Installation Prerequisites and Verifications
The Active Directory Installation Wizard confirms several configuration and security parameters before it proceeds with Active Directory installation. Different checks are required for different conditions, depending on the type of domain controller that is being installed. The purpose of this verification routine is to validate the parameters that you specified with respect to the directory service that this server is about to join.
The Active Directory Installation Wizard requires 200 megabytes (MB) of disk space for the Active Directory database and 50 MB for the ESENT transaction log files. File size requirements for the Active Directory database and log files depend on the number and type of objects in the domain database (or databases held by the forest, if the computer is serving as a Global Catalog server).
When you start the Active Directory Installation Wizard, the following checks are performed before the wizard user interface actually appears:
The current user is logged on to the local computer as a member of the Administrators group on the local computer.
The computer is running Windows 2000 Server.
A previous installation or removal of Active Directory has not taken place without the computer having first been restarted.
The Active Directory Installation Wizard is not currently running.
An installation or removal operation of Active Directory is not already in progress.
At least one logical disk drive is formatted with the NTFS v5 file system.
For more information about formatting a logical disk drive to NTFS v5, see "Running Setup" and "File Systems" in the Microsoft ® Windows ® 2000 Professional Resource Kit .
Verify Unique Names
The following name checks are performed for the installation of domain controllers in an existing domain and new domains in an existing forest:
For both the installation of an additional domain controller in the domain and the installation of a new domain in an existing forest, the server name must not exist as a relative distinguished name of an NTDS Settings object in the site to which the domain controller is being added. If the wizard finds an NTDS Settings object with the same relative distinguished name as the server name, the wizard deletes the existing object and assumes that you are requesting a reinstallation.
For the installation of a new domain in an existing forest, the NetBIOS name of the domain also must not exist as a relative distinguished name of a cross-reference object in the cn=partitions,cn=configuration,dc= forestRootDomain container.
For the installation of a new forest, the preceding checks are not performed because there is no source domain controller.
For more information about NTDS Settings objects, see "Active Directory Replication" in this book. For more information about cross-reference objects, see "Name Resolution in Active Directory" in this book.
Verify That TCP/IP Is Installed
In all cases of domain controller installation, the wizard checks the network configuration for the presence of TCP/IP. If TCP/IP is not installed or a DHCP-provided address is not available, you must install and configure TCP/IP and provide a subnet and default gateway IP address.
Providing a static IP address is not a requirement for the installation of a domain controller.
Verify That DNS Client Is Configured
The wizard checks to see whether the DNS client is configured on the server. DNS client configuration is part of TCP/IP configuration and consists of providing the IP address of one or more DNS servers on the network. Because DNS is used to locate domain controllers, the DNS database should contain a resource record that can be used to locate a domain controller in each domain. When Active Directory is installed on a server that is to become the first domain controller in a new domain, the wizard attempts to find a DNS server that supports dynamic updates and that is authoritative for the name of the domain in which the server is to be a domain controller. The installation computer cannot find such a DNS server if it does not exist (for example, when you are installing a new forest) or if the DNS client on the server is not configured with the valid IP address of at least one DNS server that should be used for DNS name resolution. In either case, you are prompted to choose whether to allow the wizard to install and configure the DNS server locally during the installation process or to install and configure DNS manually after Active Directory is installed. In the case of an additional domain controller in an existing domain, a DNS server that is running on the network is assumed and a search for an authoritative DNS server is not performed.
For more information about automatic DNS configuration and DNS requirements for Active Directory, see "Windows 2000 DNS" in the TCP/IP Core Networking Guide .
Get and Validate the DNS Domain Name
During the creation of a new domain, you must provide a name for the domain and specify the parent domain if any. The wizard must determine that the parent domain exists and that the name for the new domain is unique in the forest. If the name that you provide for the domain is not valid, the Active Directory Installation Wizard requests a different name.
Get and Validate the NetBIOS Name
Unless you are creating a new domain as the result of a primary domain controller upgrade, a NetBIOS name is generated from the DNS domain name. In the case of the primary domain controller upgrade, the NetBIOS name is the previous NetBIOS name of the domain. The Active Directory Installation Wizard prompts you to either change or to accept the NetBIOS name that is derived from the domain name. The wizard then verifies that the NetBIOS name is unique on the network.
