AD Installation Creating a new domain in a new forest and creating first domain controller in a new domain Domain: A group

of clients and servers which will be managed centrally by using domain controller (AD security database). Domain Controller: A server where Active Directory (piece of software which comes with windows server operating system) is installed. AD (Directory Service) is hierarchical database which contains list of objects like users, computers, printers, contacts, groups. AD is used to manage objects centrally. For example, if we want to apply wall paper to all the computers in domain, it is possible by creating group policy centrally in DC no need to apply for each and every computer individually. Installation in Windows Server 2008 R2:
Start Run-> dcpromo

Select the option to configure DNS automatically

Very first domain in a forest called as Forest Root domain and very first domain controller in a domain called as Root Domain Controller or Primary Domain Controller(PDC).

Forest functional level: Decides which OS versions of domain controller can be added to the forest.

Domain Functional level: Decides which OS versions of domain controllers can be added to Domain

In Windows server 2008, there is new feature called RODC (Read only domain controller) used to make non writable domain controller in a branches for security purpose. First domain controller in a forest should be GC (Global Catalog - an index of AD) that enables to find AD objects.

By default, AD database will be stored in C:\Windows\NTDS folder with extension like NTDS.DIT SYSVOL folder contains script and policies which will be applied to domain and it will be shared.

Directory services restore mode is used to do authoritative (Used to restore particular AD object which is got deleted accidently) and non-authoritative restore (Used to restore complete AD from system state backup when AD got corrupted). Hence this password should be remembered to login to DSRM if required.

Once AD installed successfully in 2008 R2, we will get below snap-ins in administrative tools to manage objects, sites and trusts.

1. Active Directory Users and Computers (dsa.msc) This is used to create user accounts, security groups, computers etc and to manage those objects.

2. Active Directory Sites and Services (dssite.msc) By default, under sites one site named Default-First-Site-Name will be created where RDC resides. Additional sites can also be created based on organization's infra (if many branches are available). For example, if contoso is having another branch in bangalore, one more site can be created and under that ADC can be deployed for improving performance and easier management of objects in bangalore location. Subnet is subdivision of larger organization's network. Assume that, in bangalore branch nearly 100 users are there. Each every time when they try to login to domain, it will contact DC located in remote location, so that network traffic will be increased and unnecessary PDC will get loaded. To overcome this, it would be better having ADC for bangalore branch, so that all authentication process will be done by ADC. This can be achieved by creating another site and mapping subnet of bangalore to created site. And corresponding AD ports should be opened for replication between PDC to ADC and vice versa.

3. Active Directory Domains and Trusts (domain.msc): This is used to manage trusts relationship between two forests and used to make users from other forest can access resources from this contoso and vice versa.

4. ADSI Edit (adsiedit.msc): This is used to edit schema attributes of objects in domain and while using this there should be proper impact analysis since a change will impact entire domain or forest.

DNS (Domain Name System or Server) DNS is networking service which is used to resolve hostname / FQDN to IP and IP to hostname / FQDN. It stores information (like resource records) in zones about domains and will be divided into two Forward lookup zones (hostname to IP) and Reverse lookup zones (IP to hostname). It decides which will be logonserver (DC) for site when we have more than one sites. After installing DNS in PDC, change preferred DNS IP as same as server IP since it is first DNS server in domain.

By default, only FLZ will be created and RLZ should be created manually.

Right Click RLZ -> New Zone. Select type of zones accordingly. Recommended is Active Directory Integrated zone which stores information of zones in AD database itself. Zone information will be replicated between two sites DNS servers via AD replication.

Once completed, automatically pointer record will be created for Host record in FLZ if update associated pointer record is checked.

Now to determine DNS is configured successfully, check by nslookup command and default server should have been detected correctly.