Install Active Directory

Another day, another subject, after the installation of Server 2008 we are left with an empty server. No roles, no features, just the operating system.

So it’s time to add some roles to the server. One of the most important roles on the Windows server platform is Active Directory. It’s the base for your network, it provides user authentication and rights assignment. And many other applications use it’s database, Microsoft Exchange for instance, requires the use of Active Directory.

So we just start where I left off yesterday, I have set a workstation name and other settings in that initial configuration tasks screen, rebooted the server and after reboot and logon I’m again presented with the Server Manager, from where I will add the Active Directory role to the server.

So  go to Roles on the right side of the server manager.

empty

then on the left side click add roles and you will be presented with a wizard, you can actually disable this wizard, as it will show each time when you add a role. Just tick the skip this page by default box and press next.

Now you will see all the roles that are available on this version of Server 2008 (Enterprise), this list can be expanded when you add out of band roles (like for instance Windows streaming Media services).

server roles

From this page, we will select Active Directory Domain Services, when we press next, we are presented with an information screen, where we can get an overview of AD DS, get more information on installing AD DS and we can view common configurations of AD DS.

We just press next here and get it over with 🙂

Now we get a confirm screen, where we just press install.

ad install

Installation is in progress.

It takes a while, but it’s actually pretty fast. Of course this procedure only copies the binaries to the system, it doesn’t actually configure Active Directory, for that we need good old Dcpromo.exe Which Windows tells us about in the next screen:

ad install finished

So we just press close (we don’t really have any choice in the matter anyway).

By doing the above, we end up in the server manager again, for where we can actually start Dcpromo.exe.

Please note that on the left side of the server manager, we now have a new option (since we added the AD DS role), so let’s go there and we will see the following screen, where we can initiate dcpromo.exe:

dcpromo

When we click on the dcpromo.exe link, the wizard is started, at the first screen we choose advanced mode installation  (we might want to customize some things), and then press next, when we are presented with a screen that deals with tighter security on Server 2008 and the impact it might have on “legacy” systems like Windows NT. And the higher SMB security that might influence such systems as well, we just press next. In the next screen we select create a new domain in a new forest and press next again (don’t we just all like those wizards). In the next screen we need to name the domain, I entered testcompany.nl (yeah I know not very original, but hey I’m a techie not a writer with imagination) and pressed next.

The wizard is now checking whether this domain name is already in use on the network, after this check, we will need to enter the netbios name of the domain, the suggestion is testcompany (without the .nl !) which suits me fine and is the normal way of setting this value anyway.

The next screen deals with forest functional level, which I set to Server 2003, the screen explains the consequences of each choice. After this screen the domain functional level is set (again Windows 2003 in my case).

dns

Then we get a screen where we can select to install a dns server, it’s already selected and with good reason, as your domain will not function without a dns server, of course if you happen to have one already, you might not want to install another one, but we are building a network from scratch so we make the obvious choice to install the Dns server on this server (which is merely another role that will be added to the server).

After I press next, I get a warning message about dynamically assigned IP addresses, I did actually set the server’s IP V4 address to 192.168.0.200, but left the IP V6 address at dynamically assigned,  I could have set a fixed IP address for this as well, but my test network doesn’t run IP V6, so I did not bother to set it. Of course I could have unbinded the IP V6 stack, but left it.

After I confirmed the previous warning screen,  the wizards is panicking about not being able to create a delegation for this DNS server, which is obvious as we don’t have any dns servers yet, so no need to panic really. I want to continue, and are presented with a screen where I can set the location of the database, log and syslog folder, I  just leave them at the default values and press next. Now we have to set the DS restore mode admin password, which needs to follow the same rules as the administrator password (providing you didn’t change the local security policy, set the password and press next. Finally we are presented with a summary page, on which our selections and settings are summarized, press next and the wizard will actually install and configure Active Directory.

ad progress

After a while, the installation will finish, and we are presented with the final screen where we can press finish, of course the system suggests us to reboot (which is quite obvious, and I followed that suggestion.

