Active Directory is a huge topic in itself. While DCPROMO is easy to run, planning of both the physical and the logical structure is the key to a trouble free active directory. Good news, in Server 2003 you can rename the both the domain itself and the domain controller (Renaming was greyed out in Windows 2000).
Domain controllers do not have to be your most powerful machines, however they
must be reliable and always available to answer logon requests. Decide which
DCs will hold which FSMO (Flexible single master operations) role. By default,
only the first server is a GC (Global Catalog). Having at least one GC on each
site will improve any service which makes and LDAP request for Active Directory
names.
To install and configure the domain controller, you will perform the following tasks:
1) Install the Windows Server 2003 operating system.
2) Install Active Directory on the domain controller, and configure the server role.
3) Configure DNS.
4) Install the Application Server role (Internet Information Services [IIS],
ASP.NET). This step is only necessary for servers hosting Software Update
Services (SUS) and is not a core requirement for a DC.
To install Windows Server 2003
1) Boot from your Windows Server 2003 operating system CD-ROM. Follow the
instructions in the documentation for Windows Server 2003 to install the
operating system on the computer that is to be your domain controller. Create
disk partitions with the following properties.
Note
If your LAN includes a second server, you can choose to create only one
partition on the domain controller’s hard drive, to store the operating system,
and use the other server for storing additional software and data.
2) During Windows Setup, enter the following values:
Computer Name: Enter DC01.
Administrator Password: Enter a strong password.
Important
Computer security requires the use of a strong password for your administrator
account. A strong password has from 7 through 14 characters, and contains
letters (both uppercase and lowercase), numerals, and symbols (all other
characters, such as $%*&). The password should contain at least one symbol
character in the second through sixth positions.
Network settings: Select typical settings.
When prompted about whether this computer is part of a Workgroup or Computer
Domain, select Workgroup and accept the default name of
Workgroup.
After the computer restarts, log on as Administrator.
Click Start, point to All Programs, and click
Activate Windows. Follow the prompts to activate and register
your copy of Windows Server 2003 through the Internet.
If you cannot access the Internet, refer to your router and modem instructions
for troubleshooting assistance.
To configure the server as a domain controller:
Click Start, and click Manage Your Server.
Select Custom Configuration. Click Add or remove a role,
and then click Next. Wait for the wizard to review the
computer’s current configuration.
Select the Domain Controller (Active Directory) role. Proceed
to run the Active Directory Installation Wizard. Use the following values as you
are prompted for them:
Select Domain controller for a new domain.
Select Domain in a new forest.
Enter your domain name (in the sample configuration, this is adatum.com).
Accept the default values for Domain NetBIOS name,
Database folder, Log folder, and SYSVOL folder
location.
Because DNS has not yet been installed on this server, the DNS
Registration Diagnostics will indicate that none of the DNS servers
used by this computer responded within the timeout interval.
Select Install and configure the DNS server on this computer, and set
this computer to use this DNS server as its preferred DNS server.
Select Permissions compatible only with Windows 2000 or Windows
Server 2003 operating systems.
In the Directory Services Restore Mode Administrator Password
field, enter a strong password.
The wizard will notify you that the computer has a dynamically assigned IP
address. Typically you would not assign a dynamic IP address to a domain
controller. However, this configuration is acceptable for this simple network in
which the router is used as the DHCP server.
When the Local Area Connection Properties page displays, click
Cancel.
When the wizard finishes configuring Active Directory, select Restart
Now. After the computer has restarted, click Finish.
No comments:
Post a Comment