Any machine running Windows Server 2003 Standard Edition, Enterprise Edition or Datacenter Edition can host an Active Directory Database. A server hosting Active Directory is known as a Domain Controller.
Use the buttons below to navigate through the lesson
Active Directory can be installed in a number of ways, these are highlighted below. The Manage your server wizard can be used to install Active Directory although the preferred solution is to use the DCPROMO utility. The DCPROMO utility will allow you to perform unattended installations of Active Directory as well as configure various advanced options such as installing additional Domain Controllers.
Active directory Install from a backup
Imagine this situation:
- You have a large Active directory database for your domain.
- You have a head office and are opening a branch office.
- The branch office needs to be part of your domain.
- You only have limited bandwidth between head office and the branch.
Once an additional Domain Controller has been installed from a backup of the database, all of the changes will be replicated.
If you are installing a Windows Server 2003 Domain Controller into an existing Windows 2000 Domain then you will need to run the “adprep” utility to prepare the Windows 2000 Active Database for Windows Server 2003. You will also need to know which FSMO roles the Domain Controllers have. FSMO roles are covered later in this course.
From the existing Windows 2000 Domain Controllers in your forest you will need to run the following commands:
N.B. ADPrep is located in the i386 directory on the Windows Server 2003 CD-ROM.
Before promoting the server to a Domain controller, ensure the computer has a static IP address, an NTFS partition and a network connection.
To promote a server to a Domain Controller click on Start. Click on Run. In the Open dialog box type in DCPROMO. Click on OK. The Active Directory Installation Wizard will appear. Click on Next to continue. Operating System Compatibility warning will appear. Click on Next to continue.
This same wizard is used to make a new domain’s first controller, or an additional controller for an existing domain. In this example a new domain is being created. Click Next to continue. Ensure domain in a new forest is selected and click Next to continue. Type in the full DNS domain name for the new domain. Click Next to continue.
A NetBIOS name for the domain is suggested. The NetBIOS name will be used by earlier versions of Windows. Click Next to continue. The Database and Log locations page will appear. The default location is inside the system root folder. Click on Next to continue. The Sysvol folder is used to store files for the domain. The Sysvol folder is replicated to all other domain controllers in the domain. The Sysvol folder must be located on an NTFS volume. Click on Next to continue.
A DNS Diagnostic box appears and DNS must be installed and configured. Click on Next to continue. The permissions page allows you to set the security for the domain. Only select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems if you are sure you won’t be using NT 4.0 Server on the network. Click Next to continue. Specify a password to be used for restoring Active Directory. Click Next to continue. The summary page will appear. The whole process of creating a Domain Controller can take up to 15 minutes. Click on Next. The files and services will be installed and configured. Click on Finish. Click on Restart Now to complete the installation.
DCPROMO can also be used to a promote a member server to an additional domain controller.
To promote a server to an Additional Domain Controller click on Start. Click on Run. In the Open dialog box type in DCPROMO. Click on OK. The Active Directory Installation Wizard will appear. Click on Next to continue. Operating System Compatibility warning will appear. Click on Next to continue. This same wizard is used to make a new domain’s first controller, or an additional controller for an existing domain. In this example an additional domain controller is being created. Click Next to continue.
Type in the administrators details. Click Next. Type in the full DNS domain name for the domain or browse for existing domains. Click Next. Choose a location for the database and log folders and Click Next. Choose a location for the SYSVOL folder and Click Next. Specify a Directory Services Restore Mode Password. Click Next. Review all of your settings and click Next. Active Directory will then be installed on the server. Click Finish once completed. Click Restart Now to finish the installation.
The DCPROMO utility can also be used to demote a Windows 2000 Domain Controller to a standard Member server.
If the Domain Controller being demoted is the only domain controller in the domain then the domain will no longer exist.
Additional trees in an existing forest
Additional Domains and Domain Controllers can be joined to the Active Directory enterprise by using DCPROMO. The sequence is illustrated here by adding a new domain:
To create a new Domain/Domain Controller the DCPROMO utility is used. Click on Start. Select Run. In the Open dialog box type DCPROMO. Click on OK to continue. The Active Directory Installation Wizard will appear. Click Next to continue. The operating system compatibility page will appear. Click on Next to continue.
The Domain Controller type page gives an option of either creating a new domain with a new domain controller, or creating an additional domain controller for an existing domain. Click Next to create a new domain. Here there is the option of creating a new domain in a new forest or creating a child domain in an existing tree. The domain sales.es-net.co.uk would be a child-domain of es-net.co.uk for example. Select Domain Tree in an existing forest and click Next.
In the Network Credentials box specify the name and password of the administrator for the forest you are joining. Click on Next to continue. Type in the full DNS name for the new tree. Click on Next to continue. A NetBIOS Domain name is suggested. This name can be used by earlier versions of Windows. Click on Next to continue.
The Database and Log Locations Page will appear. Click on Next to accept the defaults and continue. The Shared System Volume page will appear. Click on Next to accept the default location. DNS is required by Active Directory, so a warning box appears stating that no DNS server can be located. Click OK to continue. The Permissions page will appear. Click on Next to accept the default and continue. Type in a password that can be used to boot the computer in Active Directory restore mode. Click on Next to continue.
The Summary page will appear. Check all settings are correct and click Next to install Active Directory. The server is then configured for Active Directory. Click on Finish to close the Active Directory Installation Wizard. The server will then need to be restarted. Click on Restart now to complete the installation.
The new domain tree appears when browsing the Active Directory. Resources between the domains can be shared easily since all domains in a forest have a trust between them. Although both domains appear to be root domains, only one domain (the first one created) is the root.
When DCPROMO is run with the /adv switch you are able to select how the new server will obtain a copy of the Active Directory Database.
The default is over the network, however if a network connection is not available, backup media can be used.