Tag Archives: DNS

Step-by-Step Guide to manage DNS records in Azure Managed Domain (AAD-DS)

In my recent articles I was explaining how to enable Azure Active Directory Domain Service and how to manage its services using domain-joined server.

If you not read it yet please check my last post in here.

When you manage a local active directory instance, using DNS mmc you can manage the DNS records. But can we do same with Azure managed domain? Answer is yes. In this post I am going to show how to manage dns records using domain-joined azure vm.

In order to do that we need following prerequisites.

1)    Azure Active Directory Domain Service (AAD-DS) managed domain Instance
2)    Domain Joined Virtual Server
3)    User account with member of AAD DC Administrators group

I have explain all of above in my last 3-4 posts. Please follow them if you like to know more about those.
So in this demo, I am going to use the already setup Azure managed domain instance.

dnsad1

I also have a virtual server running on Azure with windows server 2016 TP5. It is already jointed to the managed domain.

dnsad2

dnsad3

To start with the configuration RDP to the virtual server

1)    Log in to server with member account of AAD DC Administrators group

dnsad4

2)    Open Server Manager > Add Roles and Features

dnsad5

3)    In first screen of wizard click on next to proceed

dnsad6

4)    In next window keep the default and click next

dnsad7

5)    In server selection keep it default and click next

dnsad8

6)    In server roles keep default and click next

dnsad9

7)    Under the features, go to Remote Server Administration Tools > Roles Administration Tools > DNS Server Tools. Then click next to proceed

dnsad10

8)    In next confirmation window click on install to install the tools

dnsad11

9)    Once it’s done go to server manager > tools > DNS

dnsad12

10)    On first start it will prompt where to connect. In their select the option as below and then type the managed domain you have in place. Then click ok

dnsad13

11)    It will open up the DNS mmc.

dnsad14

In here we can manage the DNS records as we need. There are some dns records which related to the managed domain service. So make sure those records are not modified or deleted.

The virtual machine no need to be on server version, if you install desktop version you can still managed dns by installing RSAT tools.

If you have any questions about the post feel free to contact me on rebeladm@live.com

Azure DNS

Azure DNS is now fully supported in the Azure Portal. Even it’s remain on preview mode it’s not too soon to start your testing before introduce to the production environment.

In your local AD infrastructure, AD DNS service is taken care of all your DNS entries. It can be A records, mail server records (MX), CNAME records, service records etc. the same methodology apply for the public domain names as well. For example let’s assume there is public domain name called contoso.com. There is web server which host contos.com web site and its ip address is 38.112.6.100. Also there is mail server running on 38.112.6.101. So I need A record for the web site and MX record for mail service. But how public internet know these values? I need DNS server to serve DNS enquires from internet.

There is few way to do this. Domain registrar allow to use their own DNS servers to setup your DNS records. Some do this as free service and some provide it as paid service. Also if you need you can setup your own DNS server and point public domain names to it.

Before choosing one of the above options it’s important to consider,

1)    Availability of the DNS servers – what if Primary DNS server go down? How to handle such situation and keep the organization services up and running?
2)    Performance – How to handle the DNS queries and provide faster response time?
3)    Fast DNS Updates – Normally if you add new DNS record or update existing record it can take 4-48 hours to fully resolve through internet.  But this can make impact based on the organization requirements. 

Why Azure DNS?

With Azure DNS, you can host your DNS domains in Azure. Manage your DNS records using the same credentials and billing and support contract as your other Azure services. Seamlessly integrate Azure-based services with corresponding DNS updates, streamlining the end-to-end deployment process.

Azure DNS uses a global network of name servers to provide fast responses to DNS queries. Because we use Anycast networking, DNS queries automatically route to the closest name servers for the best possible performance.

The Microsoft global network of name servers has the scale and redundancy to ensure ultra-high availability for your domains. With Azure DNS, you can be sure that your DNS will always be available.

When you add a new DNS record, the Azure DNS name servers are updated in just a few seconds, so you don’t have to wait long before that DNS record can be used.

