Wednesday, January 20, 2010

How To Create An Active Directory Server In Windows Server 2003 And Windows Server 2008

Before, you are going to install and configure a new Active Directory installation in a laboratory environment that has Windows Server 2003 and Active Directory; you should have two networked servers that are running Windows Server 2003.

Procedure to create the Active Directory
If you finish the installation of the Windows Server 2003 on a stand-alone server, you have to run the Active Directory Wizard in order to create a new Active Directory Forest or Domain. Then you can convert the Windows Server 2003 Computer into the first Domain Controller in the forest. Get ready to convert the Windows Server 2003 Computer to the first domain controller in the forest.

• Insert the Windows Server 2003 CD-ROM in the Computer’s Optical Drive.
• Now, click Start choose Run and then type “dcpromo” in the Run prompt.
• Now, you have to click OK to start the Active Directory Installation Wizard.
• Now, click Next.
• Then click Domain Controller for a new domain and then click on Next.
• Thereafter, click Domain in a new forest. Then click Next.
• Now, you have to specify the full DNS name for the new Domain as this procedure is for a laboratory environment and not to integrate the environment to the existing DNS infrastructure. Therefore, you can use something generic like mycompany.local, for this setting. Click Next.
• Then you can accept the default domain NetBIOS name then click Next.
• Now, you can set the Database and log file location to the Default settings of the c:\winnt\ntds folder.
• Now, click Next.
• Then set the Sysvol folder location to the default settings of the c:\winnt\sysvol folder, and then click Next.
• Thereafter, you can proceed with Install and configure the DNS server on this computer.
• Once you choose this, click on Next.
• Choose Permissions compatible only with Windows 2000 or Windows Server 2003 servers or the Operating Systems and then choose Next.
• Moreover, as this is a laboratory environment, you have to enter a password for the Directory Services Restore Mode Administrative Blank.
• You have to note that it is in a full production environment, this password is set by using a Secure Password format.
• Then click Next.
• Now, you have to review and confirm the options you have selected.
• Then click Next.
• Now, the installation of the Active Directory proceeds. Remember, this option will take several minutes.
• You have to restart the Computer if it is prompted. Then confirm the Domain Name System (DNS) service location records for the new domain controllers that have been created. If you want to confirm the DNS Service location records, use the following steps.
a. Go to Administrative Tools from the Start Menu.
b. Then choose DNS to start DNS Administrator Console.
c. Now, you can expand the Server name, expand the Forward Lookup Zone, and then expand the Domain.
d. Now, you have to verify if the _msdcs, _sites, _tcp, and _udp folders are present.
Procedure to add Users and Computers to the Active Directory Domain
1. To create a new user, follow these steps:
Once you finish creating the new Active Directory Domain, you can create a user account in that domain in order to use as an Administrative account. If you add any user to the particular security groups, you have to use the account to add Computers to the Domain.
Get ready to create a new user. Steps are waiting for you.
a) As usual begin with Start menu, choose Administrative Tools then choose Active Directory Users and Computers in order to start the Active Directory Users and Computers console.
b) Now, click the Domain Name that you have created and then expand the Contents.
c) Now, right click Users, choose point to New and then click User.
d) After that, you have to type the first name, last name and user logon name of the new users.
e) Click Next.
f) Now, you can type new passwords, confirm passwords and to give more security.
g) After that, you can choose any one of the following options.
h) Review the information that you provided, and if everything is correct, click Finish.

  • Users must change password at next logon (recommended for most users)

  • User cannot change password

  • Password never expires

  • Account is disabled

Click Next.
I) Now, you can review the information that you provided. If everything you entered is correct, click Finish.

2. After creating the new users, you have to give the user account membership in a group that lets the users perform the Tasks of the Administrator. After creating the users, we have to set membership to the users to perform administrative tasks. Moreover, we can give the full administrative access to the users by making the account to the Schema, Enterprise and Domain administrator groups.

Right click the new account that you created on the Active Directory Users and Computers Console then choose Properties.
a) First, click the Member Of tab and then click Add.
b) Now, in the Select Group dialog box, you can specify a group and then click OK to add the groups that you want in the list.
c) Then, you have to repeat the selection process for each group in which the users need account membership.
d) Then click OK to finish.
3. Adding member server to the domain is the last step in this creating Active Directory in the Windows Server 2003. Moreover, this process is suitable for workstations. If you want to add a computer to the Domain, make use of the following steps.
. Log on to the computer that you want to add to the domain.
a. Now, begin with Right click on My Computer, choose Properties.
b. Then click the Computer Name tab, then click Change.
c. After that, in the Computer Name tab, choose Change.
d. Then in the Computer Name Changes dialog box, click Domain under Member Of.
e. Then type the Domain name.
f. Click OK.
g. If you want to type the user name and password of the account that you previously created, you can enter when system prompts.
h. Then click OK.
i. Now, you can get a message that welcomes you to the domain is generated.
j. After that, click OK to return to the Computer Name tab.
k. Then click OK to finish.
l. Now, you have to restart the Computer, if you are prompted to restart.

Opening Active Directory Snap-ins shows error

Once you finish the installation of Active Directory, you will not be able to start the Active Directory Users and Computers snap-in and you can receive an error message that indicates that no authority can be contacted for the authentication. This happens if the DNS is improperly configured.

If you want to resolve the issue, you have to verify the Zones on your DNS Server if they’re configured properly and the DNS server has authority for the Zone that has the Active Directory Domain name. If you find that the Zones are correct and the server has authority for the Domain, try to perform Active Directory Users and Computers snap-in again. However, if the error persists, you can use the “dcpromo” utility to remove the Active Directory, restart the Computer and then again reinstall the Active Directory. Then all it’s done.
• Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Operating System.
• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86 )Operating System.
• Microsoft Windows Server 2003, Standard Edition (32-bit x86) Operating System.
• Microsoft Windows Server 2003, 64-Bit Datacenter Edition Operating System.
• Microsoft Windows Server 2003, Enterprise x64 Edition Operating System.

Taken ,