leedesmond’s blog

In Windows Server 2008, the setup of a domain controller in an Active Directory network has undergone a couple of notable changes. Let us walk through the setup of a brand new Active Directory infrastructure to illustrate this.

When you execute dcpromo.exe at the command-line, the application will first check for the presence of the Active Directory Domain Services (AD DS) binaries.

AD DS is what we presently still refer to as Active Directory service / database that makes a Windows 2003/2000 machine a domain controller. If this pre-requisite is absent, installation will take place automatically before the familiar dcpromo Wizard interface appears. The AD DS binaries is a Windows server role that can be separately installed in advance from Server Manager.

At the initial Wizard page, tick on the “Use advanced mode installation” checkbox (default is not selected) to walk through the installation if you want to exert more control over the process and the default canned settings are not suitable for your environment. Not only that, some of the options can only be configured in advanced mode, such as the creation of a new domain in an existing forest or adding new DCs to an existing domain. This mode can be directly enabled by passing the /adv switch to dcpromo.

Click on “Create a new domain in a new forest” and supply the FQDN. If you elect to use a different domain NetBIOs name, make the correction accordingly:

Following that, you have the opportunity to set the forest functional level. Windows 2000 and Windows Server 2003 forest functional levels (FFL) are familiar levels with the addition of a new Windows Server 2008 FFL. At this forest functional level, only Windows Server 2008 DCs are supported.

A supporting DNS infrastructure must already be in place to enable proper name resolution to take place for the new forest. If this is missing, the Wizard will suggest that you delegate the zone to this DNS server in the parent zone (authoritative for this zone) prior to proceeding.

If you do not accept this (click Yes; not No), the only choice left is for you to let the Wizard install DNS services with default settings on this first DC in the AD forest at this stage. At the same time, the first DC must be a full DC (not Read-Only Domain Controller) configured as a global catalog server and will automatically hold the 5 classic Operation Master roles. Do not forget to assign a static IPv4 address and point the primary DNS IPv4 address to itself beforehand.

Accept the default paths for the Active Directory databases, log files and SYSVOL (should be changed at this point in time or later to improve performance if more physical disk volumes are available).

New in Windows Server 2008 is the mandatory provision of a strong password to the Directory Services Restore Mode Administrator Password dialog box. Failure to do so will prevent you from going forward with the remaining AD DS installation.

Review your settings at the summary screen before clicking Next to start the installation proper. I suggest you save a copy of the configuration by using Export settings. This will come in very handy if you need to setup a RODC somewhere down the road since installation is completely command-line driven (also applicable to a normal full DC). Correct layout and syntax of the answer file are critical in order to ensure successful installation. I shall touch on adding a RODC to the domain in another post.

Once installation ends, click on Finish to end the dcpromo Wizard then Restart Now to complete installation when prompt.

.

Tested on Windows Server 2008 June 2007 CTP

Technorati tags: Longhorn, Windows Server 2008

3 Comments »