Hello, for this post we are going to go install Active Directory Domain Services on Windows Server 2008.
First step is to run DCPROMO from the command line which will launch the Active Directory Domain Services installation screen.
Next you are prompted by a screen which warns you that Windows NT4 clients may not be able to authenticate against a Windows Server 2008 domain controller. This is because Windows Server 2008 policy called “Allow cryptography algorithms compatible with Windows NT 4.0″. By default out of the box this policy is set to not configured. If you really need to connect NT4 clients on the network then you can enable the policy setting. http://support.microsoft.com/kb/942564 explains how to do this.
Next screen is to select whether we want to add an additional Active Directory server into an existing domain i.e. test.local, create a new domain in an existing forest i.e. create domain1.test.local (that is creating domain1 in the test.local forest) and the option to create a totally brand new forest. For this exercise I have elected to create a new forest since I don’t have one.
After you have selected your FQDN you can click on this. Be very careful about selecting your domain name, once you’ve got a couple of hundred workstations and servers in it renaming it because you made a mistake is not an easy task!!!! Anyway, click on next which then goes away and see if the domain name is in use. In this case it isn’t since its a brand new forest.
Next step is to select your Forest Functional level. This will be specific to your individual specific needs and is dependant on what existing domain controllers you have running. There are 3 Forest functional levels available:
- Windows 2000 native
- Windows Server 2003
- Windows Server 2008
You can view the full functionality here: http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-c600f723b31f1033.mspx?mfr=true
Next screen asks you if you want any additional options. In this case I have selected to install a DNS server as I don’t have DNS installed and the Global Catalog is selected by default as its the first domain controller in the forest. The read only domain controller isn’t also configurable at this time as a writeable domain controller does not yet exist
Next screen is to select the location of the Database Folder, Log Files folder and the SYSVOL folder. Generally you should put the database folder and log files folder onto separate hard discs. This primarily is for performance reasons.
Next is to enter the Directory Services Restore Mode password. This the password that will be used if you need to enter Directory Services Restore Mode. You would need this if you’re Active Directory database became corrupt and you had to perform a restore of repair of the database
The next screen is a summary of all the options that have been selected.
And finally the installation can begin!!