Source: https://azure.microsoft.com/en-gb/services/dns/

Now theory is over, let’s see it in action.

In my demo, I am going to use one of my domain therebeladmin.com and point it to Azure DNS. Then going to create A record to point it to my web server.

1)    Log in to Azure Portal as administrator (https://portal.azure.com)
2)    Go to New > type DNS. Then from the search result click on “DNS Zone

dns1

3)    Then it will open up the service description window. Click on “Create” to start

dns2

4)    Then in next window, provide the domain name as the name field, then you need to select the subscription. Also in page you can select which resource group it belongs to.  It gives opportunity to select the location this service should locate primarily. Once its completed click on “Create

dns3

5)    Once service is successfully commissioned it will appear in the portal home. Or else if you go to “All Resources” you will be able to find the DNS service just deployed. Click on it to start configurations.

dns4

dns5

6)    In the page it shows the detail of the configurations. To point therebeladmin.com to Azure DNS, I need to point name servers to it from my domain registrar end.

dns6

7)    My web server is running on 38.117.80.2 so I need to create A record for that. To do that click on “Record Set” icon

dns7

8)    Now in new window i am creating A record to point the website. Once done changes click on OK to create the record.

dns8

9)    I am also creating CNAME record for WWW. So if someone type www.therebeladmin.com in the web browser it will resolve correctly. Also MX record too.

dns9

10)    Now I can see the new records I added in the web page.

dns11

Next step is to go to domain registrar and update name server records so it’s pointed to Azure DNS.

dns12

Using a public too I check the dns status and now I can see Azure DNS records are resolving correctly.

dns13

dns15

If you have any questions feel free to contact me on rebeladm@live.com

Why I can’t connect PC to the Domain?

imagen21

This is one of the very common question I get from starters, students, admins who follow my blog. They says, the follow my step-by-step guides to install domain controller on the production or demo setup and at the end they can’t connect the computers to the domain. I’m sure if you are already working on domain infrastructure, you also face same experience in your job some times.

So I thought to share some tips to troubleshoot and get your pc connected to the domain.

Read the Error!!!

This is the very best friend of your initial troubleshooting. Read the error carefully. It will give you some clues where to start. It can be simple typo mistake, so first step, read the error twice or more until you get clear understanding, what it says.

Connectivity

To make successful communication between domain controller and pc it should have reliable connectivity. There are lot of ways where it can be interrupted.

1)    Local host
To start, first try the ping to local host ip from the pc ( ping 127.0.0.1) if it success it means local pc running with correct protocols and required components. If its not, its first place to start.

2)    Ipconfig /all
Try this on both server and pc and make sure client pc got valid ip assign. Make sure its in same range of ip addresses as server so they can talk to each other.

3)    DNS
This is very common issue for the joining pc to a domain. Make sure PC is using the domain DNS servers as its primary DNS resolver. Some time you may have uses a valid domain which ends up with .com, .org, net etc. in such case you need to make sure you have correct DNS entries to identify the local server instead of trying to resolve in to public DNS entry.
If all above are checked, then use “ping” from server as well as PC to make sure both can ping to each other ( if firewall is active in pc or server, allow the ICMP traffic temporally before troubleshooting)
If the pings fails then you need to look in to the network level, it can be the cable, vlan configurations, switch port configuration etc.

Time

This is also very common issue I have seen, make sure your domain controller and computer system time and dates are matched. Even you use common time servers some time there can be mismatch due to sync.

Virtualization

If you using virtualization software to build your home lap or even you production environment there are few things you should check. In these virtualization platforms you can setup the virtual networks as per your requirement. So some time even DC and PC is on same network range, those may not be in same virtual network. Make sure the interfaces are correctly assign for the relevant virtual network.

