Monday 26 March 2012

Installing the First Domain Controller in a New Forest


Installing the First Domain Controller in a New Forest

NOTE: You must install a DNS server at some point before or during the promotion process. After the computer is promoted to a domain controller, it registers services in DNS that enable Lightweight Directory Access Protocol (LDAP) queries to be performed against the directory on that domain controller.
  1. Click Start, click Run, type dcpromo, and then click OK.
  2. This starts the Active Directory Installation Wizard. Click Next.
  3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in the forest, click Domain Controller for a New Domain.
  4. Click Next.
  5. Because this domain controller will also be the first domain controller in a new domain tree, click Create a new domain tree.
  6. Click Next.
  7. Because this will be the first domain controller in the new forest, it will be the first domain in your organization. Click Create a new forest of domain trees.
  8. Click Next.
  9. In the New Domain Name screen, type the full DNS name for your new domain in the form of a fully qualified domain (for example: Microsoft.com).
  10. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: MICROSOFT).
  11. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
  12. Click Next.
  13. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
  14. Click Next.
  15. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
  16. Click OK.
  17. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
  18. Click Next.
  19. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
  20. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database.

    NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
  21. In the Summary screen, confirm your options, and then click Next.
  22. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
  23. Restart the computer.

Installing the First Domain Controller in an Existing Forest

NOTE: The design of your namespace determines whether or not you install and configure the DNS service on this computer. If the TCP/IP settings are configured correctly to point to an existing DNS server, you do not need to install the DNS service on this server.
  1. Click Start, click Run, type dcpromo, and then click OK.
  2. This starts the Active Directory Installation Wizard. Click Next.
  3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in the forest, click Domain Controller for a new domain.
  4. Click Next.
  5. Because this domain controller will also be the first domain controller in a new domain tree, click Create a new domain tree.
  6. Click Next.
  7. Because this will not be the first domain controller in the new forest, it will not be the first domain in your organization. Click Place this new domain tree in an existing forest.
  8. Click Next.
  9. The next screen prompts for network credentials. Type the user name, password, and domain name for an account to use for this operation. The account must have full administrative privileges. The domain name can be in the form of a fully qualified domain name (FQDN).
  10. In the New Domain Tree screen, type the full DNS name for your new domain in the form of a fully qualified domain (for example: Microsoft.com).
  11. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: MICROSOFT).
  12. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
  13. Click Next.
  14. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
  15. Click Next.
  16. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
  17. Click OK.
  18. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
  19. Click Next.
  20. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
  21. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database.

    NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
  22. In the Summary screen, confirm your options, and then click Next.
  23. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
  24. Restart the computer.


Installing the First Domain Controller in a New Child Domain

NOTE: You must have the DNS settings configured correctly on the server before promoting it to a domain controller in a child domain. During the promotion process, the server needs to resolve the fully qualified domain name of the parent domain.

  1. Click Start, click Run, type dcpromo, and then click OK.
  2. This starts the Active Directory Installation Wizard. Click Next.
  3. The Active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as the first domain controller in a new domain, click Domain Controller for a New Domain.
  4. Click Next.
  5. Because this domain controller will also be the first domain controller in a new child domain, click Create a new child domain in an existing domain tree.
  6. Click Next.
  7. The next screen prompts for network credentials. Type the user name, password, and domain name for the account to use for this operation. The account must have full administrative privileges. To install a child domain, make sure that DNS is configured correctly so that it can find the parent domain. If you have DNS configured correctly and the server points to the DNS server that contains the correct domain name, the Domain box entry can be in the form of a fully qualified domain name.
  8. In the Child Domain Installation screen, type the full DNS name for the parent domain in the form of a fully qualified domain (for example: Microsoft.com).
  9. In the Child Domain box, type the name of the child domain (for example: Finance). Click Next.
  10. In the NetBIOS Domain Name screen, the NetBIOS Name box is populated with the first part of your fully qualified domain name (for example: Finance).
  11. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
  12. Click Next.
  13. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
  14. Click Next.
  15. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
  16. Click OK.
  17. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
  18. Click Next.
  19. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
  20. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database.

    NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
  21. In the Summary screen, confirm your options, and then click Next.
  22. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
  23. Restart the computer.


Installing an Additional Domain Controller for an Existing Domain

NOTE: You must have the DNS settings configured correctly on the server before promoting it to a domain controller in an existing domain. During the promotion process, the server needs to resolve the fully qualified domain name of the domain.
  1. Click Start, click Run, type dcpromo, and then click OK.
  2. This starts the Active Directory Installation Wizard. Click Next.
  3. The active Directory Installation Wizard asks a series of questions to determine the role this server will have. Because you are installing this server as an additional domain controller in a domain, click Additional Domain Controller for an Existing Domain.
  4. Click Next.
  5. The next screen prompts for network credentials. Type the user name, password, and domain name for the account to use for this operation. The account must have full administrative privileges. The domain name should not be in the form of a fully qualified domain name.
  6. In the Additional Domain Controller screen, type the full DNS name for your existing domain in the form of a fully qualified domain (for example: Microsoft.com).
  7. The Database Location and Logs Location boxes are populated with the default location (Rootdrive\Winnt\Ntds). For best performance and recoverability, store the database and the logs on a separate hard disk. Change the Logs Location value to another hard disk.
  8. Click Next.
  9. In the Shared System Volume screen, the default location of Rootdrive\Winnt\Sysvol is acceptable as long as the volume uses the NTFS file system. This is required for the Sysvol folder.
  10. Click Next.
  11. If you do not have a DNS server available, a "The wizard cannot contact the DNS server that handles the name Domain Name to determine if it supports dynamic update. Confirm your DNS configuration, or install and configure a DNS server on this computer" message appears.
  12. Click OK.
  13. In the Configure DNS screen, click Yes, install and configure DNS on this computer (recommended).
  14. Click Next.
  15. In the Windows NT 4.0 RAS Server screen, choose whether or not you want to allow Remote Access Services (RAS) access to this server. Click Next.
  16. In the Directory Serviced Restore Mode Administrative Password screen, specify an administrator password to use when you start the computer in Directory Services Restore mode. You use Directory Services Restore mode when you need to recover the Active Directory database.

    NOTE: Make sure you remember this password, or you cannot restore Active Directory if needed.
  17. During the replication phase of the promotion process, there is an option to replicate later. There are many reason to choose this option (for example, if you are using a slow link in the middle of the day and you want to wait until the end of the day).
  18. Verify that Active Directory is installed by viewing the messages on the screen. After Active Directory is installed, click Finish to close the wizard.
  19. Restart the computer.

Removing Active Directory from a Domain Controller
NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.

If the demotion process does not succeed for any reason, you must manually delete this metadata from the directory. Use the Ntdsutil.exe utility to manually remove the NTDS Settings object.
  1. Click Start, click Run, type dcpromo, and then click OK.
  2. This starts the Active Directory Installation Wizard. Click Next.
  3. There is a check box in the Remove Active Directory screen. If this computer is the last domain controller in the domain, click to select the check box. Otherwise, click Next.
  4. In the next screen, set the password for the administrator account on the server after Active Directory is removed. Type the appropriate password in the Password and Confirm Password boxes, and then click Next.
  5. In the Summary screen, review and confirm the options you selected, and then click Next.
  6. The wizard begins the process of removing Active Directory from the server. After the process is finished, a message indicates that Active Directory was removed from the computer.
  7. Click Finish to quit the wizard.
  8. Restart the computer.
NOTE: Windows 2000-based DNS severs should point to themselves for DNS in their TCP/IP properties. If this server needs to resolve names from its Internet service provider (ISP),you should configure a forwarder.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)