Dark Developments Where Knowledge Meets Power

30Aug/110

WIN2008 – Install Active Directory

Windows Server 2008 - Installing Active Directory
Active Directory is one of the core elements when using Windows Server. Active Directory provides the structure to centralize the network management and store information regarding the network resources across a domain. Domain Controllers keep al this information centralized and available to all network users.

Using the Graphical User Interface
In Windows Server 2008, just like previous server operating Systems, you can run DCPROMO to promote the server to Domain Controller and install Active Directory. Do note that Windows Server 2008 does require the server role Active Directory Domain Services. This is also installed using DCPROMO or pre-adding the role using Server Manager.

To run DCPROMO, enter Run and open DCPROMO. Alternative you can click on the DCPROMO link from Server Manager.

If AD-DS is already installed, the Active Direcotry Domain Services Installation Wizard will appear immediately or after a short while. If AD-DS isn't installed, this Active Directory Domain Services will be installed before the Active Directory Domain Services Installation wizard will appear.

Click Next on the welcome screen to start the wizard.

In the Operating System Compatibility window, read the information and click Next to continue.

Next is the Deployment Configuration window. Depending on what you are planning to do you'll need to select an option.

  • Existing forest - Add a domain controller to an existing domain - When there already is a forest and you want a backup domain controller.
  • Existing forest - Create a new domain in an existing forest (This server will become the first domain controller in the new domain). - If you want the new domain to be a child of an existing domain, select this option. For example, you could create a new domain named hq.root.local as a child domain of the domain root.local.
  • Create a new domain in a new forest - Select this option if this is the first domain in your organization or if you want the new domain the be completely independent of your current forest.

Enter a name for the new domain and click Next. Do not use single label domain names such as "mydomain" or similar. You MUST pick a full domain name such as "mydomain.local" or "mydomain.com" and so on.

Select the appropriate forest function level. Windows 2000 is selected by default, this means you can add Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. The Windows 2000 forest functional level provides all Active Directory Domain Services features that are available in Windows 2000 Server. If you have domain controllers running later versions of Windows Server, some advanced features will not be available on those domain controllers while this forest is at the Windows 2000 functional level. The Windows Server 2003 forest functional level provides all features that are available in Windows 2000 forest functional level, and the following additional Domain Controller running Windows Server 2003 and Windows Server 2008. Windows Server 2008 functional level does not provide any new features over the Windows 2003 forest functional level. However, it ensures that any new Domain Controller is running Windows Server 2008, which does provide unique features.

If no DNS server has been configured, the wizard will offer to automatically install DNS on this server. The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.

You'll get a warning telling you that the server has dynamically assigned IP address(es). Mostly because IPv4 isn't manually configured or we IPv6 did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning.

You'll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.

If necessary change the paths of the AD database, log files and SYSVOL folder. For example for large deployments use a different disk, RAID,... Carefully plan your DC configuration to get the maximum performance.

Enter the Restore Mode Administrator Password. Do not use the regular administrator's password and securely store it. With this password you'll be able to restore Active Directory when things go bad.

Review your selections and click Next. It is also possible to export the settings for future use in unattended installs.

The wizard will create the domain, when finished you'll need to press Finish and reboot the computer.

Using the Command Line Interface
DCPROMO will accept command line switches, and if provided correctly, it will use them to perform the required tasks.

Select All Code:
1
DCPROMO /unattend /replicaOrnewDomain:newDomain /replicaDomainDNSName:root.local /ConfirmGC:yes /username:root.local'administrator /Password:P@ssw0rd /safeModeAdminPassword:P@ssw0rd1

It is also possible to use an unattended or answer file. The file is a text file that provides automated user input for each page of the Active Directory Installation Wizard.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
[DCINSTALL]
UserName=administrator
UserDomain=root.local
Password=P@ssw0rd1
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=NewDomain
DatabasePath="%systemroot%'NTDS"
LogPath="%systemroot%'NTDS"
SYSVOLPath="%systemroot%'SYSVOL"
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=P@ssw0rd1
RebootOnCompletion=yes

After creating the unattended file start the DCPROMO process.

Select All Code:
1
DCPROMO /unattend:C:\
Print Friendly
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.