Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Home > Blogs > Windows Server > Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Installing Active Directory Domain Services – Establishing an AD DS Forest in Windows Server – Part 1

Like This Blog 1Rick Trader
Added by July 16, 2012

This is Part 1 of a 3 part series in installing AD DS. In this blog we will explore establishing the AD DS Forest.

In Part 2 (Installing Active Directory – Adding a child domain to an existing Active Directory Domain Services Forest (AD DS) in Windows Server – Part 2) we explored how to add a child domain to an existing AD DS Forest.

In Part 3 (Installing Active Directory Adding a child domain to an existing Active Directory Domain Services Forest in Windows Server – Part 3) we will be adding a second tree to the forest.

The Active Directory Domain Services (AD DS) design team has finished the design phase for your new AD DS environment and now it is time to implement the new forest. Using Microsoft’s best practices the Domain Name System (DNS) will be pre-installed and configured to support our new domain. The following steps have been accomplished:

  • DNS has been installed
  • A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
  • A static IP Address was configured with the DNS entry pointing to the server’s own address.
  • On the computer properties sheet the DNS suffix has been modified to represent the new AD DS Domain name and the computer restarted.
  • After the computer has restarted verify the host has registered it A and Pointer records in DNS. (see diagram below)

DNS Manager Active Directory Domain Services AD DS Windows Server

Now that DNS is configured to support AD DS we can begin the installation.

The Local Administrator account should a strong password as it will become the first Administrator of the Domain and will be automatically be added to the following groups: Administrators, Domain Admins, Schema Admins, Enterprise Admins and Group Policy Creators Owners.

To install AD DS complete the following steps:
Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support this server becoming a Domain Controller.

1. Launch Server Manager and expand Roles, Click Add Roles.

Server Manager Active Directory Domain Services AD DS Windows Server
2. Review the Before You Begin page, Click Next. On the Select Server Roles Page, Check Active Directory Domain Services, on the Add features for Active Directory Domain Service, click Add Required Feature. Click Install

You may also like:  Dynamic User Account in Windows Server 2016 and the Need for Auditing Services

Active Directory Domain Services AD DS Windows Server
3. After reviewing the Introduction to Active Directory Domain Services screen, click Next.

Wizard Active Directory Domain Services AD DS Windows Server
4. On the Confirm Installation Selection page, click Install.

Install Active Directory Domain Services AD DS Windows Server

5. After the installation has completed, on the Installation Results screen, click Close.

Active Directory Domain Services AD DS Windows Server

Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

Using DCPROMO to make this server a Domain Controller and establish our first instance of AD DS.
1. In the Search programs and files box type DCPROMO press Enter.

DCPROMO Active Directory Domain Services AD DS Windows Server

2. The server will conduct a check to ensure the Binaries are installed.
Note: If the Binaries were not pre-installed, DCPROMO would install them at this point.

DCPROMO Active Directory Domain Services AD DS Windows Server

3. On the Welcome screen, click Next.
Note: If establishing a separate Tree in the Forest or creating a Replica Domain Controller from alternate location be sure to check the Use advanced mode installation.

Active Directory Domain Services AD DS Windows Server

4. Review the Operating System Compatibility page, click Next.

Opertating System Compatibility Active Directory Domain Services AD DS Windows Server

5. On the Choose a Deployment Configuration sheet, select the Create a new domain in a new forest radial button, click Next.

Note: Use the Existing Forest radial button to add a replica domain controller or child domain. If the Advanced Mode had been selected on the previous screen the option to create a tree in an existing forest would be available.

Deployment Configuration Active Directory Domain Services AD DS Windows Server

6. Enter the Fully Qualified Domain Name for your new domain. For this demonstration I will be USSHQ.Local. Click Next.

Deployment Configuration Active Directory Domain Services AD DS Windows Server

7. The AD DS Installation Wizard will verify the FQDN is unique.

Fully Qualified Domain Name Active Directory Domain Services AD DS Windows Server

8. Set Forest Function Level based off the AD DS design teams instructions, click Next.

Forest Function Level Active Directory Domain Services AD DS Windows Server

9. Set Domain Functional Level based on the AD DS design team’s instructions, click Next. Based on your Forest Functional Level setting then the options for the Domain Level will vary.

10. The AD DS installation wizard will now examine the current DNS configuration.

DNS Active Directory Domain Services AD DS Windows Server

11. On the Additional Domain Controller Options screen, click Next.

You may also like:  Two ways to launch a Windows Command Prompt as user SYSTEM

Domaing Controler Options Active Directory Domain Services AD DS Windows Server

12. A DNS Delegation is not required as DNS is installed on this server and the Forward Lookup Zone was created for this AD DS Domain. Select the N0, do not create the DNS delegation radial button, click Next.

Create DNS Active Directory Domain Services AD DS Windows Server

13. On the Location for Database, Log Files and SYSVOL sheet, click Next.
Note: If space or performance were concerned the files would be placed on a separate drive.

Log Files SYSVOL Active Directory Domain Services AD DS Windows Server

14. Enter a Restoration Password, click Next.
This password will be used when restarting the sever in Directory Services Restore Mode.

15. Verify your installation setting on the summary page, click Next.

Note: To create an unattended installation file click the Export setting button before clicking next.

Restore Active Directory Domain Services AD DS Windows Server

Note: The Active Directory Domain Services Installation Wizard will not install and configure AD DS based off your entries. The progress can be viewed from the dialog box in the middle of the screen.

16. Because DNS was installed and configured prior to promoting your first Domain Controller a prompt will come up stating the wizard was unable to create the DNS zone. Click OK.

DNS Zone Active Directory Domain Services AD DS Windows Server

17. Click Finish, then Restart Now to restart the server. Once restarted AD DS is installed and your AD DS Forest has been established.

Active Directory Domain Services AD DS Windows Server

Verifying the installation of AD DS
1. Logon to the Domain Controller using the Administrator account credentials.
2. Launch the DNS console and verify the creation of Service Records for the newly established AD DS Forest. Below is an expanded view of the new DNS structure.

AD DS is now installed. In the next part we will examine creating a child domain in an existing tree. Until then, RIDE SAFE!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 69 1

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

0 303 2

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

2 138 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Pingback: Installing Active Directory Adding a child domain to AD DS Forest in Windows Server - Part 3

Share your thoughts...

Please fill out the comment form below to post a reply.