dinsdag 22 mei 2012
Configuring the Domain Controller
This blog describes the steps I made to install my Domain Controller. The starting point is Windows 2008 R2, with all available updates until 20th of May 2012 and Remote Desktop Access is enabled.
First step to make is configuring the TCP/IP settings to match my current network configuration.
The preferred DNS is using the local host addressing to make sure the DC01 will be able to find is own DNS environment. The Alternate DNS point to my Router.
Start the Server Manager tooling and click Add Role
On the Before You Begin screen click Next
On the Select Server Roles screen mark the check box “Active Directory Domain Services”
A message box appears to add the required features that makes it possible to install the Active Directory Domain Services. Click Add Required Features.
Click Next to continue installation of the Active Directory Domain Services.
On the next screen features of the Active Directory Domain Services are explained including the components that will be installed for making DC01 a fully runnable Domain Controller. Click Next.
On the Confirm Installation screen read if you want and then click Install
Installation is running, have some patients to let it finish.
In my case the Installation Results windows shows a Warning about not having enabled automatic update. I like to know what is happening when updating this server and keep it this way. It’s your own choice, click close to continue.
On the server manager screen we can see that the Active Directory Domain Services is installed but shows a red cross. This is because we need some other steps to complete.
Click the Windows Start button and type dcpromo in the search box. When in the Programs list dcpromo appears right click it and select “Run as Administrator”.
A small screen appears that checks all is installed to get on with dcpromo.
On the Welcome screen click Next
My demo & test environment contains only Windows 2008 or higher server editions. This message warns for using “older” security based servers. Read if you like and then click Next.
This will be the first domain controller for a new forest, so select create a new domain in a new forest and click next.
Now we need to name the forest root domain, you can choose what you like, mine is going to be demo.local and click Next
A window appears that’s going to check or the given root domain is available.
Now we need to choose the forest functional level, if you plan to add multiple domain controllers to the forest based on different Windows Server editions you need to make the choice you need. In my environment I will not add Server edition lower then Windows 2008 Server, so that is selected and then click Next.
Same for the domain functional level
The install will now check or DNS is configured…
This is the first DC in the domain so all settings are as desired, click Next
A warning appears that A delegation for this DNS server connect be created …… this is correct, it’s the first DC/DNS in the domain and I’m not integrating with an other domain. Click Yes to continue.
I leave all locations as default and click Next
Type your Restore mode password and click Next. Remember it if you ever need to access the restore mode…
On the Summary screen you can read the selections you made and then click next to start configuration.
When this is a try and you would not like to do this again you can Export your settings to a Answer file to use for unattended installation.
The installation will now start, have patients to let if finish….
Click Finish to complete the installation…
The restart screen appears, I select DO NOT RESTART…. Because I want to clear all windows logs before restarting…
Click Windows Start button, type eventvwr in the search box and hit enter.
The Event Viewer screen will appear, open the Windows Logs node, right click the Application node and select clear log, click clear in the appearing windows.
Repeat above step for security, setup and system log.
Now restart your server! It might take a while before it’s up and running again……
The first thing that you might notice is that you can’t login based on your local credentials.
This is now a Domain Controller so you need to login with a domain account, you local account is converted automaticly so you only need to choose your domain. Click Use another account.. type <domain>\<user> to login.
After you logged in check the Windows Logs with the Event Viewer to see or there are a lot of issues. In my case only the time services needs some attention, this is the primary domain server so he can’t find a top level time services above him. I will fix this later.
Also an error eventId14550 is logged. See http://technet.microsoft.com/en-us/library/ee411032(v=ws.10).aspx for more information…
The simple thing is during startup this services can’t register, following the instructions on the given URL should fix this.
And yes, it’s now starting successful
We are finished for now, in administrative tools the DNS / DC tools are available, start playing…
All is there?
The root domain:
We can manage Active Directory:
And also DNS seems to be up and running…
Hope you enjoy this blog! When you have comments, better solution and recommendation I like to hear from you.
Dynamic Intelligence | LinkedIn | Blog | Twitter