Part 2 - Installing Active Directory
With installations, 7 minutes of planning will save an hour for rework. The
secret of troubleshooting Active Directory installs is mastering DNS. I
find NSLookup invaluable, also Ipconfig's new switches /registerdns and /flushdns
are handy.
Topics for Installing Active Directory
‡
- Check a new program ADPREP. It has /forestprep switches like
Exchange.
- Install a brand new Domain Controller from a back up of an existing
server.
Here is a built-in command line tool that will prepare the schema. It
does not actually install the NDTS.dit files but it does prepare the forest or
the individual domain for Active Directory.
ADPREP /forestprep
ADPREP /domainprep
If you already have a working domain controller, backup the system state, go
to a member server, run DCPROMO /adv then point the wizard to the backup files
The key to success is preparation:
Decide your DNS and enter the name in the Computer Name Tab in the System
Icon (Windows Key
 + Pause). Whilst
this section deals with the nuts and bolts of an installation, take care to
design your Active Directory forest, for example, account naming strategy, top
level OUs, group policies.
Now you are ready to run DCPROMO.
DCPROMO decisions
To call for the Active Directory Installation Wizard, Start, Run DCPROMO and
answer these questions:
- New Domain - or Replica (another DC in the same domain)
- Domain Tree in existing forest - or New Domain Tree
- Domain in New Forest
 Is
Your Server Running Slowly? Check with SolarWinds ipMonitor
Analyze your network with
ipMonitor.
Get a free evaluation copy, and monitor the performance of the servers on your
network.
Free Download of SolarWinds ipMonitor
There are many ways of installing DNS, but I favour doing as little as possible myself, and letting the DCPROMO Wizard do as much as
possible. For Example, here is a crucial stage where DCPROMO needs DNS, I always select the middle option, ' Install and Configure DNS on this computer...' To be crystal clear, I do NOT configure
DNS myself, I let the Wizard create all those _msdcs records.
See much more on DNS here
Best practice
Remember that the Active Directory can grow so make sure the partition has at
least 300 MB of free space for NTDS.dit itself, and 100 MB for the log files.
Talking of the logs, install the edbxxx.log files on a separate disk.
To verify that installation has run smoothly check the following:
- DNS _SRV record: _msdcs, _sites, _tcp, _udp. Also the GC, DC records
are essential for users to find the global catalog and domain controller in
order to logon. If these records do not appear, try stopping and
starting the Netlogon service.
- Run %systemroot%\sysvol and look for domain folders.
- Check the System and Directory Service Event logs for error messages.
Demotion back to member server
If the worst comes to the worst, run DCPROMO to demote, then try again making
different decisions.
 Active Directory Training
As an MCT trainer, I can thoroughly recommend
TrainSignal because they provide practical hands on
training. In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Active Directory or go for
a combination of modules.
See more about Active Directory training
|
The extra features you get in your eBook
include: new pages with more examples, detailed checklists, and
recommendations for each stage. Go for Guy's migration eBook
- and get a printable version with copy enabled and
no expiry date. 
