode is only used when all domain controllers in the domain are running Windows 2000 Server.

In the practice portion of this lesson, you used the Active Directory Installation wizard to install Active Directory on your computer, to promote your computer to a domain controller, and to create a domain. You then viewed your domain using My Network Places and the Active Directory Users And Computers console. Finally, you used the DNS console to confirm that your DNS service is working.



MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net