Windows Active Directory 2008

1. Active Directory: is a database that provides centralized management of networked objects.
2. Domain Controller: is Windows Server installed with Active Directory Domain Services Role
3. Windows Domain: is a logical group of computers running versions of Windows OS’s that share central directory database
4. Namespace:

Setting up First AD:

1. Choose the Windows Server Edition: Enterprise x64 which supports more RAM while the standard is limited
2. Hardware: 10 GB disk minimum,
3. Have an IP-address defined, xxx.xxx.xxx.2 (xxx.xxx.xxx.1 would be your router)
4. First Forest domain is called the Forest Root domain

Installing First Domain Controller:

1. Install Server
   1. Boot the server t boot image (either via WDS or CD image)
   2. Click “Install Now”
   3. Choose the OS edition and version
   4. Depending on image, it may prompt for license key. If not specified it will install in 30 days trial mode
   5. Choose Custom (advanced); the upgrade option will be available for upgrade installs only
   6. Choose the disk for OS install
      1. Have a new partition created if it’s all a new disk
   7. Use load driver option if you are installing on a lacy h/W system having the old SCSI drive
   8. Click OK for OS install
   9. Once installs system will restart
   10. On the Logon screen you see “The User’s password must be changed before logging on the first time” message
   11. While setting for the first time, use “create password restore disk”
   12. Then set a strong password for the administrator and login to the system
   14.  
2. Configure Server
   1. Time Zone
   2. Static IP (V4)  address
   3. DNS server
   4. Rename computer
   5. Configure and install Automatic Updates
   6. Enable RDP (admin by default will have RDP access)
3. Install AD
   1. Install ADDS (Active Directory Domain Services) role
   2. Run DCPromo.exe (also installs ADDS role if not already setup)
      1. Use Advanced Mode to
         1. choose option of “Install From Media”
         2. Specifying the password replication policy
         3.  
   3. Choose Create  a new domain in a new forest
   4. input the “FQDN of New Forest Root Domain”
      1. a .local domain will have restrictions connecting to internet due to IE enhanced security
   5. Set the Forest Functional Level among one of avail option W2K, W2K3, W2K8
   6. Choose to install DNS (your primary DNS server will be changed to 127.0.0.1 to pint to the local server itself as it’s going to be the DNS server)
   7. The Global Catalog server is mandatory selected for first server and first server can’t be RODC
   8. Set the locations for
      1. ADDS DB Data: C:WindowsNTDS
      2. ADDS DB Log:   C:WindowsNTDS
      3. SYSVOL Folder: C:WindowsSYSVOL (required for replication)
      4. BTW, NTDS stands for “Network Domain Services”
      5.  
   9. Create “Directory Services Restore Mode Administrator Password”
   10. Review the settings and install
   11. Use “Export Settings” so as to create an answer file for next DC installs
   12. Reboot the server after install
   13.  
   14.  
4. Configure AD and Sites
   1. Rename “Default-First-Site-Name” site

Installing Additional Domain Controller:

1. Install and Configure Server
2. Install AD, with option “add new domain controller to existing domain”
3. Choose DNS, Global Catalog roles if you want to build the secondary server for them
4. Add to existing AD Site
5. Verify that additional DC is able to get changes from/to existing DCs simply by creating a new OU and repadmin /syncall

Installing Domain Workstations:

1. Install the workstation
2. Disable IPv6 if not needed
3. Configure the DNS to contact the new Domain DNS servers
4. Rename and workstation to match the domain workstation naming convention if any
5. Join the workstations to the new domain
6. Reboot the workstation