Windows Server 2008: Install Active Directory Domain Services

Requirements for Active Directory Domain Services

Let’s go through some of the requirements for a fresh install of Active Directory Domain Services. Some of these will be required to be done before hand; others as noted can be done during the install:

• Install Windows Server 2008
• Configure TCP/IP and DNS networking configurations
• The disk drives that store SYSVOL must be on a local drive configured NTFS
• Active Directory requires DNS to be installed in the network. If it is not already installed you can specify DNS server to be installed during the Active Directory Domain Services installation.

Once you verify that these requirements have been met we can get started.

Install Active Directory Domain Services via Server Manager

For the first example let’s start by installing Active Directory through Server Manager. This is the most straight forward way, as a wizard will guide you through the steps necessary.

1. Start Server Manager.

2. Select Roles in the left pane, then click on Add Roles in the center console.

3. Depending on whether you checked off to skip the Before You Begin page while installing another service, you will now see warning pages telling you to make sure you have strong security, static IP, and latest patches before adding roles to your server.

If you get this page, then just click Next.

4. In the Select Server Roles window we are going to place a check next to Active Directory Domain Services and click Next.

5. The information page on Active Directory Domain Services will give the following warnings, which after reading, you should click Next:

• Install a minimum of two Domain Controllers to provide redundancy against server outage (which would prevent users from logging in with only one)
• AD DS requires DNS which if not installed you will be prompted for
• After installing AD DS you must run dcpromo.exe to upgrade to a fully functional domain controller
• Installing AD DS will also install DFS Namespaces, DFS Replication, and Filer Replication services which are required by Directory Service

6. The Confirm Installation Selections screen will show you some information messages and warn that the server may need to be restarted after installation.

Review the information and then click Next.

7. The Installation Results screen will hopefully show Installation Succeeded, and an additional warning about running dcpromo.exe (I think they really want us to run dcpromo).

After you review the, click Close.

8. After the Installation Wizard closes you will see that server manager is showing that Active Directory Domain Services is still not running. This is because we have not run dcpromo yet.

9. Click on the Start button, type dcpromo.exe in the search box and either hit Enter or click on the search result.

10. The Active Directory Domain Services Installation Wizard will now start.

There are links to more information if you want to learn a bit more you can follow them or you can go ahead and click Use advanced mode installation and then click Next.

11. The next screen warns about some operating system compatibility with some older clients.

For more information you can view the support documentation from Microsoft and after you have read through it go ahead and click Next.

12. Next is the Choose Deployment Configuration screen and you can choose to add a domain to an existing forest or create a forest from scratch.

Choose Create a new domain in a new forest and click Next.

13. The Name the Forest Root Domain wants you to name the root domain of the forest you are creating.

For the purposes of this test we will create ADExample.com. After typing that go ahead and click Next.

14. The wizard will test to see if that name has been used, after a few seconds you will then be asked for the NetBios name for the domain.

In this case I will leave the default in place of ADEXAMPLE, and then click Next.

15. The next screen is the Set Forest Functional Level that allows you to choose the function level of the forest.

Since this is a fresh install and a new forest with no additional prior version domains to worry about I am going to select Windows Server 2008. If you did have other domain controllers at earlier versions or had a need to have Windows 2000 or 2003 domain controllers (because of Exchange for example), then you should select the appropriate function level.

Select Windows Server 2008 and then click Next.

16. Now we come to the Additional Domain Controller Options where you can select to install a DNS server, which is recommended on the first domain controller.

If this was not the first domain controller you would have the options of installing Global Catalog and/or setting this as a Read-only Domain Controller. Since it is the first domain controller, Global Catalog is mandatory, and a RDOC controller is not an available option.

Let’s install the DNS Server by placing a check next to it and clicking Next.

17. You will get a warning window about delegation for this DNS server cannot be created, but since this is the first DNS server you can just click Yes and ignore this warning.

18. Next you can choose to place the files that are necessary for Active Directory, including the Database, Log Files, and SYSVOL.

It is recommended to place the log files and database on a separate volume for performance and recoverability. You can just leave the defaults though and click Next.

19. Now choose a password for Directory Services Restore Mode that is different than the domain password. Type your password and confirm it before hitting Next.

Note: You should use a STRONG password for this and will be warned if it doesn’t meet criteria.

20. Next you will see a summary of all the options you have went through in the wizard.

If you plan on creating more domain controllers with the same settings hit the Export settings … button to save off a txt copy of the settings to use in an answer file for a scripted install. After exporting and reviewing settings click on Next.

21. Now the installation will start including the DNS server option if selected. You will notice a box to Reboot on completion that you can check to reboot soon as everything is installed (A reboot is required you can do it manually or use this function to do it automatically).

NOTE: This can be from a few minutes to several hours depending on different factors.

Confirming Active Directory Domain Services Install

When you reboot you will be asked to login to the domain, and be able to open Active Directory Users and Computers from the Administrative menu.

When you do you will see the domain ADExample.com and be able to manage the domain.

You have now successfully installed Active Directory Domain Services and the first Domain Controller.

Windows Server 2008 Active Directory — Creating Users is Easy!

Creating a New User Account

1. To start let’s go ahead and open up Server Manager

2. Then we will open up the Roles section — next to Active Directory Users and Computers section and finally the Active Directory Users and Computers.

You should now see your domain name.

3. We are going to click on our Users section where we are going to create a new User Account. To do so, right-click on the blank section, point to New and select User.

4. In this window you need to type in the user’s first name, middle initial and last name. Next you will need to create a user’s logon name.

In our example we are going to create a user account for Billy Miles and his logon name will be bmiles. When done, click on the Next button.

5. In the next window you will need to create a password for your new user and select appropriate options.

In our example we are going to have the user change his password at his next logon. You can also prevent a user from changing his password, set the password so that it will never expire or completely disable the account.

When you are done making your selections, click the Next button.

6. And finally, click on the Finish button to complete the creation of new User Account.

Creating a User Template

A user template in Active Directory will make your life a little easier, especially if you are creating users for a specific department, with exact same properties, and membership to the same user groups.

A user template is nothing more than a disabled user account that has all these settings already in place. The only thing you are doing is copying this account, adding a new name and a password.

You may have multiple user templates for multiple purposes with different settings and properties. There is no limit on the number of user templates, but keep in mind that they are there to help you, not to confuse you, so keep in mind less is better.

To create a user template, we are going to create a regular user account just like we did above. A little note here, you may want to add an * as the first character of the name so it floats at the top in AD and is much easier to find.

1. To start out, right-click on the empty space, point to new, and select User.

2. Type in the user’s name (with asterisks if so desired) and click Next.

3. Create the template’s password and do not forget to check the box next to the Account is disabled option. When ready, click Next.

4. Once the account is created, you can go ahead and add all the properties you need for that template. To do so, double-click on that account and navigate to a specific tab. Once done click OK.

Using a Template

1. Now in order to use that user template, we are going to select it, copy it and add the unique information such as user name, password, etc.

We can do that for as many users as needed. Let’s start by right-clicking on the template and selecting Copy.

2. Next we are going to enter the user’s name, login and password information while making sure the checkbox next to Account is disabled is unchecked.

3. Once we finish, our new user account is created with all the properties of the template account. Now wasn’t that easy!