Build and Deploy the First Domain Controller

Cc526432.chm_head_left(en-us,TechNet.10).gif Cc526432.chm_head_middle(en-us,TechNet.10).gif Cc526432.chm_head_right(en-us,TechNet.10).gif
Build and Deploy the First Domain Controller

Before you add the other infrastructure components, you must build and deploy the first domain controller, AD01.

Before you proceed, make sure you have reviewed the System Requirements.

  1. Prepare the First Domain Controller
  2. Promote the First Domain Controller
  3. From Now On, Log On as a Member of the Domain Administrators Group
  4. Check the DNS Zone for the First Domain Controller
  5. Verification Step
  • Microsoft Windows Server 2003 R2 Media
Prepare the First Domain Controller

Perform a default installation of Microsoft Windows Server 2003 R2 on AD01. This requires you to first install Windows Server 2003 with SP1, then install Windows Server 2003 R2.

Procedure DWCM.1: To install Windows Server 2003 R2 on AD01
  1. Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 1 integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.
  2. After Setup for Windows Server 2003 with SP1 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and, in the \Cmpnents\R2 folder, click Setup2.exe. Follow the instructions on your screen to upgrade to R2.

Prepare this server by enabling Remote Desktop, installing Microsoft .NET Framework 2.0, installing the Windows Server 2003 Support Tools, and installing the latest updates from Microsoft.

Procedure DWCM.2: To prepare ADO1
  1. Enable Remote Desktop. Click Start, point to Control Panel, click System, and then, on the Remote tab, select Enable Remote Desktop on this Computer.
  2. Install the Microsoft .NET Framework 2.0.
  3. Install Support Tools from the Support Tools directory on the Windows Server 2003 CD.
  4. Apply any released updates to Windows Server 2003 by using Microsoft Update.
Promote the First Domain Controller

Promote this domain controller by running DCPromo. During this process you will configure your new Active Directory directory service domain, install DNS, and set this server to use the local DNS server for name resolution, and configure permissions to be compatible with only servers running Windows Server 2003. You will be required to reboot the server after running DCPromo.

Procedure DWCM.3: To deploy the first domain controller, AD01
  1. To start the Active Directory Installation Wizard, click Start, click Run, type DCPromo, and then click OK.
  2. Continue through the Active Directory Installation Wizard.
  3. On the Domain Controller Type page, make sure the Domain controller for a new domain option is selected.
  4. On the Create New Domain page, select Domain in a new forest.
  5. On the Install or Configure DNS page, select No, just install and configure DNS on this computer.


    If you have any network interface cards (NICs) on the server that are configured for Dynamic Host Configuration Protocol (DHCP) or already have a DNS server specified, you will not see this dialog box; instead, you will be asked to configure DNS in a later dialog box.

  6. On the New Domain Name page, enter the full DNS name for the new domain. For example, in this architecture, the full DNS name to enter is
  7. On the NetBIOS Domain Name page, accept the default. For example, in this architecture the Domain NetBIOS name to enter is FABRIKAM.
  8. On the Database and Log Folders page, click Next to accept the default database and log locations.


    If your domain controllers have more than one hard disk drive, the recommended configuration is to keep the database and the log file on different hard disk drives.

  9. On the Permissions page, ensure that Permissions compatible only with Windows 2000 or Windows Server 2003 Operating Systems is selected.
  10. On the Directory Services Restore Mode Administrator Password page, enter a strong password, and then click Next.
  11. On the Summary page, ensure that the settings indicated in the You chose to dialog box are accurate.


    Unless you installed DNS components when installing the server, you will be prompted for the location of the files. Insert your installation CD or enter a location on your local disk or your network.

  12. When the process is complete, click Finish.
  13. Click Restart Now to restart the server.
From Now On, Log On as a Member of the Domain Administrators Group

From this point on in the deployment, for all of the servers that you configure, you need to log on to machines using an account that is a member of the Domain Administrators group-unless specifically instructed otherwise.

Check the DNS Zone for the First Domain Controller

After logging on to the domain controller as a domain administrator, check the DNS zone for and ensure that you have four new folders in your zone (_msdcs, _sites, _tcp, and _udp). These new folders reflect the proper registration of your new domain controller in DNS. Without these four folders, your domain controller will not function correctly.

Procedure DWCM.4: To check the DNS zone for your new domain controller, AD01
  1. Click Start, point to Administrative Tools, and then click DNS.
  2. Expand AD01, expand Forward Lookup Zones, and then expand
  3. Confirm that the _msdcs, _sites, _tcp, and _udp folders exist.

If you do not see all four folders (_msdcs, _sites, _tcp, and _udp), your domain controller is not functioning properly. You can solve this problem by forcing the registration of the domain controller in DNS by using the NETDIAG support tool. To do this, at a command prompt, type NETDIAG /FIX.

After this command is complete, you should see all four folders in your DNS zone. You can also force registration by stopping and restarting the Net Logon service. However, the NETDIAG tool provides a great deal of additional useful information.

Verification Step

To validate that your domain controller is working as specified, run the DCDiag tool from a command prompt. DCDiag was installed as part of the Windows Server 2003 Support Tools. The most important test you will see is the first one, which is connectivity. This test will tell you if your domain controller is properly registered in DNS. If your tests are successful, you have a healthy domain controller. A typical successful output will start as follows:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\AD01
      Starting test: Connectivity
         ......................... AD01 passed test Connectivity

For questions about Group Policy, see Windows Server 2003 Group Policy.