Active Directory stores information about users, computers and other devices on your network. It helps Administrators by centralising authentication and policy deployment saving time in creating and maintaining user accounts. Active directory is also needed for multiple Microsoft products such as Microsoft Exchange.
This guide will take you through the steps of installing Active Directory on Windows Server 2008. For this guide we will install Active Directory in a new forest this will be explained later on. Although installing a domain controller in an existing domain or indeed installing a new domain in an existing forest is a very similar installation as the one in this guide.
Installing Active Directory
Lets start by assigning a static IP to the server this will make the installation easier. Assigning an IP in Windows Server 2008 is exactly the same as it is in Windows Vista and Windows 7. Just go to the Networking and Sharing Center and then click on network Connections and chane the properties of the correct NIC(Network Interface Card).
Now open up Server Manager (Click Start then Server Manager), then click on Roles. On the right hand side click on Add Roles. This will open up the Add Roles Wizard. On the begging screen click on Next then you can select the Role you want to install, for us this is the Active Directory Domain Services:
Click Next and this will take you to the information screen which explains the role being installed. Click Next again, now in this windows read carefully as it will tell you how to configure Active Directory after the Role is installed:
So click on Install and this will install the Role, this might take a while just be patient. Once installed it will again tell you how to finish the installation, so click on close
Now if you did read carefully you will have noticed the wizard said DCPromo.exe has to be run in order to complete the configuration and installation of Active Directory. Click on start and then run, type dcpromo.exe and press enter. This will start the Active Directory Domain Services Installation Wizard, lets select the advanced configuration:
Click Next. You will get a warning stating that older operating systems may not work with the Server 2008 Active Directory Servers. This is due to a new Security feature in Windows Server 2008 but it is nothing to worry about unless you have old software such as Windows NT 4.0, click next.
Now we have the option of what we want to do, as said previously we will create a new domain in a new forest. If you wanted to add an extra domain controller to an existing domain or create a new domain in an existing forest you would select the other option. Click next.
Here you might recieve an error stating that the local administrator password has not been set or the password is not complex enough:
As the local administrator account will become the domain administrator account after the installation a password needs to be set. Don’t worry if you havn’t set a password you can set one now by going to Server Manager then Configuration and then Users, right click administrator and click on Reset Password. Now you can carry on with the installation.
You are now required to enter a FQDN (Fully Qualified Domain Name) for this guide we will use test.local, click next and now a NETBIOS name has automatically been created for you. We will keep this automatically created NETBIOS name and click next.
After this you can set the Forest Functional Level. This is important, you should set the level to the lowest version of Windows Server you are running. If the only servers you are running are Server 2008 then set it to the highest level of Server 2008. The highest the level the more advanced features there will be. For example setting the Domain Function Level to Server 2008 R2 provides better support for Windows 7 especially with GPO’s(Group Policy Object). Select the level you require and click Next
In this window you can select additional features, as we dont have any other servers yet we will have to select DNS as Active Directory needs DNS to be installed. Click on Next
If you have not assigned a static IP yet you will be asked whether you want to assign one. It is advisable to assign a static IP. You will also get a warning about a DNS Server not being contactable, this is a warning we can ignore because no DNS is installed yet.
In the Next stage we need to specify where to put the Database files and log files, these are important especially if something goes wrong later on as these files may be needed to restore your AD. For the best performance the database files should be saved on a different hard drive to the log files, specify there locations and click Next. Specifiy a Recovery password and make sure you remember it, hopefully you may never need it but it is definately a usefull password to remember. The installation will now proceed, you will notice the first thing to be installed is DNS:
The Active Directory SCHEMA will then be installed and the Active Directory installation will finished. Once finished reboot your server and wait for it to come back online
NOTE – This may take longer than usual
Verifying Installation
Lets take a look at what was installed. First look in Start->Administrative Tools:
As you can see some new tools hav been installed. One tool you will use the most is Active Directory Users and Computers, here you can create groups, new users and computer accounts. Another extremely usefull tool is Group Policy Management with this tool you can create, delete and edit GPO’s.
Lets look at what Roles have been installed by going to Server Manager and expanding Roles:
Here we can see the Role we installed before (Active Directory Domain Services) and also the DNS Role that DCPromo installed automatically
The basics of Active Directory have now been done and AD is ready to be populated with your users and policies are ready to be made. Future posts on GPO’s and security will be posted later so stay tuned
The post Installing Active Directory Server 2008 appeared first on Tom's Blog.