لطفا منتظر باشید ...
Lesson 2: Installing Active Directory
This lesson presents information on installing and removing Active Directory
including using the Active Directory Installation Wizard. In addition, the lesson addresses the
database and shared system volume that Active Directory creates during installation and setting up
DNS for Active Directory. Finally, the lesson discusses domain modes.
After this lesson, you will be able to
Install Active Directory
Remove Active Directory from a domain controller
Estimated lesson time: 25 minutes
The Active Directory Installation Wizard
The Active Directory Installation Wizard can perform the following tasks:
Add a domain controller to an existing domain
Create the first domain controller of a new domain
Create a new child domain
Create a new domain tree
Install a DNS server
Create the database and database log files
Create the shared system volume
Remove Active Directory services from a domain controller
To launch the Active Directory Installation Wizard, run Configure Your Server on the Administrative
Tools menu of the Start menu, or run DCPROMO from the command prompt. These two methods will run the
Active Directory Installation Wizard on a stand-alone server and help you through the process of installing
Active Directory on the computer and creating a new domain controller.
As you install Active Directory, you can choose whether to add the new domain controller to an existing
domain or create the first domain controller for a new domain.
Adding a Domain Controller to an Existing Domain
If you choose to add a domain controller to an existing domain, you create a peer domain controller.
You create peer domain controllers for redundancy and to
reduce the load on the existing domain controllers.
Creating the First Domain Controller for a New Domain
If you choose to create the first domain controller for a new domain, you create a new domain. You
create domains on your network to partition your information, which enables you to scale Active Directory
to meet the needs of your organization. When you create a new domain, you can create a new child domain or
a new tree. Table 4.1 describes creating a new child domain and creating a new
domain tree.
Table 4.1 Creating New Domains
| Creating a New Domain | Description |
|---|---|
| New child domain | When you create a child domain, the new domain is a child domain in an existing domain. |
| New domain tree | When you create a new tree, the new domain is not part of an existing domain. You can create a new tree in an existing forest, or you can create a new forest. |
Configuring DNS for Active Directory
Active Directory uses DNS as its location service, enabling computers to find the location of domain
controllers. To find a domain controller in a particular
domain, a client queries DNS for resource records that provide the names and IP addresses of the
Lightweight Directory Access Protocol (LDAP) servers for the domain. LDAP is the protocol used to query
and update Active Directory, and all domain controllers run the LDAP service. You cannot install Active
Directory without having DNS on your network, because Active Directory uses DNS as its
location service. However, you can install DNS separately without Active Directory.
You can configure your Windows 2000 DNS server automatically using the
Active Directory Installation Wizard. Unless you are using a DNS server other than
Windows 2000 or you want to perform a special configuration, you do not need to manually configure
DNS to support Active Directory. However, if you want to set up a configuration other than the default
configuration that the Active Directory Installation Wizard sets up, you can manually configure DNS using
the DNS console. Manually configuring DNS is beyond the scope of this course; refer to the MCSE Training
Kit—Microsoft Windows 2000 Network Infrastructure Administration, for more information
on this topic.
NOTE
For detailed information on configuring DNS for Active Directory, see Chapter 5,
"DNS and Active Directory Integration."
The Database and Shared System Volume
Installing Active Directory creates the database and database log files, as well as the shared
system volume. Table 4.2 describes these files.
Table 4.2 Types of Files Created by Installing Active Directory
| Type of File Created | Description |
|---|---|
| Database and database log files | The database is the directory for the new domain. The default location for the database and database log files is systemroot\NTDS, where systemroot is the Windows 2000 directory. For best performance, place the database and the log file on separate hard disks. |
| Shared system volume | The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the group policy objects for both the current domain and the enterprise. The default location for the shared system volume is systemroot\SYSVOL. The shared system volume must be located on a partition or volume formatted with Microsoft Windows NT file system (NTFS) 5.0. |
Replication of the shared system volume occurs on the same schedule as replication of the Active
Directory. As a result, you may not notice file replication to or from the newly created system volume
until two replication periods have elapsed (typically, 10 minutes). This is because the first file
replication period updates the configuration of other system volumes so that they are aware of the newly
created system volume.
Domain Modes
There are two domain modes: mixed mode and native mode.
Mixed Mode
When you first install or upgrade a domain controller to Windows 2000 Server, the domain controller is set to run in mixed mode. Mixed mode allows the
domain controller to interact with any domain controllers in the domain that are running previous versions of Windows NT.
