How do I install Active Directory on my Windows Server 2003 server?
by Daniel Petri - January 8, 2009
Printer Friendly Version
First make sure you read and understand Active Directory Installation Requirements. If you don't comply with all the requirements of that article you will not be able to set up your AD (for example: you don't have a NIC or you're using a computer that's not connected to a LAN). Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as a new replica DC in an existing domain. In order to install a Windows Server 2003 DC in an EXISTING Windows 2000 Domain follow the Windows 2003 ADPrep tip. Windows 2000 Note: If you plan to install a new Windows 2000 DC please read How to Install Active Directory on Windows 2000. Windows 2008 Note: Install Active Directory on Windows Server 2008 provides complete instruction details for working with Windows Server 2008. Windows Server 2003 Note: If you plan to install a new Windows Server 2003 DC in an existing AD forest please read the page BEFORE you go on, otherwise you'll end up with the following error: http://images.iyunv.com/dcpromo_fail.jpg
Here is a quick list of what you must have:
A network connection (to a hub or to another computer via a crossover cable)
An operational DNS server (which can be installed on the DC itself)
A Domain name that you want to use
The Windows Server 2003 CD media (or at least the i386 folder)
Brains (recommended, not required...)
This article assumes that all of the above requirements are fulfilled. Step 1: Configure the computer's suffix
(Not mandatory, can be done via the Dcpromo process).
In the Primary DNS suffix of this computer box enter the would-be domain name. Make sure you got it right. No spelling mistakes, no "oh, I thought I did it right...". Although the domain name CAN be changed after the computer has been promoted to Domain Controller, this is not a procedure that one should consider lightly, especially because on the possible consequences. Read more about it on my Windows 2003 Domain Rename Tool page. http://images.iyunv.com/comp_id2_small.jpg
Step 2: Configuring the computer's TCP/IP settings
You must configure the would-be Domain Controller to use it's own IP address as the address of the DNS server, so it will point to itself when registering SRV records and when querying the DNS database. Configure TCP/IP
Click Start, point to Settings and then click Control Panel.
Assign this server a static IP address, subnet mask, and gateway address. Enter the server's IP address in the Preferred DNS server box.Note: This is true if the server itself will also be it's own DNS server. http://images.iyunv.com/config_lan6_small.jpgIf you have another operational Windows 2000/2003 server that is properly configured as your DNS server (read my Create a New DNS Server for AD page) - enter that server's IP address instead: http://images.iyunv.com/config_lan5_small.jpg
Click Advanced.
Click the DNS Tab.
Select "Append primary and connection specific DNS suffixes"
Check "Append parent suffixes of the primary DNS suffix"
Check "Register this connection's addresses in DNS". If this Windows 2000/2003-based DNS server is on an intranet, it should only point to its own IP address for DNS; do not enter IP addresses for other DNS servers here. If this server needs to resolve names on the Internet, it should have a forwarder configured. http://images.iyunv.com/config_lan7_small.jpg
Click OK to close the Advanced TCP/IP Settings properties.
Click OK to accept the changes to your TCP/IP configuration.
Click OK to close the Local Area Connections properties.
Step 3: Configure the DNS Zone
(Not mandatory, can be done via the Dcpromo process).
This article assumes that you already have the DNS service installed. If this is not the case, please read Create a New DNS Server for AD.
Furthermore, it is assumed that the DC will also be it's own DNS server. If that is not the case, you MUST configure another Windows 2000/2003 server as the DNS server, and if you try to run DCPROMO without doing so, you'll end up with errors and the process will fail.
Also see » What are the capabilities of Exchange Online?
Creating a Standard Primary Forward Lookup Zone
Click Start, point to All Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next. http://images.iyunv.com/int_dns5_small.jpg
The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name. For example, if the Active Directory domain is named "lab.dpetri.net", legal zone names are "lab.dpetri.net", "dpetri.net", or "net". http://images.iyunv.com/int_dns6_small.jpgType the name of the zone, and then click Next.
You should now make sure your computer can register itself in the new zone. Go to the Command Prompt (CMD) and run "ipconfig /registerdns" (no quotes, duh...). Go back to the DNS console, open the new zone and refresh it (F5). Notice that the computer should by now be listed as an A Record in the right pane.
If it's not there try to reboot (although if it's not there a reboot won't do much good). Check the spelling on your zone and compare it to the suffix you created in step 1. Check your IP settings. Enable DNS Forwarding for Internet connections (Not mandatory)
In the IP address box enter the IP address of the DNS servers you want to forward queries to - typically the DNS server of your ISP. You can also move them up or down. The one that is highest in the list gets the first try, and if it does not respond within a given time limit - the query will be forwarded to the next server in the list. http://images.iyunv.com/dns_frwd1_small.jpg
Click OK.
Creating a Standard Primary Reverse Lookup Zone
You can (but you don't have to) also create a reverse lookup zone on your DNS server. The zone's name will be the same as your TCP/IP Network ID. For example, if your IP address is 192.168.0.200, then the zone's name will be 192.168.0 (DNS will append a long name to it, don't worry about it). You should also configure the new zone to accept dynamic updates. I guess you can do it on your own by now, can't you? http://images.iyunv.com/int_dns10_small.jpg Step 4: Running DCPROMO
After completing all the previous steps (remember you didn't have to do them) and after double checking your requirements you should now run Dcpromo.exe from the Run command.
QQ群⑧:
窥视卡
雷达卡
发表于 2015-5-5 06:55:36
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