Beware!! Most of the time if we building a test lab with few virtual machines we use to clone them. Even in production environments engineers doing this. Not a long ago I had to look in to problem with joining virtual machines to domain. It was using one of famous virtualization software. So the engineer who setup the system, used to link-clone ( all vm are runs same initial image ) them. But when go to add those computers to domain only 1 of the vm can add to the domain and only one vm can login to DC. In setup there was 10 vm running. So what you think the problem is ? With the link clone it was copying all the network information as well. So if look in to each pc, every one of them were using same ip address, and same mac address. Interesting thing was even all of them are switched on none of them were giving ip duplication error. So if you used “clone” option to build the VM make sure it got unique ip address and mac address.
I believe above tipe will help you to troubleshoot issues with dc connection.

If you have any question feel free to contact me on rebeladm@live.com

Image source: https://pcpt.wordpress.com/2008/11/11/welcome/

Step-by-Step Guide to install Active Directory on Windows server technical preview 2

Microsoft released Windows Server 2016 Technical Preview 2 for the public. I am sure most of you already got the news. In this article I am going to demonstrate how we can install AD in Windows server 2016 TP2.

You can download windows 2016 TP2 from https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-previewit

You can deploy it using .iso or .vhd file. If you notice, installation no longer allows to select the GUI option during the installation. It gives 2 options to select from, one is goes as core version and the one with administrative tools gives ability to use admin tools such as server manager. If you like to install GUI you need to install it using server manager or using command Install-WindowsFeature Server-Gui-Shell –Restart -Source wim:E:\sources\install.wim:4

In here E: is the DVD with the windows server 2016 source files.

What is new in AD DS?

Well it may be too early to look for what is going to be in windows server 2016 in AD end. But here is the few new features, enhancements available for TP.

Privileged Access Management – This PAM feature allows to mitigate security concerns in AD environment which cause by techniques such as pass-the-hash, spear fishing etc.

Azure AD Join – This enhance identity experience for businesses. Including benefits such as SSO, access organizational resources, MDM integration etc.

Microsoft Passport – Microsoft Passport is a new key-based authentication approach organizations and consumers that goes beyond passwords. This form of authentication relies on breach, theft, and phish-resistant credentials.

Deprecation of File Replication Service (FRS) and Windows Server 2003 functional levels – Although File Replication Service (FRS) and the Windows Server 2003 functional levels were deprecated in previous versions of Windows Server, it bears repeating that the Windows Server 2003 operating system is no longer supported. As a result, any domain controller that runs Windows Server 2003 should be removed from the domain. The domain and forest functional level should be raised to at least Windows Server 2008 to prevent a domain controller that runs an earlier version of Windows Server from being added to the environment.

Complete description about these features can find on https://technet.microsoft.com/en-us/library/mt163897.aspx

Let’s gets started. In here my demo I am using windows server 2016 TP2 with GUI.
Log in to server as administrator. Then load server manager.

2016dc1

Then go to Manage > Add Roles and Features

2016dc2

In the wizard click on next.

2016dc3

In installation type selection, let the default selection run and click on next.

2016dc4

For the server selection leave the default and click on next.

2016dc5

From the role selection window select “Active Directory Domain Services” click next. Then it will ask to add the dependent features. Click on add features button. Then click next.

2016dc6

2016dc7

In the features selection will keep the default selection and then click next to continue.

2016dc8

Then it gives description window about AD DS. Click next to proceed.

2016dc9

Then in next window click on install button to install AD DS role.

2016dc10

Once it is finished, click on link “Promote this server to a domain controller”

2016dc11

Then it will open up the new wizard for the AD DS configuration. In here I am going to deploy new forest, so do the relevant selection and fill information and click on next.

2016dc12

In next window select the forest function and domain function level, to “Windows server technical preview” and then add the domain controller capabilities such as DNS, then submit the DSRM password and click next.

2016dc13

Then click next to complete DNS delegation.

2016dc14

In next window we can specify the Netbios name and then click next to continue.

2016dc15

In next window select the paths for database installation etc. then click next.

2016dc16

Then it gives option to review the configuration, and click next to continue.

