Install Active Directory on the First Forest Root Domain Controller
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Install Active Directory by running the Active Directory Installation Wizard on the computer that you want to make the first forest root domain controller. The Active Directory Installation Wizard creates the Active Directory database and initializes the directory data in the database.
In addition, on the first domain controller in a domain, the wizard also:
Prompts the administrator to verify the installation and configuration of the DNS Server service.
Configures DNS recursive name resolution by forwarding, by adding the IP addresses of the existing entries for Preferred DNS server and Alternate DNS server to the list of DNS servers on the Forwarders tab of the Properties sheet in the DNS snap-in for the domain controller.
Notes
If you want to set different forwarders, or do not want to enable forwarding, you can change this setting manually by using the DNS snap-in.
If your domain controller is multihomed, forwarding is not configured automatically.
For manual configuration instructions, see "Verify DNS Server Recursive Name Resolution on the First Forest Root Domain Controller" later in this chapter.
Configures DNS recursive name resolution by root hints, by adding the root hints that are configured on the Preferred DNS server
Configures the Preferred DNS server to point to the DNS server that is running locally on the domain controller, and configures the Alternate DNS server to point to the DNS server that is connected through the minimum number of network segments.
Creates two application directory partitions that are used by DNS. The DomainDnsZones application directory partition holds domain-wide DNS data, and the ForestDnsZones application directory partition holds forest-wide DNS data.
To install Active Directory on the first forest root domain controller
Log on to the Windows Server 2003–based member server.
At the command line, type:
dcpromo
– Or –
Open Administrative Tools and click Configure Your Server Wizard. Select Domain Controller (Active Directory) to configure your domain controller. After the Configure Your Server Wizard finishes, the Active Directory Installation Wizard begins.
Use Table 6.1 to complete the Active Directory Installation Wizard. Table 6.1 includes the specific actions taken by Trey Research as they deploy their first forest root domain controller, SEA-TRC-DC01.
Table 6.1 Information to Install Active Directory on the First Forest Root Domain Controller
Wizard Page or Dialog Box Action Example Domain Controller Type
Select Domain controller for a new domain
Create New Domain
Select Domain in a new forest
New Domain Name
Type the full DNS name of the domain.
trccorp.treyresearch.net
NetBIOS Domain Name
Confirm or type the NetBIOS name.
TRCCORP
Database and Log Folders
Type the folder locations specified by your design.
Database folder: C:\WINNT\NTDS
Log folder: D:\Logs
Shared System Volume
Confirm or type the location specified by your design.
C:\WINNT\SYSVOL
DNS Registration Diagnostics
For organizations with an existing DNS infrastructure, a message will indicate that the wizard cannot contact the DNS server with which this DC will be registered. This is because the pre-created delegation record points to the local computer and DNS has not been installed on the domain controller at this point.
Select Install and configure the DNS server on this computer and set this computer to use this DNS server as its preferred DNS server.
Before running the Active Directory Installation Wizard, the Trey Research deployment team set the Preferred DNS server to 172.16.24.4, which is the IP address of a DNS server in the parent zone, treyresearch.net. This address will be automatically moved to the list of forwarders, and Preferred DNS server will be set to the local host.
Permissions
Select the security level specified by your design:
- Permissions compatible with pre-Windows 2000 server operating systems
- Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems
Because Trey Research currently has server programs running on Windows NT 4.0 servers, they selected Permissions compatible with pre-Windows 2000 server operating systems.
Directory Service Restore Mode Administration Password
In the Password and Confirm password boxes, type any strong password.
- Permissions compatible with pre-Windows 2000 server operating systems
For more information about installing and removing Active Directory, see the Active Directory Collection of the Windows Server 2003 Technical Reference (or see the Active Directory Collection on the Web at https://www.microsoft.com/reskit).