How to install Active Directory in Windows Server 2008 and make it as domain controller? In this blog, you can see step by step instruction about how you can
Install and configure active directory and make your Windows 2008 server as domain controller.
My Privious Blog
1. How to create Windows 2008 Virtual Machine?
2. How to build Windows Server 2008 R2 Domain Controller – Part 1
3. How to build Windows Server 2008 R2 Domain Controller – Part 2 (Current Post)
2. Running dcpromo will start installing Active Directory Domain Services binaries. Please wait and active directory domain services installation wizard will open automatically once the binaries have been installed.
3. Welcome to the active directory domain services installation wizard. This wizard helps you install active directory domain services (AD DS) on this server, making the server an Active Directory domain controller.
To continue, click next.
Some wizard pages in the Active Directory Domain Services Installation Wizard appear only if you select the Use advanced mode installation check box on the Welcome to the Active Directory Domain Services Installation Wizard page of the wizard.
Advanced mode installation provides experienced users with more control over the installation process, without confusing newer users with configuration options that may not be familiar. For users who do not select the Use advanced mode installation check box, the wizard uses default options that apply to most configurations.
The Use advanced mode installation option on the Welcome page of the wizard is an alternative to running dcpromo at a command prompt with the /adv switch (dcpromo /adv).
The following table lists the additional wizard pages that appear for each deployment configuration when you select the Use advanced mode installation check box.
Windows Server 2008 and "Windows Server 2008 R2" domain controllers have a new more secure default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0." This setting prevents Microsoft Windows and non-Microsoft SMB "clients" from using weaker NT 4.0 style cryptography algorithms when establishing security channel sessions against Windows Server 2008 or "Windows Server 2008 R2" domain controllers. As a result of this new default, operations or applications that require a security channel serviced by Windows Server 2008 or "Windows Server 2008 R2" domain controllers might fail.
Platforms impacted by this change include Windows NT 4.0, as well as non-Microsoft SMB "clients" and network-attached storage (NAS) devices that do not support stronger cryptography algorithms. Some operations on clients running versions of Windows earlier than Windows Vista with Service Pack 1 are also impacted, including domain join operations performed by the Active Directory Migration Tool or Windows Deployment Services.
For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).
5. Creating a new forest in Windows 2008 Server
To create a new forest, you must be a member of the local Administrators group on the server where you are installing AD DS.
DNS and NetBIOS names
Before you create a new forest, be sure that you have completely planned your DNS infrastructure. To create a new forest, you must know the full DNS name for it. You can install the DNS Server service before you install AD DS or, preferably, you can choose to have the Active Directory Domain Services Installation Wizard install the DNS Server service for you.
If you have the wizard install the DNS Server service, the wizard uses the DNS name that you provide to automatically generate a NetBIOS name for the first domain in the forest. The wizard verifies that the DNS name and the NetBIOS name are unique on the network before it continues.
You must select the Use advanced mode installation check box on the Welcome to the Active Directory Domain Services Installation Wizard page to specify a different NetBIOS name than the name that is generated automatically by the wizard.
The Windows Server 2003 forest functional level provides all features that are available in Windows 2000 forest functional level, and the following additional features:
- Linked-value replication, which improves the replication to changes to group memberships.
- More efficient generation of complex replication topologies by the KCC.
- Forest trust, which allows organizations to easily share internal resources across multiple forests.
Any new domains that are created in this forest will automatically operate at the Windows Server 2003 domain functional level.
8. The next windows will be set Domain Functional Level. Select it and then click on Next
The first domain controller in a forest must be a global catalog server and cannot be an RODC. We recommend that you install the DNS Server service on the first domain controller.
11. Location for Database, Log Files and SYSVOL
Specify the folders that will contain the active directory domain controller database, log files and SYSVOL
12. Directory Services Restore Mode Administrator Password.
The directory services restore mode administrator account is different from the domain administrator account.
Assign a password for the administrator account that will be used when this domain controller is started in directory services restore mode.
14. This wizard is configuring active directory domain services in Windows 2008 server. This process can take from a few minutes to server hours, depending on your environment and the options that you selected
Click Finish to Restart the computer and once your server is booted login to the server. You can see the following.
- Active Directory Administrative center
Active Directory Domain and Trusts
Active Directory Module for WIndows
Active Directory Sites and Servies
Active Directory Users and Computers
Installing Active Directory in Windows 2008 Server and making the server as Domain Controller is not that difficult if you follow all the above steps.