2016dc17

Once prerequisite check is done, click on install to proceed.

2016dc18

Then it starts the installation process. It will reboot server automatically once completed.
Once reboot, we can see AD DS is configured and functioning as expected.

2016dc19

This completes installation process. The steps are very similar to with AD DS installation on windows server 2012.

If you have any issues feel free to contact me on rebeladm@live.com

Step-by-Step guide to rename Active Directory Domain Name

Few of the blog readers asked me on few occasions if they can change the AD domain name to the different domain name. Answer is yes you can, but you need to aware of the issues it can occur as well. Otherwise you will be end up in a mess with non-functioning infrastructure. Idea of this post is to demonstrate how to rename AD and also to point out some issues you may face with a domain rename.

Following are the critical points you need to consider before AD rename.

1.    Forest Function Level – Forest Function level must be windows server 2003 or higher to perform AD rename.
2.    Location of the Domain – in forest it can have different level of domains. Those can be either complete different domains or child domains. If you going to change the location of the dc in the forest you must need to create trust relationships between domains to keep the connectivity.
3.    DNS Zone – DNS Zone files must be created for the new domain name prior to the rename process in relevant DNS servers.
4.    Folder Path Change – if DFS folder services or roaming profiles are setup, those paths must change in to server-based share or network share.
5.    Computer Name Change – Once the domain is renamed the computers host names will also renamed. So if those are configured to use by applications or systems make sure you prepare to do those changes.
6.    Reboots – Systems will need to reboot twice to apply the name changes including workstations. So be prepare for the downtime and service interruptions.
7.    Exchange Server Incompatibility – Exchange server 2003 is the only supported version for AD rename. All other versions are not supported for this. Also there can be other applications in environment which can be not supported with rename. Make sure you access these risks.
8.    Certificate Authority (CA) – if CA is used make sure you prepare it according to https://technet.microsoft.com/en-us/library/cc816587

Once your infrastructure is ready, to perform the rename process we need an administrative computer or server. It must be a member of domain and should not a DC. It must have “Remote Server Administration Tools” installed. For windows 2012 server it can be add as feature via server manager. For windows 8 or later can download it from http://www.microsoft.com/en-us/download/details.aspx?id=28972

In demo, I am going to rename contoso.com domain to canitpro.local domain. It is runs with windows server 2012 R2.

I have prepare a server which runs windows server 2012 R2 as member server to perform the rename. You can install Remote Server Administration Tools by Server manager > Add roles and features. Make sure you select AD DS and AD LDS tools under the RSAT.

rename1

Before we start the rename make sure forest domain activities are stopped. Such as adding new DC, changing forest configuration etc.

Also I went ahead and create the relevant DNS zone for new domain name in primary DNS server. (in my blog you can find complete dns article which explain about DNS zone setup)

rename2

Then in the member server log in as domain admin and open the command prompt with admin rights.

First we need to create a report which explains the current forest setup. To do that type rendom /list and press enter.

rename3

This will create an xml file with name Domainlist.xml in the path above command is executed. In my demo its C:\Users\Administrator.CONTOSO

rename4

To proceed it need to be edited to match with the new domain name. Make sure you save the file after edits.

rename5

Then type rendom /upload command from same folder path.

rename6

To check the domain readiness before the rename process type rendom /prepare

rename7

Once its pass with no errors, execute rendom /execute to proceed with rename. It will reboot all domain controllers automatically.

rename8

rename9

All workstations and servers will needs to reboot twice to apply changes. Username and password will not change, but the domain name will be new one.

With rename process domain controllers will not be renamed. Those need to change manually.

rename10

It can do using command netdom computername DC.contoso.com /add:DC.canitpro.local

rename11

Then type netdom computername DC.contoso.com /makeprimary:DC.canitpro.local once complete, reboot the DC.

rename12

We can see it’s changed after reboot.

rename13

The next thing we need to fix is the group policies. It’s still uses the old domain name.

rename14

To fix this type and enter gpfixup /olddns:contoso.com /newdns:canitpro.local

rename15

Then run gpfixup /oldnb:CONTOSO /newnb:canitpro

rename16

We done with that too. The only thing we need to run is rendom /end to stop the rename process and unfreeze the DC activity.

rename17

This ends the rename process and we have a dc now with a new domain name.

