Practical 1

Installing Active Directory

This practical is to install Active Directory onto the first domain controller.

Installation
1. On one of the 2000 servers in the group (see the Domain and PC Name
document to determine which PCs are in which group), start the Active
Directory Wizard (run dcpromo, or via Administrative Tools/Configure Your
Server/Active Directory/Start Active Directory Wizard.)
2. On the Domain Controller page, accept the default (Domain Controller for
a new domain.)
3. On the Create Tree or Child Domain page, select Create a new domain
tree and then on the Create or Join Forest page, create a new forest of
domain trees.
4. Give the tree its full DNS name — oucs-domx.oxadtest (see the Domain and
PC Name document to determine the correct domain name according to the
server name.)
5. In the NetBIOS name box, accept the name shown (should be oucs-domx.)
The domain has both a DNS name and a NetBIOS name, which is by default
the first part, up to the first ‘.’, of the DNS name (maximum of fifteen
characters.)
6. Accept the default locations for the database and log files, and for the shared
system volume.
7. You may get a warning that the DNS does not support dynamic update (or
similar.) If prompted about DNS, choose to install and configure it yourself.
8. Select permissions compatible only with Windows 2000 Servers (you only
need to select the other option if you will have NT servers as part of the
domain.)
9. Type in the directory services restore mode password (make it the same as the
current Administrator password.) When doing this for real, this password is
rarely likely to be needed, but it is important, so don’t forget it! It is actually
stored in a small local accounts database — the SAM.

Checking Active Directory Configuration

10. Run %systemroot%\ntds and check for ntds.dit (database), edb.* (transaction
logs and checkpoint file), res*.log (reserved transaction logs)
11. Verify SYSVOL creation — run %systemroot%\sysvol and check existence
of domain, staging, staging areas and sysvol directories
12. Verify NETLOGON and SYSVOL shares (“net share” command in Command
Prompt window.)
13. Check the event logs for errors. Notice in the System log that there will be
some errors — from Netlogon about inability to register DNS records
(probably event ID 5774), and from W32time there will be event ID 62 and
possibly also 54 of which more later in Time Synchronization.