This lesson presents information on installing and removing Active Directory including using the Active Directory Installation Wizard. The lesson also discusses the database and shared system volume that Active Directory creates during installation and setting up Domain Name System (DNS) for Active Directory. Finally, the lesson discusses domain modes.
After this lesson, you will be able to
Estimated lesson time: 25 minutes
The Active Directory Installation Wizard can perform the following tasks:
To launch the Active Directory Installation Wizard, run Configure Your Server on the Administrative Tools menu of the Start menu, or run dcpromo from the command prompt. These two methods run the Active Directory Installation Wizard on a standalone server and help you through the process of installing Active Directory on the computer and creating a new domain controller.
As you install Active Directory, you can choose whether to add the new domain controller to an existing domain or create the first domain controller for a new domain.
If you choose to add a domain controller to an existing domain, you create a peer domain controller. You create peer domain controllers for redundancy and to reduce the load on the existing domain controllers.
If you choose to create the first domain controller for a new domain, you create a new domain. You create domains on your network to partition your information, which enables you to scale Active Directory to meet the needs of your organization. When you create a new domain, you can create a new child domain or a new tree. Table 17.1 describes creating a new child domain and creating a new domain tree.
Table 17.1 Creating New Domains
Creating a new domain | Description |
---|---|
New child domain | When you create a child domain, the new domain is a child domain in an existing domain. |
New domain tree | When you create a new tree, the new domain is not part of an existing domain. You can create a new tree in an existing forest, or you can create a new forest. |
Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. To find a domain controller in a particular domain, a client queries DNS for resource records that provide the names and Internet Protocol (IP) addresses of the Lightweight Directory Access Protocol (LDAP) servers for the domain. LDAP is the protocol used to query and update Active Directory, and all domain controllers run the LDAP service. You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. However, you can install DNS separately without Active Directory.
You can configure your Windows 2000 DNS server automatically using the Active Directory Installation Wizard. Unless you are using a DNS server other than Windows 2000 or you want to perform a special configuration, you do not need to manually configure DNS to support Active Directory. However, if you want to set up a configuration other than the default configuration that the Active Directory Installation Wizard sets up, you can manually configure DNS using the DNS console.
Installing Active Directory creates the database and database log files, as well as the shared system volume. Table 17.2 describes these files.
Table 17.2 Types of Files Created by Installing Active Directory directory services
Type of file created | Description |
---|---|
Database and database log files | The database is the directory for the new domain. The default location for the database and database log files is systemroot\Ntds, where systemroot is the Windows 2000 directory. For best performance, place the database and the log file on separate hard disks. |
Shared system volume | The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the group policy objects for both the current domain and the enterprise. The default location for the shared system volume is systemroot\Sysvol. The shared system volume must be located on a partition or volume formatted with Microsoft Windows NT file system (NTFS) 5.0. |
Replication of the shared system volume occurs on the same schedule as replication of Active Directory. As a result, you may not notice file replication to or from the newly created system volume until two replication periods have elapsed (typically, 10 minutes). This is because the first file replication period updates the configuration of other system volumes so that they are aware of the newly created system volume.
There are two domain modes: Mixed mode and Native mode.
When you first install or upgrade a domain controller to Windows 2000 Server, the domain controller is set to run in Mixed mode. Mixed mode allows the domain controller to interact with any domain controllers in the domain that are running previous versions of Windows NT.
When all the domain controllers in the domain run Windows 2000 Server, and you do not plan to add any more pre—Windows 2000 domain controllers to the domain, you can switch the domain from mixed mode to Native mode.
During the conversion from Mixed mode to Native mode, the following changes take place:
NOTE
The change from Mixed mode to Native mode is one way only; you cannot change from Native mode to Mixed mode.
Follow these steps to change the domain mode to Native mode:
Running dcpromo from the Run dialog box on an existing domain controller allows you to remove Active Directory from the domain controller, thus demoting it to a member server. If the domain controller is the last domain controller in the domain, it becomes a standalone server. If you remove Active Directory from all domain controllers in a domain, you also delete the directory database for the domain, and the domain no longer exists. Computers joined to this domain can no longer log on to the domain or use domain services.