If you have any question about this feel free to contact me on rebeladm@live.com

Service Location (SRV) Locator Resources Records

SRV record is a DNS (Domain Name System) record used to identify the computers, servers which hosts specific servers. It also used to locate domain controllers for Active directory environment.

This is very critical in a multiple site environment.  In my last 2 articles I have explained about the multiple sites in a directory service environment. If you not read it yet you can find them in here.

Why active directory sites and subnets?

How to setup active directory sites, subnets, site-links?

One of core reason for setting up a site environment is to direct them to the nearest servers for the services to improve the network operations. For example Contoso Ltd. have its HQ located in Washington DC. And it do have a branch in London UK. They all are in same contoso.com domain and two locations are connected via 256kb dedicated link. Now if it’s the regular setup, when user A from London office log in to the computer the authentication is checked by a server in HQ which is in Washington DC. It may still work but how about if it’s have 100+ users in branch office? It will take time as well as the bandwidth from 256kb limited link. But with introducing site setup we can treat London office as different site and we can locate a domain controller in side that particular site. So users from London branch will use its own AD server to handle the authentication data. This is where SRV records comes in to the picture.

Even we knows the logical design of the network computers don’t understand them in same way. It only identifies the commands, data provided by the related services. So once workstation in London site try to communicate with DC, DC will reply with the name of the site it belongs to. Then client will make a DNS query again by passing the info including domain name and site it belongs to and locate the relevant DC for the site London rather than passing info to HQ DC.

In DNS server by default system creates 2 SRV records to locate the service Kerberos and ldap

srv1

To create SRV record, In DNS manager right click on the DNS tree location you need to create SRV and then right click. Select “Other New Records” from the list.

srv2

Then from the list select the “Service Location (SRV)” and click “Create Record” button.

srv3

In a SRV record following information can specify

Service – In here you can define the service this SRV records assign with. You can find the following list of services from the wizard.

srv4

Protocol – We can define the protocol it will use. It can be either TCP or UDP.

Priority – here we can define the service priority if the service supports this function.

Weight – This will help to define the order it should serve along with the similar type of records.

Port number – it use to define the service port number.

Host offering this service – It used to define the server offering this particular service. It needs to use FQDN.

srv5

Once created a SRV record, Netlogon service reregister the SRV records. By default it happens in every 60 minute. If these needs to update immediately you can restart the netlogon service manually to do so.

If you have any questions about the post feel free to contact me on rebeladm@live.com

How to setup Internet Information Services (IIS) ?

IIS is a services introduce by Microsoft which we can used to host internal, external web sites.

In this article I will demonstrate the following,

•    Install IIS in server 02 which is member server of the domain environment. ( it doesn’t necessary to have domain environment to setup IIS, you also can use a standalone server in a workgroup environment as well )
•    Create a website in server02
•    Create a client computer the domain.
•    View the webpage in client pc.

For the IIS installation I will be using the following setup.

I have installed windows 2008 R2 server and add it to the sprint.local domain and it will be operate with name IISSRV.sprint.local.

The server will be running on ip 192.168.128.3

The Plan is to deploy IIS on this server and create a website their and try to access it through a client pc.

w1

w2

To Start the IIS installation, log in to the server as domain admin or enterprise admin, then go to start > administrative tools > server manager. Once it opens right click on “roles” and click add roles.

w3

Once the add roles wizard open up, select next to continue.

w4

From next window from the available roles select “Web Server(IIS)”. If its prompt any additional module to install when you select this, add them too as well.

w5

In next window it will give you the description about the role. Click next to continue.

