Installing Active Directory Adding a child domain to an existing Active Directory Domain Services Forest in Windows Server – Part 3
Installing Active Directory Adding a child domain to an existing Active Directory Domain Services Forest in Windows Server – Part 3
In Part 1 of this series (Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1) I wrote on how to establish an Active Directory Forest.
In Part 2 (Installing Active Directory – Adding a child domain to an existing Active Directory Domain Services Forest (AD DS) in Windows Server – Part 2) we explored how to add a child domain to an existing AD DS Forest.
This is Part 3 and we will be adding a second tree to the forest. The Active Directory Domain Services (AD DS) design team has finished the design phase for your new AD DS environment and now it is time to implement the new domain tree. The Domain Name System (DNS) will be installed in the forest root domain and configured to support our new domain tree and domain. To following steps have been accomplished:
- DNS has been installed
- A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
- A static IP Address was configured with the DNS entry pointing to it’s own address.
- On the server that AD DS will be installed on the properties sheet the DNS suffix has been modified to represent the new AD DS Domain name and the computer restarted.
- After the computer has restarted verify the host has registered it A and Pointer records in DNS. (see diagram below)
Now that DNS is configured to support AD DS we can begin the installation.
The Local Administrator account should have a strong password as it will become the first Administrator of the Domain and will be automatically added to the following groups: Administrators, Domain Admins, and Group Policy Creators Owners.
To install AD DS complete the following steps:
Use PowerShell to add the Active Directory Domain Services Role to install the Binaries to support this server becoming a Domain Controller.
In the first of the series I used Server Manager to install the AD DS Role in order to install the AD DS Binaries required to promote the server to a domain controller. In the second of the series I used DCPROMO.EXE to install the AD DS Role in order to install the AD DS Binaries required to promote the server to a domain controller.
1. Start PowerShell, to get a list of available PowerShell manifests, type get-module –listavailable, press Enter.
2. Import the ServerManager module, type import-module ServerManger, press Enter.
3. To view the currently installed Roles and Features or the name of the Role or Feature you wish to install, type get-windowsfeature press Enter.
If a role or feature is installed there will be an X inside the brackets for that feature.
4. To add the ADDS Binaries, type Add-WindowsFeature ADDS-Domain-Controller press Enter.
The Binaries are now installed on the server to support this server becoming a Domain Controller. Continue using DCPROMO to promote this computer to a Domain Controller.
5. To start the promotion of the server to a domain controller, open a command prompt and type DCPROMO press Enter, the server will conduct a check to ensure the Binaries are installed.
If the Binaries were not pre-installed, DCPROMO will install them.
6. On the Welcome screen, because we are establishing a separate Tree in the Forest be sure to check the Use advanced mode installation then press Enter.
If establishing a separate Tree in the Forest or creating a Replica Domain Controller from alternate location be sure to check the Use advanced mode installation.
7. Review the Operating System Compatibility page, click Next.
8. On the Choose a Deployment Configuration sheet, select the Existing forest and Create a new domain in an existing forest radial buttons, Check Create a new domain tree root instead of a new child domain, click Next.
9. Enter the Fully Qualified Domain Name for the forest root domain. For this demonstration I will be USSHQ.Local.
10. To create a child domain requires Enterprise Administrator credentials. Click Set to provide Alternate credentials. After entering the credentials click OK then Next.
11. On the Name the New Domain Tree Root page enter the FQDN of the new domain. In this example I will be using Military.Local for the domain name.
12. The AD DS Installation Wizard will verify the FQDN is unique, the Netbios name and validity of the Forest.
13. Set Domain Functional Level based on the AD DS design team’s instructions, click Next.
Based on your Forest Functional Level setting the options for the Domain Level will vary.
14. If more than one site were available on the Select a Site you could select a site to place the domain controller object.
If more than one site were defined in AD DS the site that corresponds to the IP Address of the server would automatically have been selected.
15. The AD DS installation wizard will now examine the current DNS configuration.
16. On the Additional Domain Controller Options screen, click Next.
If you desired this new domain controller to be a DNS server or a Global catalog server then check the appropriate boxes. The ROCD option is greyed out because there is currently only one site defined in AD DS.
If you choose not to install DNS on the first domain controller in the child domain, a dialog box will require to click confirm you do not desire DNS on the server. Click Yes to continue.
17. On the Source Domain Controller page, press Next.
18. On the Location for Database, Log Files and SYSVOL sheet, click Next.
If space or performance were concerned the files would be placed on a separate drive.
19. Enter a Restoration Password, click Next.
This password will be used when restarting the sever in Directory Services Restore Mode.
20. Verify your installation setting on the summary page, click Next.
To create an unattended installation file click the Export setting button before clicking next.
The Active Directory Domain Services Installation Wizard will not install and configure AD DS based off your entries. The progress can be viewed from the dialog box in the middle of the screen.
21. Click Finish, then Restart Now to restart the server. Once restarted AD DS is installed and your AD DS Forest has been established.
Verifying the installation of AD DS
1. Logon to the Domain Controller using the Administrator account credentials.
2. Launch the DNS console and verify the creation of Service Records for the newly established AD DS Forest. Below is an expanded view of the new DNS structure.
Your new domain controller in your new domain tree with AD DS is now installed.
Until next time, RIDE SAFE!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ
You May Also Like
Active Directory, Active Directory Domain Services, AD DS, DCPROMO, DNS, Domain Function Level, FQDN, Powershell, SYSVOL, Windows Server
Creating Dynamic DNS in Network Environments
0 649 1This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments
Cable Testers and How to Use them in Network Environments
0 753 1This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments
Establishing a Theory of Probable Cause in Network Troubleshooting
0 862 3This content is from our CompTIA Network + Video Certification Training Course. Start training today! When issues arrive in network environments, it’s common to focus on the final fix and document the solutions taken. In many cases, it’s equally important to identify the actual cause of the issue. In this video, CompTIA Network + instructor … Continue reading Establishing a Theory of Probable Cause in Network Troubleshooting
Pingback: Installing Active Directory Domain Services - AD DS Forest in Windows Server – Part 1