Beruflich Dokumente
Kultur Dokumente
First make sure you read and understand Active Directory Installation Requirements. If you don't comply
with all the requirements of that article you will not be able to set up your AD (for example: you don't
have a NIC or you're using a computer that's not connected to a LAN).
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a
NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as a new replica DC in
an existing domain. In order to install a Windows Server 2003 DC in an EXISTING Windows 2000 Domain
follow the Windows 2003 ADPrep tip.
Windows 2000 Note: If you plan to install a new Windows 2000 DC please read How to Install Active
Directory on Windows 2000.
Windows 2008 Note: Install Active Directory on Windows Server 2008 provides complete instruction
details for working with Windows Server 2008.
Windows Server 2003 Note: If you plan to install a new Windows Server 2003 DC in an existing AD
forest please read the page BEFORE you go on, otherwise you'll end up with the following error:
This article assumes that all of the above requirements are fulfilled.
1 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
4. Click More.
5. In the Primary DNS suffix of this computer box enter the would-be domain name. Make sure you got
it right. No spelling mistakes, no "oh, I thought I did it right...". Although the domain name CAN be
changed after the computer has been promoted to Domain Controller, this is not a procedure that
one should consider lightly, especially because on the possible consequences. Read more about it on
Configure TCP/IP
1. Click Start, point to Settings and then click Control Panel.
2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
2 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
DNS server. If you have another operational Windows 2000/2003 server that is
properly configured as your DNS server (read my Create a New DNS Server for AD page) - enter
that server's IP address instead:
6. Click Advanced.
7. Click the DNS Tab.
8. Select "Append primary and connection specific DNS suffixes"
9. Check "Append parent suffixes of the primary DNS suffix"
10. Check "Register this connection's addresses in DNS". If this Windows 2000/2003-based DNS server
is on an intranet, it should only point to its own IP address for DNS; do not enter IP addresses for
other DNS servers here. If this server needs to resolve names on the Internet, it should have a
forwarder configured.
11. Click OK to close the Advanced TCP/IP Settings properties.
12. Click OK to accept the changes to your TCP/IP configuration.
13. Click OK to close the Local Area Connections properties.
This article assumes that you already have the DNS service installed. If this is not the case, please read
Create a New DNS Server for AD.
Furthermore, it is assumed that the DC will also be it's own DNS server. If that is not the case, you MUST
configure another Windows 2000/2003 server as the DNS server, and if you try to run DCPROMO without
doing so, you'll end up with errors and the process will fail.
3 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
2. Right click Forward Lookup Zones and choose to add a new zone.
3. Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic
legal zone names are "lab.dpetri.net", "dpetri.net", or "net". Type the name of the
zone, and then click Next.
5. Accept the default name for the new zone file. Click Next.
6. To be able to accept dynamic updates to this new zone, click "Allow both nonsecure and secure
7. Click Finish.
You should now make sure your computer can register itself in the new zone. Go to the Command Prompt
(CMD) and run "ipconfig /registerdns" (no quotes, duh...). Go back to the DNS console, open the new zone
and refresh it (F5). Notice that the computer should by now be listed as an A Record in the right pane.
If it's not there try to reboot (although if it's not there a reboot won't do much good). Check the spelling
on your zone and compare it to the suffix you created in step 1. Check your IP settings.
4 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
3. In the Operating System Compatibility windows read the requirements for the domain's clients and if
5 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
step 1. Click Next. This step might take some time because the computer is
searching for the DNS server and checking to see if any naming conflicts exist.
7. Accept the the down-level NetBIOS domain name, in this case it's KUKU. Click Next
8. Accept the Database and Log file location dialog box (unless you want to change them of course).
The location of the files is by default %systemroot%\NTDS, and you should not change it unless you
10. If your DNS server, zone and/or computer name suffix were not configured correctly you will get the
following warning:This means the Dcpromo wizard could not contact the DNS server, or it did contact
it but could not find a zone with the name of the future domain. You should check your settings. Go
back to steps 1, 2 and 3. Click Ok.You have an option to let Dcpromo do the configuration for you. If
you want, Dcpromo can install the DNS service, create the appropriate zone, configure it to accept
dynamic updates, and configure the TCP/IP settings for the DNS server IP address.To let Dcpromo do
the work for you, select "Install and configure the DNS server...".
Click Next.
Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1-3.
11. If your DNS settings were right, you'll get a confirmation window. Just click Next.
12. Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings, unless
6 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
14. Review your settings and if you like what you see - Click Next.
15. See the wizard going through the various stages of installing AD. Whatever you do - NEVER click
Cancel!!! You'll wreck your computer if you do. If you see you made a mistake and want to undo it,
you'd better let the wizard finish and then run it again to undo the AD.
16. If all went well you'll see the final confirmation window. Click Finish.
1. First, see that the Administrative Tools folder has all the AD management tools installed.
2. Run Active Directory Users and Computers (or type "dsa.msc" from the Run command). See that all
when trying to perform them). = BadThis might happen if you did not manually
configure your DNS server and let the DCPROMO process do it for you.
Another reason for the lack of SRV records (and of all other records for that matter) is the fact that
you DID configure the DNS server manually, but you made a mistake, either with the computer
suffix name or with the IP address of the DNS server (see steps 1 through 3).
Open the DNS console. See that you have a zone with the same name as your AD domain (the one
you've just created, remember? Duh...). See that within it you have the 4 SRV record folders. They
must exist.
= Good
7 of 8 17/08/2010 1:04 PM
How do I install Active Directory on my Windows Server 2003 server? http://www.petri.co.il/how_to_install_active_directory_on_windows_...
To try and fix the problems first see if the zone is configured to accept dynamic updates.
Or from the command prompt type "net stop netlogon", and after it finishes, type "net start
netlogon".
Let it finish, go back to the DNS console, click your zone and refresh it (F5). If all is ok you'll now
see the 4 SRV record folders.
If the 4 SRV records are still not present double check the spelling of the zone in the DNS server. It
should be exactly the same as the AD Domain name. Also check the computer's suffix (see step 1).
You won't be able to change the computer's suffix after the AD is installed, but if you have a spelling
mistake you'd be better off by removing the AD now, before you have any users, groups and other
objects in place, and then after repairing the mistake - re-running DCPROMO.
7. Check the NTDS folder for the presence of the required files.
8. Check the SYSVOL folder for the presence of the required subfolders.
9. Check to see if you have the SYSVOL and NETLOGON shares, and their location.
If all of the above is ok, I think it's safe to say that your AD is properly installed.
If not, read Troubleshooting Dcpromo Errors and re-read steps 1-4 in this article.
AWS Privacy Policy | Contact | Advertise ©2010 Blue Whale Web Inc.
8 of 8 17/08/2010 1:04 PM