Setting up a brand new Active Directory Domain for a small or medium sized business is a piece of cake. If you’re a small / medium sized business and you aren’t running in a domain environment, you’re really doing yourself a disservice.
To get this going you will need a few things, a decently powered server with adequate storage, and a few hours to spare. If your company is under say, 25 users, you can get by on having all your roles on one box, then split them off as time goes on . You may even consider a virtualized solution down the road, but that’s a topic for another article. Ok, so you’ve got your fresh server running Microsoft Windows Server 2008 R2 most likely, and you’re ready to jump in. First thing is give your Domain Controller a meaningful name – something like “DC01″ for instance. If you have multiple locations, go ahead and throw that in there as well. It’s best to keep everything on your network orderly and logical from the get go, otherwise you end up with a frankenstein environment down the road. You can achieve this with WMIC by running the following command in an elevated command prompt.
wmic computersystem where name=”%COMPUTERNAME%” call rename name = “DC01″
Which then returns the following to indicate a successful hostname change.
Executing (\TECHSTATYROOTCIMV2:Win32_ComputerSystem.Name=”TECHSTATY”)->rename
()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ReturnValue = 0;
};
Now restart the computer, and the updated name will appear. Check it by running hostname in command prompt.
hostname
Magic. This guide assumes that this will be the primary Domain Controller in one forest, and that this is the only site at this time.
Let’s get started – open up Server Manager and access the “Roles” menu; from here click “Add Roles” and select “Active Directory Domain Services.” It will prompt you to add .Net Framework 3.5.1 Features, go ahead and add this as well.
Read the proceeding screens carefully and click next until you reach the “Confirm Installation Selections” screen. Select install.
The installation process then kicks off and you will see a progress bar going from left to right. Once it’s completed, you’ll need the dcpromo command to finalize the installation of this machine as a true Domain Controller.
Now chose your deployment configuration. Since this is a brand new domain, no existing Active Directory forest, and the only site – we’ll be selecting the option to “Create a new domain in a new forest.”
You’re now prompted to name the domain, and you have two options which should be considered carefully before proceeding. You can enter your true FQDN ( yourwebsite.com ) or you can go with a private .local domain name. Microsoft themselves recommend entering .local in order to keep your private and public DNS namespaces split, though I have seen it as a domain.com in some existing environments. It’s a good idea to keep your private and public namespaces divided, otherwise you will be advertising your internal allocation the public.
Next choose the correct forest functional level for your environment. I can’t make a recommendation for you personally, but you should examine network applications currently in use and make your decision from there in regards to compability. Here’s a breakdown of each functional level for you :
Windows Server 2003 Functional Level
The Windows Server 2003 forest functional level provides all features that are available in Windows 2000 forest functional level, and the following additional features:
- Linked-value replication, which improves the replication of changes to group memberships.
- More efficient generation of complex replication topologies by the KCC.
- Forest trust, which allows organizations to easily share internal resources across multiple forests.
Any new domains that are created in this forest will automatically operate at the Windows Server 2003 domain functional level.
Windows Server 2008 Functional Level
This forest functional level does not provide any new features over the Windows 2003 forest functional level. However, it ensures that any new domains created in this forest will automatically operate at the Windows Server 2008 domain functional level, which does provide unique features.
Windows Server 2008 R2 Functional Level
The Windows Server 2008 R2 forest functional level provides all the features that are available in the Windows Server 2008 forest functional level, plus the following additional feature:
- Recycle Bin, which, when it is enabled, provides the ability to restore deleted objects in their entirety while Active Directory Domain Services is running.
Any new domains that are created in this forest will operate by default at the Windows Server 2008 R2 domain functional level.
Since this is a test environment and I happen to prefer the features of the Windows Server 2008 R2 domain functional level, that’s what I’m going to go with. This is your decision to make on your network however, and your mileage may vary dramatically. Now the wizard will prompt you to install DNS on this server since it is the first Domain Controller in the forest. Go ahead and accept the DNS Server and Global Catalog options.
Active Directory is very “chatty” or verbose by nature, and will generate lots of useful data about itself, in addition to containing critical files and information in case you ever need to do a disaster recovery on this machine. In a perfect world, you would ideally want to store this information a separate volume – since this is a test environment I’m not terribly concerned where they are stored, so I’m going to accept the default locations. If you are deploying this in a planned production environment, you should plan accordingly and future proof your Domain Controller.
Click next, then set a strong password for your Directory Services Restore Mode Account. Make sure to write it down somewhere where it will not be lost; if you need it down the road for a disaster recovery you will be sunk unless you have this handy. Now review the summary screen and make sure that everything appears correct. Once you are satisfied, click next to kick off the final installation process.
The wizard now runs through and installs baseline configurations based on your selections, additional software and services needed on a Domain Controller, then prompts you to reboot the machine after completion. Hopefully everything completed successfully, and you now have a working and functional domain. I’ll post additional information about how to add a secondary Domain Controller for redundancy as time permits, but in the meantime enjoy your new environment.
Note : Part 2!
