This document provides steps to install and configure a new Active Directory domain in a lab environment with two Windows Server 2003 machines. It describes creating the Active Directory forest and domain, adding a user for administration, and joining additional computers to the new domain. It also provides troubleshooting information for issues opening Active Directory tools and links to Microsoft support articles on configuring DNS.
This document provides steps to install and configure a new Active Directory domain in a lab environment with two Windows Server 2003 machines. It describes creating the Active Directory forest and domain, adding a user for administration, and joining additional computers to the new domain. It also provides troubleshooting information for issues opening Active Directory tools and links to Microsoft support articles on configuring DNS.
This document provides steps to install and configure a new Active Directory domain in a lab environment with two Windows Server 2003 machines. It describes creating the Active Directory forest and domain, adding a user for administration, and joining additional computers to the new domain. It also provides troubleshooting information for issues opening Active Directory tools and links to Microsoft support articles on configuring DNS.
This article describes how to install and configure a new
Active Directory inst... This article describes how to install and configure a new Active Directory installation in a laboratory environment that includes Windows Server 2003 and Active Directory. Note that you will need two networed servers that are running Windows Server 2003 for this !ur!ose in a laboratory environment. "ac to the to! Creating the Active Directory After you have installed Windows Server 2003 on a stand#alone server$ run the Active Directory Wi%ard to create the new Active Directory forest or domain$ and then convert the Windows Server 2003 com!uter into the first domain controller in the forest. To convert a Windows Server 2003 com!uter into the first domain controller in the forest$ follow these ste!s& '. (nsert the Windows Server 2003 )D#*+, into your com!uter-s )D#*+, or D.D#*+, drive. 2. )lic Start$ clic Run$ and then ty!e dc!romo. 3. )lic O to start the Active Directory !nstallation "i#ard$ and then clic $e%t. /. )lic Do&ain controller for a new do&ain$ and then clic $e%t. 0. )lic Do&ain in a new forest$ and then clic $e%t. 1. S!ecify the full DNS name for the new domain. Note that because this !rocedure is for a laboratory environment and you are not integrating this environment into your e2isting DNS infrastructure$ you can use something generic$ such as mycom!any.local$ for this setting. )lic $e%t. 3. Acce!t the default domain Net"(+S name 4this is 5mycom!any5 if you used the suggestion in ste! 16. )lic $e%t. 7. Set the database and log file location to the default setting of the c&8winnt8ntds folder$ and then clic $e%t. 9. Set the Sysvol folder location to the default setting of the c&8winnt8sysvol folder$ and then clic $e%t. '0. )lic !nstall and configure the D$S server on this co&'uter$ and then clic $e%t. ''. )lic (er&issions co&'atible only with "indows )*** or "indows Server )**+ servers or o'erating syste&s$ and then clic $e%t. '2. "ecause this is a laboratory environment$ leave the !assword for the Directory Services *estore ,ode Administrator blan. Note that in a full !roduction environment$ this !assword is set by using a secure !assword format. )lic $e%t. '3. *eview and confirm the o!tions that you selected$ and then clic $e%t. '/. The installation of Active Directory !roceeds. Note that this o!eration may tae several minutes. '0. When you are !rom!ted$ restart the com!uter. After the com!uter restarts$ confirm that the Domain Name System 4DNS6 service location records for the new domain controller have been created. To confirm that the DNS service location records have been created$ follow these ste!s& a. )lic Start$ !oint to Ad&inistrative Tools$ and then clic D$S to start the DNS Administrator )onsole. b. :2!and the server name$ e2!and ,orward -oo.u' /ones$ and then e2!and the domain. c. .erify that the ;msdcs$ ;sites$ ;tc!