SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Sponsor:

Would you like to sponsor this site?
Or buy me a beer?:


Recently Changed Pages:

View All Pages
View All Q Pages


View All Tags


Sign up for Q to post comments.





WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Terms And Conditions for Q users


Pages with comments

PageDateDiscussionTags
2019/03/15 16:02 1 Comment
2019/03/15 16:02 1 Comment
2019/03/15 16:02 3 Comments
2017/04/20 16:35 1 Comment
2017/04/20 15:28 1 Comment
2017/04/20 15:23 1 Comment
2017/04/19 14:44 1 Comment
2017/04/17 20:10 1 Comment
2017/04/17 20:07 1 Comment
2017/04/17 19:58 1 Comment
2017/04/17 19:52 1 Comment

View All Comments

adinstall2008r2

Active Directory 2008 R2 Basic Installation

This is an installation report of a basic installation of Microsoft's Active Directory through the tool dcpromo. The settings are based on a small AD domain design and should be set to your own settings when installing in a production environment.

This page is created for a 2008 R2 AD, if you need an explanation for 2003, look here.

Installation

To start the installation go to start → run and type dcpromo. After pressing <enter> the installation wizard first checks whether the required binaries are installed:
adinstall2008r2-01.jpg
After a while (shouldn't take more than a few minutes tops) you'll get the welcome screen of the installation wizard, where you'll just keep the default (do not select the advanced mode):
adinstall2008r2-02.jpg
Read the warning (it will just take a few seconds) and click next:
adinstall2008r2-03.jpg
Now select to create a new domain in a new forest:
adinstall2008r2-04.jpg
Enter the full FQDN name for your domain. I've found it a good practice to set this the same as your internal DNS domain suffix. Click Next:
adinstall2008r2-05.jpg
Select the functional level you require:
adinstall2008r2-06.jpg
Also select to install the DNS server, as this is a recommendation and AD is very DNS dependent:
adinstall2008r2-07.jpg
Because you're installing a new DNS server, and there is none yet available, you'll get a warning, which can be ignored in most cases:
adinstall2008r2-08.jpg
Keep the defaults, both the database and the log folder won't grow out of proportion, so just click Next:
adinstall2008r2-09.jpg
Enter a password which you'll need if you'll ever need to start AD in restore mode. Document this password properly:
adinstall2008r2-10.jpg
Check the installation summary and if everything is correct, click next:
adinstall2008r2-11.jpg
And the installation will start:
adinstall2008r2-12.jpg
When done click finish and REBOOT THE MACHINE. No seriously, please do:
adinstall2008r2-13.jpg

Check the AD installation

After the installation and after the reboot of the server it's not so wise to rush into any other installation (like Exchange). Unfortunately, Microsoft does not have the best reputation on software installations and that's not without a reason. We're going to verify if our installation went well.

Check the DC

  • Start → Run → dsa.msc (starts AD Users and Computers)
  • Check to see if the DC is listed under the 'Domain Controllers' OU.

Check the site

  • Start → Run → dssite.msc (starts AD Sites and Services)
  • Check to see if you have a 'NTDS Settings' under your DC.

Check DNS

  • Start → Run → dnsmgmt.msc (starts the DNS Management MMC snap-in)
  • Check the DNS configuration and zones.

Create Reverse Lookup Zone

By default, dcpromo creates a forward lookup zone, but no reverse lookup zone. I recommend to create one right away, this will make some tools behave nice, and prevents you from creating all kind of records manually when you have to add one later on. Right click the reverse lookup zones and select 'Add new zone'. This will give you this wizard so you can select your options:
adinstall2008r2-14.jpg
Select primary zone and keep the zone stored in AD and click Next:
adinstall2008r2-15.jpg
Set the replication to all DNS servers in the domain:
adinstall2008r2-16.jpg
Select a IPv4 reverse lookup zone:
adinstall2008r2-17.jpg
Fill in the network ID:
adinstall2008r2-18.jpg
Allow only secure updates:
adinstall2008r2-19.jpg
Click finish to complete the wizard and start using your reverse lookup zone: adinstall2008r2-20.jpg

Check folders

Check these folders to see if the content is correct:

  • C:\WINDOWS\NTDS
    • The AD database should be created (NTDS.DIT, keeps information stored about user accounts, groups, etc.)
    • The edb.chk file is a checkpoint file that points to the last committed checkpoint in the log file. The edb.log file is the name of the current log file and is for the ntds.dit transactions.
    • edbres00001.jrs and edbres00002.jrs are reserve log files in case the drive runs out of disk space. These files are always 10 MB in size.
  • C:\WINDOWS\SYSVOL
    • In the SYSVOL\domain\Policies should be two directories containing the 'Default Domain Policy' and the 'Default Domain Controllers Policy'. You won't recognize them as such since they have unique names, for example '6AC1786C-016F-11D2-945F-00C04fB984F9'.

Resources

For more information about dcpromo and AD please check Microsoft's website and this is a nice starting place.

You could leave a comment if you were logged in.
adinstall2008r2.txt · Last modified: 2013/01/06 22:55 by sjoerd