The wizard windows will appear. In the Operating System Compatibility windows read the requirements for the domain's clients and if you like what you see - press Next. Choose Domain Controller for a new domain and click Next.
Choose Create a new Domain in a new forest and click Next. Enter the full DNS name of the new domain, for example - kuku. This step might take some time because the computer is searching for the DNS server and checking to see if any naming conflicts exist. Click Next 8. Accept the Database and Log file location dialog box unless you want to change them of course.
Accept the Sysvol folder location dialog box unless you want to change it of course. This folder must be on an NTFS v5. This folder will hold all the GPO and scripts you'll create, and will be replicated to all other Domain Controllers. You should check your settings. Go back to steps 1, 2 and 3.
You have an option to let Dcpromo do the configuration for you. Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1 - 3.
If your DNS settings were right, you'll get a confirmation window. Just click next. Accept the Permissions compatible only with Windows or Windows Server settings, unless you have legacy apps running on Pre-W2K servers. Enter the Restore Mode administrator's password. Review your settings and if you like what you see - Click Next. See the wizard going through the various stages of installing AD. You'll wreck your computer if you do.
If you see you made a mistake and want to undo it, you'd better let the wizard finish and then run it again to undo the AD. If all went well you'll see the final confirmation window. You must reboot in order for the AD to function properly.
Click Restart now. First, see that the Administrative Tools folder has all the AD management tools installed. Run Active Directory Users and Computers or type "dsa. See that all OUs and Containers are there.
Run Active Directory Sites and Services. See that you have a site named Default-First-Site-Name, and that in it your server is listed. If they don't like in the following screenshot , your AD functions will be broken a good sign of that is the long time it took you to log on. The "Preparing Network Co nnections" windows will sit on the screen for many moments, and even when you do log on many AD operations will give you errors when trying to perform them.
Another reason for the lack of SRV records and of all other records for that matter is the fact that you DID configure the DNS server manually, but you made a mistake, either with the computer suffix name or with the IP address of the DNS server see steps 1 through 3.
Open the DNS console. See that you have a zone with the same name as your AD domain the one you've just created, remember?
See that within it you have the 4 SRV record folders. Right-click the zone you created, and then click Properties. On the General tab, under Dynamic Update, click to select "Nonsecure and secure" from the drop - down list, and then click OK to accept the change.
Or from the command prompt type "net stop netlogon", and after it finishes, type "net start netlogon". Let it finish, go back to the DNS console, click your zone and refresh it F5. If all is ok you'll now see the 4 SRV record folders. It should be exactly the same as the AD Domain name. Also check the computer's suffix see step 1. You won't be able to change the computer's suffix after the AD is installed, but if you have a spelling mistake you'd be better off by removing the AD now, before you have any users, groups and other objects in place, and then after repairing the mistake - re-running DCPROMO.
Check the NTDS folder for the presence of the required files. If all of the above is ok, I think it's safe to say that your AD is pro perly installed. If not, read Troubleshooting Dcpromo Errors and re-read steps in this article. Troubleshooting Dcpromo Errors Some common issues that you may encounter with Active Directory installation and configuration can cause a partial or complete loss of functionality in Active Directory. You can modify the DNS configuration by following these steps: 1.
Right-click My Network Places and then click Properties. Click Advanced, and then click the DNS tab. This should be the computer's own IP address if it is the first server or if no dedicated DNS server will be configured. If the resolution of unqualified names setting is set to Append these DNS suffixes in order , the Active Directory DNS domain name should be listed first at the top of the list. Verify that the Register this connection's addresses in DNS check box is selected.
Start the DNS Management console. There should be a host record an "A" record in Advanced view for the computer name. An Active Directory-integrated zone is different from a standard primary zone in several ways. This causes DNS replication to create multiple masters, and it allows any DNS server to accept updates for a directory service- integrated zone.
This allows an administrator to precisely control which computers can update which names, and it prevents unauthorized computers from obtaining existing names from DNS. Expand the zone information under the server name. There should be an entry for the domain. Other zone entries may exist. There should not be a dot ". If the dot ". The dot ". Typically, an Active Directory domain that needs external Internet access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration by using Ipconfig after you delete the dot ". The Netlogon service may also need to be restarted. Netdiag is included with the Windows Support tools.
Note: The server may need to reregister its IP configuration by using Ipconfig after you run Netdiag. Manually re-create the DNS zone 1.
Right-click the name of the zone, and then click Delete. Click OK to acknowledge any warnings. The Forward Lookup zones no longer list the deleted zone. The New Zone Wizard starts. Click Next to continue. Click the appropriate zone type either Active Directory-integrated or Standard primary, and then click Next. Type the name of the zone exactly as it appears in Network Identification, and then click Next. Click the appropriate zone file, or a new zone file.
The newly created zone appears in the DNS Management console. The Netlogon service is stopped. The Netlogon service is restarted. Refresh the view in the DNS Management console. You can configure this by right-clicking the name of the zone, and then clicking Properties. If dynamic updates are not allowed, all host registration must be completed manually. To configure forwarders on the DNS server: 1. Right-click the name of the server, and then click Properties. Click to select the Enable Forwarders check box.
Remember, the domain administrator account password is the same as the current local administrator password. A ft er a few minutes, Active Directory should be installed.
Click on Finish and restart the server. Active Directory installation should now be complete. Founder of Help Desk Geek and managing editor.
He began blogging in and quit his job in to blog full-time. He has over 15 years of industry experience in IT and holds several technical certifications. Read Aseem's Full Bio.
Your email address will not be published. We hate spam too, unsubscribe at any time. Reading: Windows Active Directory Setup:dcpromo. Windows Active Directory Setup:dcpromo Makes the server a domain controller. Table of Contents. Subscribe on YouTube! Did you enjoy this tip? We cover Windows, Mac, software and apps, and have a bunch of troubleshooting tips and how-to videos. Click the button below to subscribe!
Leave a Reply Cancel reply Your email address will not be published. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps:.
The final step in this process is to add a member server to the domain. This process also applies to workstations. To add a computer to the domain, follow these steps:.
Click OK. When you are prompted, type the user name and password of the account that you previously created, and then click OK. After you have completed the installation of Active Directory, you may not be able to start the Active Directory Users and Computers snap-in, and you may receive an error message that indicates that no authority can be contacted for authentication. This can occur if DNS is not correctly configured. To resolve this issue, verify that the zones on your DNS server are configured correctly and that your DNS server has authority for the zone that contains the Active Directory domain name.
If the zones appear to be correct and the server has authority for the domain, try to start the Active Directory Users and Computers snap-in again.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
0コメント