Professional Documents
Culture Documents
com/kb/324753
Article ID: 324753 - Last Review: March 27, 2007 - Revision: 5.5
How To Create an Active Directory Server in Windows Server 2003
This article was previously published under Q324753
SUMMARY
This article describes how to install and configure a new Active Directory
installation in a laboratory environment that includes Windows Server 2003 and Active Directory. Note that
you will need two networked servers that are running Windows Server 2003 for this purpose in a laboratory
environment.
1. Insert the Windows Server 2003 CD-ROM into your computer's CD-ROM or DVD-ROM drive.
2. Click Start, click Run, and then type dcpromo.
3. Click OK to start the Active Directory Installation Wizard, and then click Next.
4. Click Domain controller for a new domain, and then click Next.
5. Click Domain in a new forest, and then click Next.
6. Specify the full DNS name for the new domain. Note that because this procedure is for a laboratory
environment and you are not integrating this environment into your existing DNS infrastructure, you
can use something generic, such as mycompany.local, for this setting. Click Next.
7. Accept the default domain NetBIOS name (this is "mycompany" if you used the suggestion in step 6).
Click Next.
8. Set the database and log file location to the default setting of the c:\winnt\ntds folder, and then click
Next.
9. Set the Sysvol folder location to the default setting of the c:\winnt\sysvol folder, and then click Next.
10. Click Install and configure the DNS server on this computer, and then click Next.
11. Click Permissions compatible only with Windows 2000 or Windows Server 2003 servers or
operating systems, and then click Next.
12. Because this is a laboratory environment, leave the password for the Directory Services Restore Mode
Administrator blank. Note that in a full production environment, this password is set by using a secure
password format. Click Next.
13. Review and confirm the options that you selected, and then click Next.
14. The installation of Active Directory proceeds. Note that this operation may take several minutes.
15. When you are prompted, restart the computer. After the computer restarts, confirm that the Domain
Name System (DNS) service location records for the new domain controller have been created. To
confirm that the DNS service location records have been created, follow these steps:
a. Click Start, point to Administrative Tools, and then click DNS to start the DNS Administrator
Console.
b. Expand the server name, expand Forward Lookup Zones, and then expand the domain.
c. Verify that the _msdcs, _sites, _tcp, and _udp folders are present. These folders and the service
location records they contain are critical to Active Directory and Windows Server 2003
operations.
1 of 3 3/21/2009 7:58 PM
How To Create an Active Directory Server in Windows Server 2003 http://support.microsoft.com/kb/324753
Users must change password at next logon (recommended for most users)
User cannot change password
Password never expires
Account is disabled
Click Next.
f. Review the information that you provided, and if everything is correct, click Finish.
2. After you create the new user, give this user account membership in a group that permits that user to
perform administrative tasks. Because this is a laboratory environment that you are in control of, you
can give this user account full administrative access by making it a member of the Schema, Enterprise,
and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain
administrators groups, follow these steps:
a. On the Active Directory Users and Computers console, right-click the new account that you
created, and then click Properties.
b. Click the Member Of tab, and then click Add.
c. In the Select Groups dialog box, specify a group, and then click OK to add the groups that you
want to the list.
d. Repeat the selection process for each group in which the user needs account membership.
e. Click OK to finish.
3. The final step in this process is to add a member server to the domain. This process also applies to
workstations. To add a computer to the domain, follow these steps:
a. Log on to the computer that you want to add to the domain.
b. Right-click My Computer, and then click Properties.
c. Click the Computer Name tab, and then click Change.
d. In the Computer Name Changes dialog box, click Domain under Member Of, and then type
the domain name. Click OK.
e. When you are prompted, type the user name and password of the account that you previously
created, and then click OK.
Troubleshooting
For additional information about configuring DNS on Windows Server 2003, click the following article numbers
2 of 3 3/21/2009 7:58 PM
How To Create an Active Directory Server in Windows Server 2003 http://support.microsoft.com/kb/324753
APPLIES TO
3 of 3 3/21/2009 7:58 PM