Vision Infosystems (VIS)

Chapter

AD DS Installation

Topics Covered
Installation of ADDS
Installation of Additional Domain Controller
Installation of New Child domain
Installation of New domain with new tree

Page No. : 16

Vision Infosystems (VIS)

Installation of Active Directory Domain Service

Before installation Active Directory domain service (AD DS) for the first time we need to plan
various things in-order to meet our organization requirement. Below are the list of information
which you need to plan before installing AD DS.

Domain name for the organization (eg. Vision.com) and NetBIOS domain name (eg.
Vision)
Domain and Forest functional level
Installation of DNS service
Location of NTDS Database and logs file
Name of the server
IP address for the DNS Server
Administrator password and DSRM password

Now let start the procedure to install AD DS role on the server and make the server works as
domain controller for a new forest/domain.
The AD DS process is divided into 2 parts i.e.

Installation of AD DS role
Installation of AD using dcpromo.exe

Installation of AD DS role
Inorder to install AD DS role we require to have Windows 2008 server DVD ready with us. Now
follow the below given steps to install AD DS role
Go to Server Manager from Start Programs Administrative tools

Page No. : 17

Vision Infosystems (VIS)

In the Server Manager console select Role option

Next click on Add role to bring the Add role wizard window as shown below

Select the Active directory domain service role and then click on next button to continue to begin
the process of installing AD DS role

Page No. : 18

Vision Infosystems (VIS)

After completion of AD DS role installation the next step is to installation AD DS service using
dcpromo.exe

Installation of AD using dcpromo.exe

To installation all the feature of AD you need to run dcpromo.exe as we where using in earlier
version of Windows. Below are the steps to perform this action
Go to Start Run and type dcpromo.exe to start the installation process of AD.
After running dcpromo.exe a window appear on screen as shown below to start AD DS
installation wizard. Click the Use Advance mode installation option and click Next button to
continue.

Page No. : 19

Vision Infosystems (VIS)

Next it will display information about compatibility with previous version of Windows Server
operating system. Click next to continue.
Now select Create a new domain in new forest if you are installation the first DC in a forest
and then click Next.

Page No. : 20

Vision Infosystems (VIS)

Next type the Fully Qualified Domain Name (FQDN) for the domain (i.e. vision.com)

Next type the NetBIOS domain name for the domain (i.e. VISION)

Now select the Forest function level which suits our organization requirement.

Page No. : 21

Vision Infosystems (VIS)

Next select the addition service which are require to installation before installation AD DS.
These are
DNS : You have a option to do not install DNS server if required. But in our case since we are
installation the first domain controller this option must be selected.
Global Catalog : By default the first server in the forest is GC by default.
RODC : This role is not available on the First DC.

Page No. : 22

Vision Infosystems (VIS)

Next specify the location of Active Directory database file, log files and sysvol folder.

Next you have to specify DSRM password for restoring and performing active directory database
related function.
Note : This password is different from normal administrator password.

Page No. : 23

Vision Infosystems (VIS)

Next it will show the summary of various options you have selected during the installation of AD
DS wizard.

Next the installation process begins. Wait for few minute to complete the process.

Page No. : 24

Vision Infosystems (VIS)

After completion of installation of AD DS you need to restart the server for changes to take
effect.
When AD DS is installed on a Windows 2008 server you have 3 consoles installed to manage
your active directory forest. They are as under :

Active directory users and computer : This snap-in or console is use manage active
directory objects like uses, groups, OU, etc.

Active directory sites and services : This snap-in or console is used to manage active
directory sites which are used for managing replication and finding resources.

Active directory domains and trust : This snap-in or console is used to manage trust
relationship.

Also two forward lookup zones are created in DNS. They are as under

<domain.com>
_msdcs.<domain.com>

Exampe : if you domain name is vision.com then the two zone will be named as 1) vision.com
and 2) _msdcs.vision.com.

Page No. : 25

Vision Infosystems (VIS)

Installation of Addition Domain Controller

1) To set up an Additional Domain Controller, use the dcpromo.exe command. To use the
command, click on Start > Run > and then write dcpromo > Click OK
2) The system will now start checking if Active Directory Domain Services ( AD DS) binaries
are installed, then will start installing them. The binaries could be installed if you had run the
dcpromo command previously and then canceled the operation after the binaries were installed.
3) The Active Directory Domain Services Installation Wizard will start, either enable the
checkbox beside Use Advanced mode installation and Click Next , or keep it unselected and
click on Next.
4) The Operating System Compatibility page will be displayed, take a moment to read it and
click Next.

5) On the Choose a Deployment Configuration page, click Existing forest, click Add a domain
controller to an existing domain, and then click Next.

