Windows Server 2003 - Installing Active Directory
Part 2 - Installing Active Directory
With installations, 7 minutes of planning will save an hour for rework. The secret of troubleshooting Active Directory installs is mastering DNS. I find NSLookup invaluable, also Ipconfig's new switches /registerdns and /flushdns are handy.
Topics for Installing Active Directory
Here is a built-in command line tool that will prepare the schema. It does not actually install the NDTS.dit files but it does prepare the forest or the individual domain for Active Directory.
If you already have a working domain controller, backup the system state, go to a member server, run DCPROMO /adv then point the wizard to the backup files
The key to success is preparation:
Decide your DNS and enter the name in the Computer Name Tab in the System Icon (Windows Key + Pause). Whilst this section deals with the nuts and bolts of an installation, take care to design your Active Directory forest, for example, account naming strategy, top level OUs, group policies.
Now you are ready to run DCPROMO.
To call for the Active Directory Installation Wizard, Start, Run DCPROMO and answer these questions:
SolarWinds have produced three Active Directory add-ons. These free utilities have been approved by Microsoft, and will help to manage your domain by:
There are many ways of installing DNS, but I favour doing as little as possible myself, and letting the DCPROMO Wizard do as much as possible. For Example, here is a crucial stage where DCPROMO needs DNS, I always select the middle option, ' Install and Configure DNS on this computer...' To be crystal clear, I do NOT configure DNS myself, I let the Wizard create all those _msdcs records.
Remember that the Active Directory can grow so make sure the partition has at least 300 MB of free space for NTDS.dit itself, and 100 MB for the log files. Talking of the logs, install the edbxxx.log files on a separate disk.
To verify that installation has run smoothly check the following:
Demotion back to member server
If the worst comes to the worst, run DCPROMO to demote, then try again making different decisions.
I like the Permissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try - it's free!