Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Home > Blogs > Windows Server > Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Like This Blog 1 Rick Trader
Added by July 16, 2012

This is Part 1 of a 3 part series in installing AD DS. In this blog we will explore establishing the AD DS Forest.

In Part 2 (Installing Active Directory – Adding a child domain to an existing Active Directory Domain Services Forest (AD DS) in Windows Server – Part 2) we explored how to add a child domain to an existing AD DS Forest.

In Part 3 (Installing Active Directory Adding a child domain to an existing Active Directory Domain Services Forest in Windows Server – Part 3) we will be adding a second tree to the forest.

The Active Directory Domain Services (AD DS) design team has finished the design phase for your new AD DS environment and now it is time to implement the new forest. Using Microsoft’s best practices the Domain Name System (DNS) will be pre-installed and configured to support our new domain. The following steps have been accomplished:

  • DNS has been installed
  • A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
  • A static IP Address was configured with the DNS entry pointing to the server’s own address.
  • On the computer properties sheet the DNS suffix has been modified to represent the new AD DS Domain name and the computer restarted.
  • After the computer has restarted verify the host has registered it A and Pointer records in DNS. (see diagram below)

DNS Manager Active Directory Domain Services AD DS Windows Server

Now that DNS is configured to support AD DS we can begin the installation.

The Local Administrator account should a strong password as it will become the first Administrator of the Domain and will be automatically be added to the following groups: Administrators, Domain Admins, Schema Admins, Enterprise Admins and Group Policy Creators Owners.

To install AD DS complete the following steps:
Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support this server becoming a Domain Controller.

1. Launch Server Manager and expand Roles, Click Add Roles.

Server Manager Active Directory Domain Services AD DS Windows Server
2. Review the Before You Begin page, Click Next. On the Select Server Roles Page, Check Active Directory Domain Services, on the Add features for Active Directory Domain Service, click Add Required Feature. Click Install

Active Directory Domain Services AD DS Windows Server
3. After reviewing the Introduction to Active Directory Domain Services screen, click Next.

Wizard Active Directory Domain Services AD DS Windows Server
4. On the Confirm Installation Selection page, click Install.

Install Active Directory Domain Services AD DS Windows Server

5. After the installation has completed, on the Installation Results screen, click Close.

Active Directory Domain Services AD DS Windows Server

Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

Using DCPROMO to make this server a Domain Controller and establish our first instance of AD DS.
1. In the Search programs and files box type DCPROMO press Enter.

DCPROMO Active Directory Domain Services AD DS Windows Server

2. The server will conduct a check to ensure the Binaries are installed.
Note: If the Binaries were not pre-installed, DCPROMO would install them at this point.

DCPROMO Active Directory Domain Services AD DS Windows Server

3. On the Welcome screen, click Next.
Note: If establishing a separate Tree in the Forest or creating a Replica Domain Controller from alternate location be sure to check the Use advanced mode installation.

Active Directory Domain Services AD DS Windows Server

4. Review the Operating System Compatibility page, click Next.

Opertating System Compatibility Active Directory Domain Services AD DS Windows Server

5. On the Choose a Deployment Configuration sheet, select the Create a new domain in a new forest radial button, click Next.

Note: Use the Existing Forest radial button to add a replica domain controller or child domain. If the Advanced Mode had been selected on the previous screen the option to create a tree in an existing forest would be available.

Deployment Configuration Active Directory Domain Services AD DS Windows Server

6. Enter the Fully Qualified Domain Name for your new domain. For this demonstration I will be USSHQ.Local. Click Next.

Deployment Configuration Active Directory Domain Services AD DS Windows Server

7. The AD DS Installation Wizard will verify the FQDN is unique.

Fully Qualified Domain Name Active Directory Domain Services AD DS Windows Server

8. Set Forest Function Level based off the AD DS design teams instructions, click Next.

Forest Function Level Active Directory Domain Services AD DS Windows Server

9. Set Domain Functional Level based on the AD DS design team’s instructions, click Next. Based on your Forest Functional Level setting then the options for the Domain Level will vary.

10. The AD DS installation wizard will now examine the current DNS configuration.

DNS Active Directory Domain Services AD DS Windows Server

11. On the Additional Domain Controller Options screen, click Next.

Domaing Controler Options Active Directory Domain Services AD DS Windows Server

12. A DNS Delegation is not required as DNS is installed on this server and the Forward Lookup Zone was created for this AD DS Domain. Select the N0, do not create the DNS delegation radial button, click Next.

Create DNS Active Directory Domain Services AD DS Windows Server

13. On the Location for Database, Log Files and SYSVOL sheet, click Next.
Note: If space or performance were concerned the files would be placed on a separate drive.

Log Files SYSVOL Active Directory Domain Services AD DS Windows Server

14. Enter a Restoration Password, click Next.
This password will be used when restarting the sever in Directory Services Restore Mode.

15. Verify your installation setting on the summary page, click Next.

Note: To create an unattended installation file click the Export setting button before clicking next.

Restore Active Directory Domain Services AD DS Windows Server

Note: The Active Directory Domain Services Installation Wizard will not install and configure AD DS based off your entries. The progress can be viewed from the dialog box in the middle of the screen.

16. Because DNS was installed and configured prior to promoting your first Domain Controller a prompt will come up stating the wizard was unable to create the DNS zone. Click OK.

DNS Zone Active Directory Domain Services AD DS Windows Server

17. Click Finish, then Restart Now to restart the server. Once restarted AD DS is installed and your AD DS Forest has been established.

Active Directory Domain Services AD DS Windows Server

Verifying the installation of AD DS
1. Logon to the Domain Controller using the Administrator account credentials.
2. Launch the DNS console and verify the creation of Service Records for the newly established AD DS Forest. Below is an expanded view of the new DNS structure.

AD DS is now installed. In the next part we will examine creating a child domain in an existing tree. Until then, RIDE SAFE!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Creating Dynamic DNS in Network Environments

0 223 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments

Windows 10 Managing, Deploying and Configuring – December 2, 2015

0 441 1

In this recorded Windows 10 training webinar from December 2, 2015, Windows Server instructor Rick Trader presents the deployment and management of Windows 10 Enterprise and the new Provisioning capability in Windows 10. Learn how to manage Windows 10 deployments using System Center Configuration Manager, Mobile Device Management and Intune. Also included in his presentation … Continue reading Windows 10 Managing, Deploying and Configuring – December 2, 2015

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 630 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Pingback: Installing Active Directory Adding a child domain to AD DS Forest in Windows Server - Part 3

Share your thoughts...

Please fill out the comment form below to post a reply.