Page No. : 26

Vision Infosystems (VIS)

6) On the Network Credentials page, type your domain name, in our case it is vision.com

7) To set up an Additional Domain Controller, you will need an account that must be either a
member of the Enterprise Admins group or the Domain Admins group.
8) To enter the Alternate credentials, click Set. In the Windows Security dialog box, enter the
user name and password for an account that must be either a member of the Enterprise Admins
group or the Domain Admins group > then click Next.
Page No. : 27

Vision Infosystems (VIS)

9) On the Select a Domain page, select the domain of the Additional Domain Controller, and
then click Next, as I already have only one domain, then it will be selected by default.

10) On the Select a Site page, either enable the checkbox beside Use the site that corresponds to
the IP address of this computer, this will install the domain controller in the site that corresponds
to its IP address, or select a site from the list and then click Next. If you only have one domain
controller and one site, then you will have the first option grayed and the site will be selected by
default as shown in the following image

11)On the Additional Domain Controller Options page, By default, the DNS Server and Global
Catalog checkboxes are selected. You can also select your additional domain controller to be a
Read-only Domain Controller (RODC) by selecting the checkbox beside it.

Page No. : 28

Vision Infosystems (VIS)

My primary domain controller is a DNS Server is well, and this can be verified by reading the
additional information written in the below image, that there is currently 1 DNS server that is
registered as an authoritative name server for this domain. I do want my Additional DC to be a
DNS server and a Global catalog, so I will keep the checkboxes selected. Click Next
12) If you select the option to install DNS server in the previous step, then you will receive a
message that indicates a DNS delegation for the DNS server could not be created and that you
should manually create a DNS delegation to the DNS server to ensure reliable name resolution.
If you are installing an additional domain controller in either the forest root domain (or a tree
root domain) , you do not need to create the DNS delegation. In this case, you can safely ignore
the message and click Yes.
13) In the Install from Media page ( will be displayed if you have selected Use advanced mode
installation on the Welcome page, if you didn't select it, then skip to step # 15), you can choose
to either replicate data over the network from an existing domain controller, or specify the
location of installation media to be used to create the domain controller and configure AD DS. I
want to replicate data over the network, so I will choose the first option > click Next

Page No. : 29

Vision Infosystems (VIS)

14) On the Source Domain Controller page of the Active Directory Domain Services Installation
Wizard, you can select which domain controller will be used as a source for data that must be
replicated during installation, or you can have the wizard select which domain controller will be
used as the source for this data. You have two options :

Page No. : 30

Vision Infosystems (VIS)

15) Now you will have to specify the location where the domain controller database, log files
and SYSVOL are stored on the server.

16) In the Directory Services Restore Mode Administrator Password (DSRM) page, write a
password and confirm it. This password is used when the domain controller is started in
Directory Services Restore Mode, which might be because Active Directory Domain Services is
not running, or for tasks that must be performed offline.

17) Summary page will be displayed showing you all the setting that you have set . It gives you
the option to export the setting you have setup into an answer file for use to automate subsequent

Page No. : 31

Vision Infosystems (VIS)

AD DS operations, if you wish to have such file, click on the Export settings button and save the
file. Then click Next to begin AD DS installation
18) Active Directory Domain Services installation will be completed, click Finish, then click on
Restart Now to restart your server for the changes to take effect.
19) Open Active Directory Users & Computers, and then click on the Domain Controllers
Organizational Unit, and you will see your Additional Domain Controller along with your
Primary Domain Controller.

Installation of Child Domain

To create a new domain in a new forest
1. Open the Active Directory Installation Wizard.
2. On the Domain Controller Type page, click Domain controller for a new domain, and
then click Next.
3. On the Create New Domain page, click Domain in a new forest, and then click Next.
4. On the New Domain Name page, type the full DNS name for the new domain, and then
click Next.
5. On the NetBIOS Domain Name page, verify the NetBIOS name, and then click Next.

Page No. : 32

Vision Infosystems (VIS)

6. On the Database and Log Folders page, type the location in which you want to install
the database and log folders, or click Browse to choose a location, and then click Next.
7. On the Shared System Volume page, type the location in which you want to install the
Sysvol folder, or click Browse to choose a location, and then click Next.
8. On the DNS Registration Diagnostics page, verify if an existing DNS server will be
authoritative for this forest or, if necessary, choose to install and configure DNS on this
server by clicking Install and configure the DNS server on this computer, and set this
computer to use this DNS server as its preferred DNS server, and then click Next.
9. On the Permissions page, select one of the following:
o

Permissions compatible with pre-Windows 2000 Server operating systems

Permissions compatible only with Windows 2000 or Windows Server 2003

operating systems

10. Review the Summary page, and then click Next to begin the installation.

Page No. : 33