Creating a Domain Controller
Re-published from http://www.help-desk-software.com/dcpromo-install-active-directory/
recommend verifying the AD FSMOs can all be reached from the target system
From CMD: DCDIAG /TEST:FSMOCHECK <enter>
Win 2008
Verify Replication
http://technet.microsoft.com/en-us/library/cc794749(v=ws.10).aspx
repadmin /showrepl <servername> /u:<domainname>\<username> /pw:*
Value Description
repadmin /showrepl
Displays the replication status for the last time that the domain controller that is named in <servername> attempted inbound replication of Active Directory partitions.
<servername>
The name of the destination domain controller.
/u:
Specifies the domain name and user name, separated by a backslash, for a user who has permissions to perform operations in AD DS.
<domainname>
The single-label name of the domain of the destination domain controller. (You do not have to use a fully qualified Domain Name System (DNS) name.)
<username>
The name of an administrative account in that domain.
/pw:*
Specifies the domain password for the user named in <username>. * provides aPassword: prompt when you press ENTER.
-
At the Password: prompt, type the password for the user account that you provided, and then press ENTER.
Win 2003
To verify replication is functioning
-
Open a Command Prompt.
-
Type the following command, and then press Enter:
dcdiag /test:replications
NoteFor this set of tests, the /v option is available. However, it does not display any significant additional information. Messages indicate that the connectivity and replications tests passed.
-
To verify that the proper permissions are set for replication, type the following command and then press Enter:
dcdiag /test:netlogons
Messages indicate that the connectivity and netlogons tests passed.
Value Description repadmin /showreplDisplays the replication status for the last time that the domain controller that is named in <servername> attempted inbound replication of Active Directory partitions.<servername>The name of the destination domain controller./u:Specifies the domain name and user name, separated by a backslash, for a user who has permissions to perform operations in AD DS.<domainname>The single-label name of the domain of the destination domain controller. (You do not have to use a fully qualified Domain Name System (DNS) name.)<username>The name of an administrative account in that domain./pw:*Specifies the domain password for the user named in <username>. * provides aPassword: prompt when you press ENTER.- At the Password: prompt, type the password for the user account that you provided, and then press ENTER.
- Open a Command Prompt.
- Type the following command, and then press Enter:dcdiag /test:replications
For this set of tests, the /v option is available. However, it does not display any significant additional information. Messages indicate that the connectivity and replications tests passed. - To verify that the proper permissions are set for replication, type the following command and then press Enter:dcdiag /test:netlogonsMessages indicate that the connectivity and netlogons tests passed.
Install Active Directory using DcPromo
First, locate and run DcPromo. You can search for DcPromo in the Start Menu, or you can directly run DcPromo in the Windows “run” box. Here we use Windows “run” to open DcPromo.exe.
Simply press the Windows key and R key together, type “dcpromo”, and hit enter.
Running DCPromo from the Run Window
DcPromo will begin to install Active Directory Domain Services and other required components.
Active Directory Domain Services binaries being installed.
Then the Wizard will appear. Just click Next to proceed.
Active Directory Domain Services Installation Wizard
You’ll be informed about enhanced security features and operating system compatibility. Just click Next.
Active Directory Installation Operating System Compatibility Warning
In our example, we’re installing Active Directory services on the first domain controller in the environment. There is no existing forest in this network. We choose the “Create a new domain in a new forest” option.
Create a new Active Directory Domain in a new Forest
Next, you’re asked to provide a name for this new root domain. This will be the fully qualified domain.
Name your fully qualified domain name (FQDN) for the forest root domain
Then you need to set the forest functional level. The Wizard will display a description for each functional level, and this will help you to determine the correct level for your requirement. The higher the forest functional level, the more features available – So set it according to your network environment requirements. For example, if you select Windows 2000 Native as the forest functional level, all your domains must be Windows 2000 or above. In this demonstration, we select the Windows Server 2008 R2 functional level, and go ahead. Click Next.
Set the Forest Functional Level
It’s a good idea to have the DNS on the same server where the domain controller will be installed. The Wizard does this for you while completing this Active Directory Installation. Click Next.
Select Additional Domain Controller Options such as DNS Server
If there is no Static IP already set up for the domain controller, you will be prompted to configure one. If necessary, you can ignore this request for now by selecting the option to gain an IP address from the DHCP server. Otherwise, go ahead with the recommended action and set an IP for the computer and click “Next”.
Active Directory Installation – Dynamic IP Warning
Delegation for the DNS server will be setup later while setting up DNS – so don’t worry about the following message. Just click Yes, and then click Next.
Active Directory Domain Services Installation Wizard displays a warning about delegation for the DNS server.
The next Wizard screen will prompt you to select the locations in which to save your Active Directory Database and Log files. In order to increase performance and recoverability, Microsoft recommends storing log files in a volume separate from where the database is stored.
Select the location for database, log files and SYSVOL
You’ll now be prompted for a password. This password is for Directory Service Restore – it is not the Domain Administrator password. This password will be required should you need to remove Active Directory from a server using DcPromo.
Select your password for the Administrator account on your new domain
Next you will be shown a summary of the Active Directory installation, and if needed you can export the settings to an answer file which can be used for command line Active Directory installation.
Summary of selections made during the Active Directory Domain Services Installation Wizard.
It will take some time to create a new Active Directory database and install the DNS server. Tick “Reboot on completion” to automatically reboot the PC after the Active Directory installation.
Active Directory Domain Services gets installed.
When it’s complete, you’ll receive the Active Directory Installation confirmation message – now click Finish.
Once complete, the wizard displays a panel to indicate successful completion.
If you didn’t tick “Reboot on completion”, you’ll be prompted to restart to complete the Active Directory Installation.
You may have to reboot the server to complete the Active Directory installation.
DCPromo and Installation of Active Directory Complete
That completes the installation. Active Directory Domain services are installed on the new server and ready for use.
Windows Domain Server Login Screen
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.