Enter Administrative Password
For an upgrade, the existing server accounts are migrated. For a fresh installation, all local accounts and passwords (except the accounts that belong to Power Users) are preserved. During an Active Directory installation, the user does not have the option of entering a new administrative password. During a removal of Active Directory, you have the option of entering an administrative password for the local Administrator account, which is created by the Active Directory Installation Wizard.
Get Credentials for the User
To create a new domain controller, the Active Directory Installation Wizard requires an administrative account and password. Unless you are creating a new forest, administrative credentials are checked by the Active Directory Installation Wizard.
To create an additional domain controller in an existing domain, the credentials that are provided must be sufficient to join the computer to the domain that is being replicated and to create an NTDS Settings object in the Configuration container that is being replicated.
To create a child domain, the credentials of a member of the Enterprise Admins group must be provided, or a child domain must have been previously created in Active Directory by a member of the Enterprise Admins group.
To create a new tree-root domain, the credentials of a member of the Enterprise Admins group must be provided.
The wizard requests credentials in the form of a user name, password, and domain. The wizard accepts the user name only in the form of a logon user identifier (for example, johnSmith). A user principal name (UPN), which has the form johnSmith@ domainName , is not accepted.
If you are not logged on as a domain administrator, the wizard prompts you to provide the name and password for an appropriate administrative account.
When you install or remove a domain in the forest, the domain controller that holds the domain naming master role must be available and reachable by the RPC protocol.
For more information about the domain naming master, see "Managing Flexible Single-Master Operations" in this book, and see Windows 2000 Server Help.
Get and Verify File Paths
During Active Directory installation, the locations for the Active Directory database file, log file, and system volume (Sysvol) share are set. The system volume provides a default Active Directory location for files that categorically must be shared for common access throughout the domain. Creation of the system volume requires an NTFS v5 volume. If an NTFS v5 volume cannot be found, or if there is not sufficient free disk space to complete the installation, installation of the domain controller cannot proceed. The system volume objects are created later, after the computer has been restarted.
For reasons of security, it is recommended that you install Ntds.dit on an NTFS volume as well, although it is not required by the Active Directory Installation Wizard.
The wizard provides the opportunity to select the location for the Ntds.dit file, the Active Directory log files, and the Sysvol directory. For optimum domain controller performance, select separate physical hard disks for the Ntds.dit file and for the Active Directory log files.
The Active Directory Installation Wizard determines the site to which to add the new domain controller. It checks existing sites to determine whether the subnet of the computer that you are installing is found. If the subnet is not found in the site that contains the source domain controller, you can select an existing site to which to add the computer. If you want to create a new site for this domain controller, you can create the new site after Active Directory is installed. The domain controller then can be moved from the installation site to the new site.
When you are using an unattended installation, you can specify a site with the SiteName parameter in the answer file.
The site determination process is as follows:
The Active Directory Installation Wizard attempts to use the Locator to find the site in which the computer is currently located. If the Locator does not return a site for the computer (that is, the computer's subnet is not associated with a site), the wizard assumes that the site for the new domain controller is the site of the source domain controller.
When you are installing the first domain in a forest, the default site, Default-First-Site-Name, is used.
When the wizard has determined the correct site, it then checks to be sure a site object exists in Active Directory for that site. It also checks to be sure that a server object exists for the additional domain controller.
If a server object does not exist, the wizard creates an object for the server.
If the server object does exist, the associated NTDS Settings object is deleted and then recreated for the new domain controller. (An NTDS Settings object is created for each domain controller in the forest. If the NTDS Settings object already exists, the wizard performs as if this domain controller is being reinstalled.)
The NTDS Settings object is always created on a remote server (the source domain controller) for an additional domain controller. For a new domain, the NTDS Settings object is created on the computer that has the domain naming master role for a new domain. During replication of the Configuration container, the NTDS Settings object is then replicated to all domain controllers. (For more information about the domain naming master role, see "Managing Flexible Single-Master Operations" in this book, and see Windows 2000 Server Help.