Install Active Directory

Another day, another subject, after the installation of Server 2008 we are left with an empty server. No roles, no features, just the operating system.

So it’s time to add some roles to the server. One of the most important roles on the Windows server platform is Active Directory. It’s the base for your network, it provides user authentication and rights assignment. And many other applications use it’s database, Microsoft Exchange for instance, requires the use of Active Directory.

So we just start where I left off yesterday, I have set a workstation name and other settings in that initial configuration tasks screen, rebooted the server and after reboot and logon I’m again presented with the Server Manager, from where I will add the Active Directory role to the server.

So  go to Roles on the right side of the server manager.

empty

then on the left side click add roles and you will be presented with a wizard, you can actually disable this wizard, as it will show each time when you add a role. Just tick the skip this page by default box and press next.

Now you will see all the roles that are available on this version of Server 2008 (Enterprise), this list can be expanded when you add out of band roles (like for instance Windows streaming Media services).

server roles

From this page, we will select Active Directory Domain Services, when we press next, we are presented with an information screen, where we can get an overview of AD DS, get more information on installing AD DS and we can view common configurations of AD DS.

We just press next here and get it over with 🙂

Now we get a confirm screen, where we just press install.

ad install

Installation is in progress.

It takes a while, but it’s actually pretty fast. Of course this procedure only copies the binaries to the system, it doesn’t actually configure Active Directory, for that we need good old Dcpromo.exe Which Windows tells us about in the next screen:

ad install finished

So we just press close (we don’t really have any choice in the matter anyway).

By doing the above, we end up in the server manager again, for where we can actually start Dcpromo.exe.

Please note that on the left side of the server manager, we now have a new option (since we added the AD DS role), so let’s go there and we will see the following screen, where we can initiate dcpromo.exe:

dcpromo

When we click on the dcpromo.exe link, the wizard is started, at the first screen we choose advanced mode installation  (we might want to customize some things), and then press next, when we are presented with a screen that deals with tighter security on Server 2008 and the impact it might have on “legacy” systems like Windows NT. And the higher SMB security that might influence such systems as well, we just press next. In the next screen we select create a new domain in a new forest and press next again (don’t we just all like those wizards). In the next screen we need to name the domain, I entered testcompany.nl (yeah I know not very original, but hey I’m a techie not a writer with imagination) and pressed next.

The wizard is now checking whether this domain name is already in use on the network, after this check, we will need to enter the netbios name of the domain, the suggestion is testcompany (without the .nl !) which suits me fine and is the normal way of setting this value anyway.

The next screen deals with forest functional level, which I set to Server 2003, the screen explains the consequences of each choice. After this screen the domain functional level is set (again Windows 2003 in my case).

dns

Then we get a screen where we can select to install a dns server, it’s already selected and with good reason, as your domain will not function without a dns server, of course if you happen to have one already, you might not want to install another one, but we are building a network from scratch so we make the obvious choice to install the Dns server on this server (which is merely another role that will be added to the server).

After I press next, I get a warning message about dynamically assigned IP addresses, I did actually set the server’s IP V4 address to 192.168.0.200, but left the IP V6 address at dynamically assigned,  I could have set a fixed IP address for this as well, but my test network doesn’t run IP V6, so I did not bother to set it. Of course I could have unbinded the IP V6 stack, but left it.

After I confirmed the previous warning screen,  the wizards is panicking about not being able to create a delegation for this DNS server, which is obvious as we don’t have any dns servers yet, so no need to panic really. I want to continue, and are presented with a screen where I can set the location of the database, log and syslog folder, I  just leave them at the default values and press next. Now we have to set the DS restore mode admin password, which needs to follow the same rules as the administrator password (providing you didn’t change the local security policy, set the password and press next. Finally we are presented with a summary page, on which our selections and settings are summarized, press next and the wizard will actually install and configure Active Directory.

ad progress

After a while, the installation will finish, and we are presented with the final screen where we can press finish, of course the system suggests us to reboot (which is quite obvious, and I followed that suggestion.

After the reboot, we now have Active Directory and a DNS server added as roles to our server.

Our base infrastructure is complete, which enables us to add more roles. As I wrote in the install server 2008 post, one of interest is SSTP, for which I kind of laid the groundwork (even though not strictly necessary).

To be continued (to use yet another cliche).