Native Mode
When all the domain controllers in the domain run Windows 2000 Server, and you do not plan to add
any more pre-Windows 2000 domain controllers to the domain, you can switch the domain from mixed mode
to native mode.
During the conversion from mixed mode to native mode
Support for pre-Windows 2000 replication ceases. Because pre-Windows 2000 replication is gone, you
can no longer have any domain controllers in your domain that are not running Windows 2000 Server.
You can no longer add new pre-Windows 2000 domain controllers to the domain.
The server that served as the primary domain controller during migration is no longer the
domain master; all domain controllers begin acting as peers.
NOTE
The change from mixed mode to native mode is one-way only; you cannot change from native mode to mixed mode.
To change the domain mode to native mode
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory
Users and Computers.
Right-click the domain and then click Properties.
On the General tab, click Change Mode.
In the Active Directory message box, click Yes, then click OK.
Restart your computer.
Removing Active Directory Services from a Domain Controller
Running DCPROMO from the Run dialog box on an existing domain controller allows you to
remove Active Directory from the domain controller, thus demoting it to a member server. If
the domain controller is the last domain controller in the domain, it will become a stand-alone server.
If you remove Active Directory from all domain controllers in a domain, you also delete the directory
database for the domain, and the domain no longer exists. Computers joined to this domain can no longer
log on to the domain or use domain services.
To remove Active Directory from a domain controller
Log on as Administrator.
Click Start, click Run, and then type DCPROMO in the Open box and click OK.
The Active Directory Installation Wizard appears.
Click Next on the Welcome To The Active Directory Installation Wizard page.
If the server is the last domain controller in the domain, select the check box, then click
Next.
Enter a user name and password with Enterprise Administrator privileges for the domain, then
click Next.
Enter and confirm the password to be assigned to the server Administrator account,
then click Next.
Click Next on the Summary page.
Click Finish to complete the removal of Active Directory from the computer.
Practice: Installing Active Directory
In this practice you install Active Directory on your stand-alone server, which will make it a domain controller of a new domain. In Exercise 1 you use the DCPROMO program and Active Directory Installation Wizard to install Active
Directory. In Exercise 2 you view the domain you have created. In Exercise 3 you are introduced to the Active Directory Users and Computers console. In
Exercise 4 you confirm that the DNS service is working.
Exercise 1: Promoting a Stand-Alone Server to a Domain Controller
In this exercise, you run DCPROMO to install the Active Directory service on your stand-alone server,
making it a domain controller in a new domain, in a new tree, and in a forest.
To install the Active Directory service on a stand-alone server
Restart your computer and log on as Administrator.
If the Windows 2000 Configure Your Server page opens, close it because the DCPROMO program
will be used instead to accomplish the tasks in this practice.
Click Start and then click Run.
The Run dialog box appears.
Type DCPROMO in the Open box and click OK.
The Active Directory Installation Wizard appears.
Click Next.
The Domain Controller Type page appears.
Select Domain Controller For A New Domain, then click Next.
The Create Tree Or Child Domain page appears.
Ensure that Create A New Domain Tree is selected, then click Next.
The Create Or Join Forest page appears.
Select Create A New Forest Of Domain Trees, then click Next.
The New Domain Name page appears.
In the Full DNS Name For New Domain box, type microsoft.com and click Next.
(If you are not using microsoft.com as your DNS domain name, type the name you are using for your DNS
domain name.)
After a few moments, the NetBIOS Domain Name page appears.
Ensure that MICROSOFT (or a shortened form of the DNS name you have chosen) appears in the Domain
NetBIOS Name box, then click Next.
The Database and Log Locations page appears.
Ensure that systemroot\NTDS is the location of both the database and the log and click Next.
(If you did not install Windows 2000 in the WINNT directory, both locations should default to the NTDS
folder in the folder where you did install Windows 2000.)
The Shared System Volume page appears.
Ensure that the SYSVOL folder location is systemroot\SYSVOL. (If you
did not install Windows 2000 in the WINNT directory, the SYSVOL location should default to a
SYSVOL folder in the folder where you installed Windows 2000.)
What is the one SYSVOL location requirement?
What is the function of SYSVOL?
Click Next to accept systemroot\SYSVOL (or the path where you installed Windows 2000)
as the path for SYSVOL.
