Like This Blog 3

Added by Rick Trader October 31, 2012

 In this blog we will explore how to establish the AD DS Forest. For more see  add a replica Domain controller to an existing AD DS Domain. 

The Active Directory Domain Services (AD DS) design team has finished the design phase for your new AD DS environment and now it is time to implement the new forest.   Using Microsoft’s best practices the Domain Name System (DNS) will be pre-installed and configured to support our new domain.   The following steps have been accomplished:

• DNS has been installed
• A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
• A static IP Address was configured with the DNS entry pointing to the server’s own address.
• On the computer properties sheet the DNS suffix has been modified to represent the new AD DS Domain name and the computer restarted.
• After the computer has restarted verify the host has registered it A and Pointer records in DNS. (see diagram below)

Now that DNS is configured to support AD DS we can begin the installation.

The Local Administrator account should a strong password as it will become the first Administrator of the Domain and will be automatically be added to the following groups:  Administrators, Domain Admins, Schema Admins, Enterprise Admins and Group Policy Creators Owners.

To install AD DS complete the following steps:

Use Server Manager to add Active Directory Domain Services Role to install the Binaries to support this server becoming a Domain Controller.

1. Launch Server Manager, select Add roles and features.

2. Review the Before You Begin page, Click Next. 
3. On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.

4. On the Select destination server page Select the desired server from the Server Pool.

        Note:  The 2012 Server Manager allows roles and features to be installed remotely.

5. Click on the Active Directory Domain Services box.

6. The Add features that are required for Active Directory Domain Service dialog box pops up, select Add Features, click Next.

7. Do not add any features on the Select features page, click Next.

8. Review the Active Directory Domain Services information page, click next.

9. On the Confirm installation selections page, check the Restart the destination server automatically if required box, click Yes on the confirm dialog box, click Install.

10. The AD DS Binaries are now being installed, click Close to close the Installation progress dialog box.

11. After the installation has completed, the destination server will restart.

Note:  The Binaries are now installed on the server to support this server becoming a Domain Controller.  Use DCPROMO to promote this computer to a Domain Controller.

Using Server Manager to make this server a Domain Controller and establish our first instance of AD DS.

1. In previous versions of Windows Server you used DCPROMO to create the first Domain Controller.  On Window Server 2012 running DCPROMO will result in the following dialog box.  DCPROMO is still supported for unattended installations.

2. In Server Manager Title bare click on the yellow triangle to perform post-deployment configuration of promote the server to a Domain Controller.

3. Click on Promote this server to a domain controller to start the promotion wizard.

4. On the Deployment Configuration page, select the Add a new forest radial button, fill in the Root domain name box with your desired AD DS Domain Name , click Next.

5. On the Domain Controller Options page select your Forest and Domain functional levels, for this demo will leave the defaults of Windows Server 2012 for both, Enter a desired DSRM Password, click Next.

Note:  You are unable to de-select DNS or GC during this installation as it is the first Domain Controller in the forest

6. On the DNS Options page, de-select the Create DNS delegation as DNS is installed and configured to support our domain on this computer.  If the DNS Zone were not pre-configured a delegation would be required if DNS were being hosted on another computer.

7. The AD DS installation wizard will check the uniqueness of the NetBIOS name, at this point if you desire the NetBIOS name to be different you can change it, click Next.

8. On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.

9. On the Review Options page, click Next.

Note:  If a Unattended PowerShell installation script is desired, click view script and then save from the file drop down menu.

10. The AD DS Configuration Wizard will perform and Prerequisite check before the installation can continue.  After the check is completed successfully click Install

11. The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain.

Verifying the installation of AD DS

1. Logon to the Domain Controller using the Administrator account credentials.
2. Launch the DNS console and verify the creation of Service Records for the newly established AD DS Forest.  Below is an expanded view of the new DNS structure.

AD DS is now installed.   In the next part we will examine adding a replica domain controller to our existing domain. 

Until then, RIDE SAFE!

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