Install and Configure the Domain Controller
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To install and configure the domain controller, you will perform the following tasks:
Install the Windows Server 2003 operating system.
Install Active Directory on the domain controller, and configure the server role.
Configure DNS.
Install the Application Server role (Internet Information Services [IIS], ASP.NET). This step is only necessary for servers hosting Software Update Services (SUS) and is not a core requirement for a DC.
To install Windows Server 2003
Boot from your Windows Server 2003 operating system CD-ROM. Follow the instructions in the documentation for Windows Server 2003 to install the operating system on the computer that is to be your domain controller. Create disk partitions with the following properties.
Partition Use File System Size Primary
Operating System
NTFS
At least 2 gigabytes (GB)
Secondary
Applications
NTFS
Remaining space
Note
- If your LAN includes a second server, you can choose to create only one partition on the domain controller’s hard drive, to store the operating system, and use the other server for storing additional software and data.
During Windows Setup, enter the following values:
Computer Name: Enter DC01.
Administrator Password: Enter a strong password.
Important
Computer security requires the use of a strong password for your administrator account. A strong password has from 7 through 14 characters, and contains letters (both uppercase and lowercase), numerals, and symbols (all other characters, such as $%*&). The password should contain at least one symbol character in the second through sixth positions.
Network settings: Select typical settings.
When prompted about whether this computer is part of a Workgroup or Computer Domain, select Workgroup and accept the default name of Workgroup.
After the computer restarts, log on as Administrator.
Click Start, point to All Programs, and click Activate Windows. Follow the prompts to activate and register your copy of Windows Server 2003 through the Internet.
If you cannot access the Internet, refer to your router and modem instructions for troubleshooting assistance.
To configure the server as a domain controller
Click Start, and click Manage Your Server. Select Custom Configuration. Click Add or remove a role, and then click Next. Wait for the wizard to review the computer’s current configuration.
Select the Domain Controller (Active Directory) role. Proceed to run the Active Directory Installation Wizard. Use the following values as you are prompted for them:
Select Domain controller for a new domain.
Select Domain in a new forest.
Enter your domain name (in the sample configuration, this is adatum.com).
Accept the default values for Domain NetBIOS name, Database folder, Log folder, and SYSVOL folder location.
Because DNS has not yet been installed on this server, the DNS Registration Diagnostics will indicate that none of the DNS servers used by this computer responded within the timeout interval.
Select Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS server.
Select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems.
In the Directory Services Restore Mode Administrator Password field, enter a strong password.
The wizard will notify you that the computer has a dynamically assigned IP address. Typically you would not assign a dynamic IP address to a domain controller. However, this configuration is acceptable for this simple network in which the router is used as the DHCP server.
When the Local Area Connection Properties page displays, click Cancel.
When the wizard finishes configuring Active Directory, select Restart Now. After the computer has restarted, click Finish.
To configure the server as a DNS server
From the Manage Your Server screen, click Manage this DNS server.
Right-click DC01, click Configure a DNS Server, and then click Next.
Select Create aForward Lookup Zone.
Select This server maintains the zone. Type your domain name for the zone; for example, adatum.com.
Select Allow dynamic updates.
Select Yes, forward queries to DNS servers with the following IP addresses, and type the IP address of the NAT router.
Exit the Manage DNS Server snap-in.
Note
- You will receive a message that the forward lookup zone cannot be added to the server, because the zone already exists. This is because the zone was created when the DNS server role was initially configured. This message does not indicate an error condition.
To install Application Server (IIS, ASP.NET)
IIS is a necessary component for SUS. Use Manage Your Server to install IIS.
From the Manage Your Server screen, click Add or remove a role, and then click Next.
Select Application Server (IIS, ASP.NET), and run the IIS Installation wizard. Do not load FrontPage Server Extensions, and do not Enable ASP.NET unless you need them for applications beyond the scope of this chapter.
To confirm that you have completed installing server roles
In Manage Your Server, verify that your server has been configured with the following roles:
Application Server (for IIS)
Domain Controller (Active Directory)
DNS server
Close the Manage your Server program.
Tip
- With Windows Server 2003, remote administration capability is built into the domain controller server role. Use the Remote Desktop for Administration program from any other computer to administer this server. As an extra security measure, it is recommended that you require smart card security for anyone who logs onto the DC remotely. For information about smart cards, see "Deploying Smart Cards" in Designing and Deploying Directory and Security Services of this kit. For more information about using Remote Desktop, see "Remote Desktop for Administration" in Help and Support Center for Windows Server 2003.