Windows Server 2003 Domain Controller Deployment

In this KB, we will discuss the steps necessary to configure and deploy the first Windows Server 2003 Domain Controller (DC) in an Active Directory forest.

Before we begin our deployment, we must satisfy some prerequisites for our new domain. First, we should make sure we have a static IP address set on the host we intend to use as our primary domain controller (PDC) - the first domain controller in the forest.  Second, we will need DNS services configured so that new members of our domain can perform name resolution.  DNS services can be configured on the PDC as part of the PDC promotion process (which is how we will configure them in this KB), but you can just as easily configure them manually prior to running the DC promotion process.

Configuring a Static IP Address

Since this will be the first DC in our environment, we won't have supporting services like DHCP to provide our domain controller with IP information when it first boots.

We must therefor set a static IP address before continuing on

1. Right click on the Local Area Connection icon on the start menu and select Open Network Connections
   
   
   
   
2. Right click on the Local Area Connection interface and select Properties
   
   
   
   
3. Select the Internet Protocol (TCP/IP) protocol and click Properties
   
   
   
   
4. Select the Use the following IP address option completing the provided inputs to reflect your desired network configuration and click OK
   
   
   Note: You must ensure the Preferred DNS is set to the IP address of this host.  Since this host will also function as our domains DNS server, it's preferred DNS server should be set to the local host.
   
   You may also notice we have left the alternate DNS server empty.  At this time, our domain does not have an alternate DNS server configured.  If you later build a backup domain controller or server running DNS services, you can update the network settings on the PDC to reflect the addition of the new DNS server.
   
   
5. Close the Local Area Connection properties window and verify your computers IP Address has been set correctly
   
   

Domain Controller Promotion

We are now ready to promote your server as a new domain controller.

1. Run dcpromo
   
   Run" />
   
   
   
   
2. Click Next on the Active Directory Installation Wizard window
   
   
   
   
3. Click Next on the Operating System Compatibility check window
   
   
   
   
4. Select the Domain controller for a new domain option and click Next
   
   
   
   
5. Select the Domain in a new forest option and click Next
   
   
   
   
6. Enter your desired domain name and click Next
   
   
   
   
7. Enter your desired down-level NetBIOS name and click Next
   
   
   
   
8. Enter your desired database and log folders directory for Active Directory and click Next
   
   
   Note: Typically this is kept as the default unless you want active directory's database and logs to be stored on another drive for performance and/or recoverability purposes
   
   
9. Enter your desired SYSVOL directory and click Next
   
   
   Note: Typically this is kept as the default unless you want the SYSVOL directory to be stored on another drive for performance and/or recoverability purposes
   
   
10. Choose the Install and configure DNS server option.
    
    
    Note: Ignore the Diagnostic Failed message.  This warning is only present because we have not yet installed DNS services on the new DC
    
    
11. Since this is a new domain, we will select the Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems and click Next
    
    
    
    
12. Provide a restore mode password and click Next to continue
    
    
    
    
13. Verify your settings and click Next
    
    
    
    
14. The Wizard will begin configuring active directory on the server. 
    
    
    Note: You may be asked to provide your Windows Server installation media in order for DNS services to be installed
    
    
15. If all went well, you'll be presented with the finishing screening.  Click Finish to complete the setup wizard
    
    
    
    
16. The Installation Wizard will close and ask you to restart your computer to make the settings take effect.  Click the Restart Now button to complete the install
    
    

DNS Forwarders

Now that we have prompted our domain controller, we need to configure DNS forwarders to help with external name resolution.  Thus far, internal name resolution will be handled by our domain controller/DNS server but how do we handle the Internet?

The answer is simple, we configure a DNS forwarder on our DNS server.  DNS forwarders forward queries for unknown domains to other DNS servers for name resolution and cache their responses based on the TTL (time to live) value set with the associated record.

So in other words, if our DNS server doesn't know the address for say, www.google.com, then it will ask a downstream DNS sever (a forwarder) if it knows the address.  The downstream DNS server intern performs the same lookup and forward the query on if it doesn't know the address for the host.  This process repeats itself until your query either hits a DNS server with a cached response (the TTL hasn't expired for the record) or your query finds its way to the SOA (start of authority.)  The answer is then returned along the same path with a TTL value so that it may be cached for quicker subsequent look-ups.

Typically you will set your DNS forwarders to your ISP's DNS server(s).  Your ISP should provide you with the address(s) for their public DNS servers.  In the following example, we will set our DNS servers to TCPDump's ISP's DNS servers, but you should make certain to replace the address from our example with your ISP's DNS servers as you'll most likely not have access to query our servers.

1. Log on to the new domain as the domain administrator.  Ensure you select the domain from the Log on to menu drop down
   
   
   Note: The NetBIOS name you chose from the dcpromo command should be listed in the "Log on to" menu drop down
   
   
2. Run the DNS management snap-in (Start -> Run -> dnsmgmt.msc)
   
   
   
   
3. Right click on the hostname of your server and select Properties
   
   
   
   
4. From the Forwarders menu, add your ISP's DNS servers
   
   
   Note: The addresses shown above are TCPDump's ISP's DNS servers.  You should set this to your ISP's DNS servers
   
   
5. Apply the change and close the DNS properties window
   
   
6. Verify DNS functionality querying for your domain controller and a external site like www.google.com
   
   

Domain Functional Level

Since we are beginning fresh with a new Windows Server 2003 domain, there is no need for legacy support of Windows Server 2000 Domain Controllers.  Therefore, we will raise the functional level of the domain to Windows Server 2003.

1. Run Active Directory Users and Computers
   
   
   
   
2. Right click the Active Directory Users and Computers Container.  From the All Tasks menu option, select Raise Domain Functional Level
   
   
   
   
3. Select Windows Server 2003 from the domain functional level and click Raise
   
   
   
   
4. Click OK to confirm the new functional level
   
   
   
   
5. You'll receive a confirmation message once the functional level has been raised
   
   
   
   

Nice work, your new domain is now configured and ready for use!  Enjoy!

Add this page to your favorite website

Comments

Add New Search

Baskaran |07/08/2010 20:59:34 please give guidlines to know about virtual machine Reply | Quote

Write comment
Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."