Follow these steps to remove Active Directory from a domain controller:
The Active Directory Installation Wizard appears.
In this practice you install Active Directory on your standalone server, which makes the server a domain controller of a new domain. In Exercise 1 you use the DCPROMO program and Active Directory Installation Wizard to install Active Directory. In Exercise 2 you view the domain you have created. In Exercise 3 you are introduced to the Active Directory Users and Computers console. In Exercise 4 you confirm that the DNS service is working.
In this exercise, you run DCPROMO to install the Active Directory service on your standalone server, making it a domain controller in a new domain, in a new tree, and in a new forest.
The Run dialog box appears.
The Active Directory Installation Wizard appears.
The Domain Controller Type page appears.
The Create Tree Or Child Domain page appears.
The Create Or Join Forest page appears.
The New Domain Name page appears.
(If you are not using microsoft.com as your DNS domain name, type the name you are using for your DNS domain name.)
After a few moments, the NetBIOS Domain Name page appears.
The Database and Log Locations page appears.
The Shared System Volume page appears.
What is the one SYSVOL location requirement?
What is the function of SYSVOL?
Answer
The Active Directory Installation Wizard message box appears, reminding you to install and configure a DNS server. Click OK. The Configure DNS page appears.
The Permissions page appears.
The Directory Services Restore Mode Administrator Password page appears.
The Summary page appears, listing the options that you selected.
The Configuring Active Directory progress indicator appears as the Active Directory service is installed on the server. This process takes several minutes, during which you are prompted to place the Windows 2000 Server CD-ROM into your CD-ROM drive.
In this exercise, you view your domain to verify Active Directory installation.
The My Network Places window appears.
What selections do you see?
Answer
What do you see?
Answer
In this exercise, you use the Active Directory Users And Computers console to view your domain.
Windows 2000 displays the Active Directory Users And Computers console.
What selections are listed under microsoft?
Answer
Notice that SERVER01 appears in the details pane. If you did not use SERVER01 as your server name, the DNS name of your server appears in the details pane.
In this exercise, you confirm that your DNS service is working.
The SERVER01 Properties dialog box appears. (If you did not use SERVER01 as your server name, the dialog box reflects your server name.)
On the SERVER01 Properties dialog box, under Test Results, you should see PASS in the Simple Query and Recursive Query columns.
In this lesson you learned about installing Active Directory, including running Windows 2000 Configure Your Server to start the Active Directory Installation Wizard. You can also go to a command prompt and type dcpromo to launch the Active Directory Installation Wizard. You can use the Active Directory Installation Wizard to add a domain controller to an existing domain, to create the first domain controller of a new domain, to create a new child domain, and to create a new domain tree. You also learned how the Active Directory Installation Wizard can be used to remove Active Directory from a domain controller.
In this lesson you also learned about the Active Directory database, which is the directory for the new domain, and the database log files. The default location for the database and database log files is systemroot\NTDS. You also learned about the shared system volume that Active Directory creates during installation. The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the group policy objects for both the current domain and the enterprise. The default location for the shared system volume is systemroot\SYSVOL.
You learned how Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. You can configure your Windows 2000 DNS server automatically by using the Active Directory Installation wizard. Unless you are using a DNS server other than Windows 2000 or you want to perform a special configuration, you do not need to configure DNS manually to support Active Directory.
You also learned about Mixed and Native domain modes. Mixed mode allows compatibility with previous versions of Windows NT. Native mode is only used when all domain controllers in the domain are running Windows 2000 Server.
In the practice portion of this lesson, you used the Active Directory Installation wizard to install Active Directory on your computer, to promote your computer to a domain controller, and to create a domain. You then viewed your domain using My Network Places and the Active Directory Users And Computers console. Finally, you used the DNS console to confirm that your DNS service is working.