New Forest/Domains/Child Domains with Server 2008
We will be installing and setting up a new domain controller by using dcpromo.exe. I think Microsoft has done a really good job at making this process pretty easy. That is unless something goes wrong when trying to remove one and you have to end up manually remove the domain controller (we won’t get into that for this article).
1. First you will goto Start -> Run -> Then type in: dcpromo
2. Now a dialog box will popup like the one below and will check to see if the Active Directory Domain Services binaries are already installed. If they are not then you will see another dialog box saying that it is currently installing them after the check.
3. Now the wizard should be started aftering checking/installing the binaries. There is an advanced mode that you could choose but for this article we will be leaving it unchecked. If you check the box you will get some more options like creating a new domain in an existing forest, but adding it to a new Domain Tree. Normally when you create a new domain it will be a child domain under the Forest Root Domain (which we are creating now)
4. Take a minute to read over the new security features that could possibly affect your older systems if you have any. Click Next
5. If you do not happen to have DNS configured you will be prompted with this dialog. What this is saying is that you apparently left the Primary and Secondary DNS servers IP address blank on the nic card configuration (meaning you cannot resolve names). For small to medium sized businesses I usually installed 1-2 domain controllers with DNS server on each of them. I do not install a server just for DNS.
So in this case we are going to check the checkbox so it will install a DNS server for us and automatically place 127.0.0.1 as the primary DNS server on this server (which makes it look at itself for DNS resolution).
6. Since we don’t have any domain controllers setup we are going to select Create a new domain in a new forest (Called Forest Root Domain). The other options allow you to create another domain to add to an existing one (Doing this now gives your more domain controllers that store the same data but in multiple locations. This helps in case one domain controller fails since you won’t lose all of your data due to the other domain controller still having it. Also it helps with balancing workloads to different domain controllers which can help with performance).
When you create a new domain in an existing forest it will create a child domain (unless you chose Advanced Mode and selected New Domain Tree). A child domain shares the namespace with its parent domain. It automatically has a two-way, transitive trust with the parent domain. If you do not want this then that is where you would create a new domain tree (example would be business acquisition or merging or multiple businesses).
Parent and Child Domains would be like:
- Dixonblog.com (Forest root domain)
- IT.Dixonblog.com (child domain)
- Sales.Dixonblog.com (child domain)
- Jacobblog.com (new Domain Tree)
7. Enter the FQDN of the forest root domain and then click Next (I entered dixonblog.com. It can be anything you want)
8. Next (if you didn’t select Advanced mode.. you were not supposed to) you will be prompted to select the Forest Functional Level. Please be sure to read the different details for each functional level. You can not go in reverse direction once this is done. Some products like Microsoft Exchange require the functional level to be at a certain level (depending on the version).
9. If you have selected Windows Server 2008 in the previous step then you will not be prompted with this dialog box. This is to set the Domain Functional Level (this is different from the Forest Functional Level)
10. The next dialog box (Additional Domain Controller Options) allows you to select some thing like DNS server, Global catalog, and read only domain controller). Now all of these items are grayed out because since this is our first domain controller it has to be the global catalog, and if you remember in step 5 we told it to automatically correct the problem by installing a DNS server. Also you cannot install a read only domain controller if no other domain controller exist.
11. The next box is telling you that it could not find the delegation. Reason being is because our DNS server hasn’t installed yet.
12. The next step is wanting you to specify the location to save the log files, database, and sysvol directories. The database houses the information, the log files log everything that goes on (updating, deleting, etc) with objects, and the sysvol folder is used to store data for clients to access. The sysvol folder is where you store all your logon scripts, group policies, etc.
Note: Microsoft recommends installing the database and log files on seperate volumes, but for smaller environments it really isn’t nessessary imo.
13. Your next step will be to create a password used to run in restore mode. Hopefully you won’t ever use this, but always keep this password and don’t lose it
14. Your next screen will be a summary. It will describe everything it will do. You might notice the Export Settings button. You can actually export these settings and use them again to setup new domain controllers. So you wouldn’t have to go through all these steps again. It saves in a answer file that you could easily edit with notepad.
15. Installation will begin. It will install the DNS server, Group policy console, configure the computer to host active directory, and some other things.
16. I don’t have a picture but it will just display a summary once it has finished (assuming that nothing fails). Once you click OK it will ask you to reboot your server unless you checked theReboot on completion checkbox.