w6

In next window you can select the role services as you required. The default selection is enough for the IIS basic functions. These services can add or remove later as per requirement. Once you select any role service in the right hand side it will give a brief description about the service. Here I have added all the services under “Application Development” and rest I keep default.

w7

In next window it will give a confirmation about the install. Click install to begin the IIS install.

w8

Once it finished the installation it will give the result page. Now we have installed IIS successfully.

w9

To open the IIS manager go to Start > Administrative tools > Internet Information Service (IIS) Manager

w10

w11

Now we have the IIS installed on the server. To check if the service is up, go to internet explorer and type http://192.168.128.3 or http://localhost from server.

w12

It will show the default issue page and we can confirm the service also running fine.

The next step is to create a web site under IIS and then test it. For the demo I am going to use domain name www.rebeladmin.com and point it to the IISSRV.sprint.local IIS server. To do that first we need to point this www.rebeladmin.com to 192.168.128.3 which is the ip address of the IIS server. To do this we need to have DNS server to host the records.

But in this demo since I am only going to use this site internally I do not need make it public. So I will use the domain dns services and add a DNS Zone for rebeladmin.com and then create the A records to point the url to IIS server.
This DNS setup will be completely deferent setup if we going to provide external access too.

To do this I have log in to the domain server which host the active directory environment DNS server as domain admin. Then to open DNS server, go to Start > administrative tools > DNS
Once DNS snap in open, expand the tree and right click on “Forward Lookup Zone” and Click on “New Zone”

w13

Next it will show the welcome screen. Click next to start.

w14

In next window select the zone type as “Primary Zone”

w15

In next window keep the default for the replication scope.

w16

For the zone name type rebeladmin.com and click next.

w17

In next window for the dynamic updates keep the default and click next.

w18

Next window is the confirmation and click finish to create the zone.

w19

Then it will add to the DNS Zone list. Then click on the zone name to go in to it.

w20

Now to create the A record right click on the right hand record area, and from the list select “New Host”

w21

In new window let “Name” field blank and in ip field put the ip 192.168.128.3. and then click on add host.

w22

Then next window it will give the confirmation.

w23

We also need to create A record for WWW. So if someone type rebeladmin.com or www.rebeladmin.com both will display the web page.

To do it use the same way but in Record window select type as following.

w24

Once it is done we ready with dns. Now from a pc in domain try to ping to rebeladmin.com and www.rebeladmin.com to see if its resolves to 192.168.128.3

w25

This confirms now the DNS is resolving fine.
 
The next step is to create the website for the rebeladmin.com.

To do that we need to go back to the IIS server. Then open the IIS Manager and select sites.

w26

Then right click on the sites, and select add web site.

w27

The next window is to define the parameters for the website. Put the site name as rebeladmin.com and from physical path section select a folder as home folder for the site. This is where we need to put the source files for the website to display.

Then in host name put the hostname as rebeladmin.com. Click ok at the end to setup the website.

w28

For the Host mappings we only add the rebeladmin.com. So we need to add www.rebeladmin.com as well. Then only users can access the web site with or without WWW.

To do it select the website and from the right hand panel click on bindings

w29

Once the binding window opens, click on add and in new window select the ip details and then put www.rebeladmin.com in to host name and click on ok.

w30

Now we have everything set. Next is to create test html page to test the website.
I have created new HTML called index.html with following test code.

<!DOCTYPE html>
<html>
<body>

<h1>WWW.REBELADMIN.COM</h1>

<p>The web site is working fine.</p>

</body>
</html>

The created file is copied to the rebeladmin.com home folder which has define with the website setup.
Now everything is ready. Now let’s go to pc called “TESTPC.sprint.local” which is in same domain and go to internet explorer and type www.rebeladmin.com or rebeladmin.com then it should display the page we created.

As we expected the page was displayed with and without www.

w31

w32

 

Step by Step Guide to install DHCP role and configure

Let’s see how we can configure DHCP server in a Windows Server Environment. For the demo I will be using Windows 2008 R2 Server.