$ and ;ud! folders are !resent. These folders and the service location records they contain are critical to Active Directory and Windows Server 2003 o!erations. "ac to the to! Adding Users and Co&'uters to the Active Directory Do&ain After the new Active Directory domain is established$ create a user account in that domain to use as an administrative account. When that user is added to the a!!ro!riate security grou!s$ use that account to add com!uters to the domain. '. To create a new user$ follow these ste!s& a. )lic Start$ !oint to Ad&inistrative Tools$ and then clic Active Directory Users and Co&'uters to start the Active Directory <sers and )om!uters console. b. )lic the domain name that you created$ and then e2!and the contents. c. *ight#clic Users$ !oint to $ew$ and then clic User. d. Ty!e the first name$ last name$ and user logon name of the new user$ and then clic $e%t. e. Ty!e a new !assword$ confirm the !assword$ and then clic to select one of the following chec bo2es& <sers must change !assword at ne2t logon 4recommended for most users6 <ser cannot change !assword =assword never e2!ires Account is disabled )lic $e%t. f. *eview the information that you !rovided$ and if everything is correct$ clic ,inish. 2. After you create the new user$ give this user account membershi! in a grou! that !ermits that user to !erform administrative tass. "ecause this is a laboratory environment that you are in control of$ you can give this user account full administrative access by maing it a member of the Schema$ :nter!rise$ and Domain administrators grou!s. To add the account to the Schema$ :nter!rise$ and Domain administrators grou!s$ follow these ste!s& a. +n the Active Directory <sers and )om!uters console$ right#clic the new account that you created$ and then clic (ro'erties. b. )lic the Me&ber Of tab$ and then clic Add. c. (n the Select 0rou's dialog bo2$ s!ecify a grou!$ and then clic O to add the grou!s that you want to the list. d. *e!eat the selection !rocess for each grou! in which the user needs account membershi!. e. )lic O to finish. 2. The final ste! in this !rocess is to add a member server to the domain. This !rocess also a!!lies to worstations. To add a com!uter to the domain$ follow these ste!s& a. >og on to the com!uter that you want to add to the domain. b. *ight#clic My Co&'uter$ and then clic (ro'erties. c. )lic the Co&'uter $a&e tab$ and then clic Change. d. (n the Co&'uter $a&e Changes dialog bo2$ clic Do&ain under Me&ber Of$ and then ty!e the domain name. )lic O. e. When you are !rom!ted$ ty!e the user name and !assword of the account that you !reviously created$ and then clic O. A message that welcomes you to the domain is generated. f. )lic O to return to the Co&'uter $a&e tab$ and then clic O to finish. g. *estart the com!uter if you are !rom!ted to do so. "ac to the to! Troubleshooting You Cannot O'en the Active Directory Sna'1ins After you have com!leted the installation of Active Directory$ you may not be able to start the Active Directory <sers and )om!uters sna!#in$ and you may receive an error message that indicates that no authority can be contacted for authentication. This can occur if DNS is not correctly configured. To resolve this issue$ verify that the %ones on your DNS server are configured correctly and that your DNS server has authority for the %one that contains the Active Directory domain name. (f the %ones a!!ear to be correct and the server has authority for the domain$ try to start the Active Directory <sers and )om!uters sna!#in again. (f you receive the same error message$ use the D)=*+,+ utility to remove Active Directory$ restart the com!uter$ and then reinstall Active Directory. ?or additional information about configuring DNS on Windows Server 2003$ clic the following article numbers to view the articles in the ,icrosoft @nowledge "ase& 323370 4htt!&AAsu!!ort.microsoft.comAbA323370A:N#<SA 6 Bow To )onfigure DNS for (nternet Access in Windows Server 2003 32/209 4htt!&AAsu!!ort.microsoft.comAbA32/209A:N#<SA 6 Bow To )onfigure DNS in a New orgrou! :nvironment in Windows Server 2003 323/'7 4htt!&AAsu!!ort.microsoft.comAbA323/'7A:N#<SA 6 Bow To (ntegrate DNS with an :2isting DNS (nfrastructure (f Active Directory (s :nabled in Windows Server 2003 323/'3 4htt!&AAsu!!ort.microsoft.comAbA323/'3A:N#<SA 6 Bow To (ntegrate Windows Server 2003 DNS with an :2isting DNS (nfrastructure in Windows Server 2003 32/210 4htt!&AAsu!!ort.microsoft.comAbA32/210A:N#<SA 6 Bow To )onfigure DNS *ecords for Cour Web Site in Windows Server 2003 323//0 4htt!&AAsu!!ort.microsoft.comAbA323//0A:N#<SA 6 Bow To )reate a New Done on a DNS Server in Windows Server 2003 "ac to the to! $ote This is a 5?AST =<">(SB5 article created directly from within the ,icrosoft su!!ort organi%ation. The information contained herein is !rovided as#is in res!onse to emerging issues. As a result of the s!eed in maing it available$ the materials may include ty!ogra!hical errors and may be revised at any time without notice. See Terms of <se 4htt!&AAgo.microsoft.comAfwlinAE>in(dF'0'0006 for other considerations.