The Active Directory Installation Wizard message box appears, reminding you to install and configure
a DNS server. Click OK. The Configure DNS page appears.
Select Yes, Install And Configure DNS On This Computer, then click Next.
The Permissions page appears.
Unless your network administrator tells you to do otherwise, select Permissions Compatible Only With Windows 2000 Servers, then click Next.
The Directory Services Restore Mode Administrator Password page appears.
Type the password you want to assign to this server''s Administrator account in the event the computer is started in Directory Services Restore mode, then click Next.
The Summary page appears, listing the options that you selected.
Review the contents of the Summary page, then click Next.
The Configuring Active Directory progress indicator appears as the Active Directory service is installed
on the server. This process will take several
minutes, during which you are prompted to place the Windows 2000 Server CD-ROM in your CD-ROM drive.
When the Completing The Active Directory Installation Wizard page appears, click Finish, then
click Restart Now.
Answers
Exercise 2: Viewing Your Domain Using My Network Places
In this exercise, you view your domain to verify Active Directory installation.
To view a domain using My Network Places
Log on as Administrator.
If the Windows 2000 Configure Your Server page appears, close it.
Double-click My Network Places.
The My Network Places window appears.
What selections do you see?
Double-click Entire Network, click the Entire Contents link, and then double-click Microsoft Windows Network.
What do you see?
Close the Microsoft Windows Network window.
Answers
Exercise 3: Viewing a Domain Using the Active Directory Users and Computers Console
In this exercise, you use the Active Directory Users and Computers console to view your domain.
To view a domain using the Active Directory Users and Computers console
Click Start, point to Programs, point to Administrative Tools, then click
Active Directory Users And Computers.
Windows 2000 displays the Active Directory Users and Computers console.
In the console tree, double-click microsoft.com (or the name of your domain).
What selections are listed under microsoft.com?
In the console tree, click Domain Controllers.
Notice that SERVER1 appears in the details pane. If you did not use SERVER1 as your server name,
the DNS name of your server appears in the details pane.
Close the Active Directory Users and Computers console.
Answers
Exercise 4: Testing Your DNS Server
In this exercise, you confirm that your DNS service is working.
To test your DNS service using the DNS console
Click Start, point to Programs, point to Administrative Tools, and then click DNS.
The DNS console appears. In the DNS console tree, right-click SERVER1
(or the name of your server), then click Properties.
The SERVER1 Properties dialog box appears. (If you did not use SERVER1 as your server name, the
dialog box will reflect your server name.)
Click the Monitoring tab.
Under Select A Test Type, select the A Simple Query Against This DNS Server check box and the A
Recursive Query To Other DNS Servers check box, then click Test Now.
On the SERVER1 Properties dialog box, under Test Results, you should see PASS in the Simple
Query and Recursive Query columns.
Click OK.
Close the DNS console.
Lesson Summary
In this lesson you learned about installing Active Directory, including running Windows 2000
Configure Your Server to start the Active Directory Installation Wizard. You can also go to a command
prompt and type DCPROMO to launch the Active Directory Installation Wizard. You can use the Active
Directory Installation Wizard to add a domain controller to an existing domain, to create the first domain
controller of a new domain, to create a new child domain, and to create a new domain tree. You also learned
how the Active Directory Installation Wizard can be used to remove Active Directory from a domain
controller.
In addition, you learned about the Active Directory database, which is the directory for the new domain,
and the database log files. The default location for the database and database log files is
systemroot\NTDS. You also learned about the shared system volume that Active Directory creates
during installation. The shared system volume is a folder structure that exists on all Windows 2000
domain controllers. It stores scripts and some of the group policy objects for both the current
domain and the enterprise. The default location for the shared system volume is systemroot\SYSVOL.
You learned how Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. You can configure your Windows 2000 DNS server automatically by using the Active Directory Installation Wizard. Unless you are using a DNS server other than Windows 2000 or you want to perform a special configuration, you do not need to manually configure DNS to support Active
Directory.
You also learned about mixed and native domain modes. Mixed mode allows compatibility with previous
versions of Windows NT. Native mode is only used when all domain controllers in the domain are running
Windows 2000 Server.
In the practice portion of this lesson, you used the Active Directory Installation Wizard to install
Active Directory on your computer, to promote your computer to a domain controller, and to create a domain.
You then viewed your domain
using My Network Places and the Active Directory Users and Computers console. Finally, you used
the DNS console to confirm that your DNS service is working.