After the reboot, we now have Active Directory and a DNS server added as roles to our server.

Our base infrastructure is complete, which enables us to add more roles. As I wrote in the install server 2008 post, one of interest is SSTP, for which I kind of laid the groundwork (even though not strictly necessary).

To be continued (to use yet another cliche).

The beginning: Install Windows Server 2008

I’m going to publish some articles describing the new functionality found inside Microsoft’s newest OS. Windows Server 2008 aka Windows Longhorn.

Of course the first thing to do is to install this os.

For this blog I used Microsoft Virtual Server 2005 R2, yes you read that right, no Vmware Server, Workstation, or Hyper-V. Why, now let’s just say that running Windows Server 2008 as the host system, will leave you with some choices, Vmware workstation V6 actually works on Server 2008, but auto starting VM’s can be done, but it’s not nice (it boils down to starting them as a service in the 0 session of Windows, or use the startup folder (which requires the user to actually log-on to windows, not nice). No Vmware workstation for me that is. Vmware server looked promising, but the beta 2 version did not play nice with my intel load balancing team (two intel nic’s that form one nic, for loadbalancing and fault tolerance).

Vmware server was in short out of the door as well. Leaves the Microsoft solutions for virtualisation, Hyper-V of course would be the most logical choice, but at time of writing, there is still only an RC1, not a final release, and altough I was very impressed with the beta, the RC0 left me with doubts, also I’m running Asterisk (pbx in a flash) and Sipx both running under centos, and Hyper-V seemed to have some issues.

Finally my choice (for now !) is Virtual Server 2005 R2, it does auto start VM’s, works nicely with my load balancing team, and it performs pretty well.

Let’s get started and install Server 2008, now I have installed this baby using WDS (windows deployment services) which simply boils down to boot from the network, press F12 and Windows setup will load, of course you could also use the actual DVD, or an image. One downside to using Virtual Server 2005 is that it doesn’t support 64 bit, that’s why my choice for Virtual server 2005 is a temporary one.

Anyway, when booted I’m presented with this screen:

Yep all the images on the DVD

Here you can select the version of your choice, I have selected Windows Server 2008 Enterprise (Full Installation) of course the architecture I’m presented with is X86 (32 bit). Press next.

Accept the license terms and press next, which will lead you to the installation type screen, since this is an empty system, the only choice is custom.

Now it’s time to partition the harddrive in the following screen:

I’m accepting the defaults for now, but this screen will let you properly partition the harddrive, by choosing Drive options. I merely pressed next.

That’s it, now the install program is copying files and basically install the operation system without any user intervention.

This screen shows the progress during installation:

Longhorn installation progress

After the install program has done it’s work, the computer is rebooted and we are presented with the following screen:

Finally proper password enforcement

Yes ! you MUST set a password here, and it needs to follow the following rules that are defaulted in the local security policy:

  • Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
  • At least six characters
  • Contains characters from at least three of the following four categories:
  1. English upppercase
  2. English lowercase
  3. Base 10 digits
  4. non alphabetic characters like (! # $ %)

Good move.

Once booted and logged on, we are presented with the Initial configuration tasks screen, where we can set the time zone, configure networking, Provide computer name and domain, set auto update options, and add roles and features. Also we can enable remote desktop and configure the firewall. Nice screen to do those initial tasks.

Initial task screen

I have used this screen to quickly perform some of those initial tasks.

After these initial task I’m presented with a real gem, the Server Manager. It’s kind of a central program to manage your server, almost all relevant mmc’s are gathered here (depending on the roles and role services you have installed, it also gives you access to options formerly found under computer management.

Server Manager

This concludes the install procedure, in the near future, I want to add some roles and take this first post further. The next instalment will cover SSTP which is an exciting new feature in Server 2008.

Come back for more 🙂