To start first need to log in to the server with administrator privileges. Then start the “server Manager” by clicking on “Server Manager” icon on task bar. Then go to “Roles”

dhcp1

Then click on “Add Roles” option to open Add roles Wizard.

dhcp2

Then it will load the Roles Wizard and select the “DHCP Server” From the list and click next to continue.

dhcp3

Then it will give description about the role. Click next to continue.

dhcp4

Next window is asking to use which interface to serve DHCP clients. If server has multiple NIC with multiple IP you can add them also to serve DHCP clients.

dhcp5

In next window it will give opportunity to add DNS settings that should apply for DHCP clients.

dhcp6

Next window is to define the WINS server details.

dhcp7

In next window we can add the scope, the Starting IP, End IP of the DHCP range, subnet mask, default gateway, leased time etc.

dhcp8

In next Window it can configure to support IPv6 as well.

dhcp9

Then it will give the confirmation window before begin the install. Click on “Install”

dhcp10

Once installation finishes DHCP server interface can open from Start > Administrative Tools > DHCP

dhcp11

Using the DHCP it is possible to even configure multiple Scopes configurations to the network. In a network there can be different network segments. It is waste to setup different DHCP servers for each segment. Instead of that it is possible to create different Scopes to issue DHCP for them.

Step by Step guide to setup Active Directory on Windows Server 2008

This tutorial will explain how to install AD on server 2008. This will valid for windows 2008 R2 as well.

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater

  • The first step is to assign a ip to the server that you going to deploy the AD. Its nessary to install it as DNS server too. So its better to have fixed ip it doesn't mean you cannot install AD without fixed ip address but it will solve lot of issues if you used fixed ip.

In here the server ip is 10.0.0.14. Since we going to make it as DNS server too you should use the same ip as the preferred DNS server.

  • Next step is to install the Active directory roles. Unlikely the older version of windows servers Microsoft highly recommend to use server manager option to install roles before you run dcpromo.

 

  • Click on start menu and select the Server Manager

  • Select the roles from the right hand panel and click on add roles option.

  • From the roles list select the "Active Directory Domain Services" role and Click "Next"

  • Review the confirmation and click on "Next"

  • Review the installation confirmation and click on "Next"

  • It will take few minutes to complete and when its done you will get this confirmation. And then click on "Close"

After that you will need to do a reboot.

  • After reboot please open up the "server Manager" again. And then click on "Roles" there you will see the "Active Directory Domain Services" is successfully installed in there. click on it then you will get a window like below.

     

     

    In their please pay attention to the message

     

     

    So please click on that link and it will start the DCPROMO wizard.

     

  • So next step to go through the DC promo wizard.
  • To start the installation click on "Next"

  • Click on "Next"

  • Since we going to install New domain Controller in new forest please select the option "Create a new domain in new forest" option and click on "Next"

  • Now we have to provide the name for our domain controller. It must be FQDN. In our case I used rebeladmin.com as the domain. Please click "Next" after it.

  • In this window it will ask to select forest function level. If you going to add server 2003 domain controller to your forest later don't select the function level as server 2008. If you going to use full features of 2008 Ad you must select forest function level as server 2008. In my case I used server 2008. Click on "Next" after the select.

  • In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click on "Next"

  • If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click "Yes"

  • In next window it will show up the database location. It its going to be bigger AD its good if you can keep NTDS database in different partition. Click on "Next" after changes.

  • In next window its asking to define a restore mode password. Its more important if you had to do a restore from backup in a server crash. Click on "Next" after filling it.

  • Next window is giving you a brief of the installation. Click on "Next"

  • Then it will start the installation of the AD. It will take some time to complete. After complete of the installation perform a server reboot.

  • After the reboot now you can login to the domain. Please use the login as following example

User name : your domain\administrator

Password : XXXXXXXX

  • Now its done and you can view the active directory options on administrative tools menu

Hope this tutorial is clear for you guys. If any question please ask me on rebeladm@live.com