Part 2: Post-install configuration & Active Directory Services setup
So now that we’ve talked a bit about what a Windows Domain is and how it compares with a standard Workgroup in part 1, let’s go ahead and get configuring.
Note: Although I’m directing this guide towards Windows Server 2008 R2 most of the things covered here such as Active Directory setup will be very similar if not identical to previous versions like Server 2003 and 2008. However some things will of course be slightly different so please keep that in mind.
Okay, now that we have Server 2008 R2 installed, the first thing that we have to do is change the default user password. Upon first logon of the OS you are required to change this password before you can log on to the system.
This password must meet the default password policy requirements, in other words the password must be slightly complex in order to be accepted. For example, Pa$$w0rd. Once you have entered the password of your choice the system will notify you of this and proceed to log you on to the desktop.
Once you are logged on to the Server 2008 R2 desktop you will be presented with a window named “Initial Configuration Tasks” This is where you can quickly perform a various number of important first-off configuration tasks to your server before you begin any advanced configuration manually yourself.
I recommend that you set up a few of these options before proceeding to the next stage.
- Configure Windows Updates (keep your server secure)
- Configure Windows Firewall (prevent unauthorized access to your server)
- Configure Remote Desktop (enabling this allows you to connect to your servers desktop remotely from another machine)
- Change computer name (give your server a suitable name and description. A reboot is required to apply these changes)
- Activate Windows (in order to fully use your copy of Windows you must activate it with a valid product key for that particular version and edition)
The next thing we now need to do is configure our network settings on the server. You can get quick access to these via the “Initial Configuration Tasks” and selecting the option “Configure Networking”
Upon clicking this you should be presented with a window displaying the current network adapter. Simply right click on this and select “Properties”
This will now bring up configuration options for your network adapter. Highlight “Internet Protocol Version 4 TCP/IPv4” and select “Properties” if you know that you are using an IPv4 based configuration. If you are using an IPv6 based configuration then highlight “Internet Protocol Version 6 TCP/IPv6” and select “Properties” on that.
If you are unsure of what Internet Protocol version you are currently using then you can check this via Command Prompt which you can launch by going to Run then typing “cmd” (without the quotes)
Once Command Prompt is opened simply type “ipconfig” (without the quotes) This command will bring up your network adapter along with your current network configuration.
As you can see from the screenshot above it shows that I’m using IPv4 and displays my IP configuration.
Now that you have selected properties on your chosen connection type you should see the following:
Since this server will be acting as a primary Domain Controller on the network, its best that we assign in with a static IP address in order to prevent any problems that you might run into if using a dynamic IP address.
We want to configure the server with it’s own IP Address and assign it a valid Default Gateway and DNS server addresses. To do this simply select the option “Use the following IP address”
Depending on what your current network setup consists of, things will vary. Also keep in mind that the first Domain Controller MUST be the a Global Catalog server and is recommended to be a DNS server too for integration with Active Directory. When acting as a DNS server it should point to itself for DNS resolution if it’s the only Domain Controller in the Domain/Forest. If you have more than one Domain Controller then it’s best to make the first DNS server address point to another Domain Controller followed by itself. For Example:
DC1: DNS Server 1: 192.168.1.2, DNS Server 2: 192.168.1.1
DC2: DNS Server 1: 192.168.1.1, DNS Server 2: 192.168.1.2
Great! our server is now ready to be used as a Domain Controller, now it’s time to create our Domain.
For this we will be configuring Server 2008 R2’s Active Directory services. Active Directory is the technology behind user & computer management in a Domain from which many tasks can be performed. Think of Active Directory as a largely organised database made up of users, computers and other servers. After you have set up Active Directory then you can start adding and configuring your users and computers through it which we will discuss in the next part of this guide.
The easiest way to launch the Active Directory installation is by going to Start > Run and typing “dcpromo” (without the quotes)
In doing so you should be presented with the following:
Followed by the installation wizard:
Hit next and you’ll see a little bit of information regarding compatibility:
Next we are given the option to create a new Domain Controller or add this one to an existing Domain. Since we are setting up a Domain for the first time we want to choose “Create a new domain in a new forest”
For the next part we will choose a desired name for our Domain. For example greigmitchell.com (Note: as a best practice you wouldn’t use an internet top level name here, considering something such as ad.company.com for example)
Hit next and the wizard will check if the name is already in use:
The next stage is to select a functional level for our Domain. This basically determines what Windows Server version you would like to base Active Directory on for the feature sets that you are targeting. Microsoft add and support various features at each Domain and Forest Level on Windows Server which you can read here
Since I am creating a new forest on Windows Server 2008 R2 I will select that option.
Now that’s us pretty much done. You will notice that the near final stage gives us the option to select additional options for our Domain Controller. I would recommend that you also install the DNS service too as this is really required when joining or connecting other machines to your Domain.
Since Active Directory contains a fairly large amount of saved information and settings these need to be stored, therefore a database for Active Directory is created along with corresponding log files and a SYSVOL share where Group Policy objects will be stored.
By default these are stored in C:Windows\NTDS which is fine for most environments but it is usually recommended that you select a different location that is ideally on a different set of disks. For example a RAID1 array for the OS and another RAID1 array for the Database, Logs and SYSVOL. This isn’t such a big deal for virtual Domain Controllers, however you will want to provision your underlying storage according to your environment.
Finally we create an admin password for Directory Services Restore Mode, again in the event of needing to perform maintenance or recovery tasks on a Domain Controller. I recommend you set a different DSRM password per Domain Controller for better security, it is a local account within the local SAM database, not the Active Directory database.
That’s it! the install wizard should complete the last few necessary steps automatically before telling you that it has successfully completed.
Hit finish and you should be prompted to reboot your server in order to complete changes.
Upon the next logon launch the Server Manager by going to Start > Server Manager and you should see that your server is now joined to the Domain that you just created.
You can also see this information by going to system properties
Go to Start > Administrative Tools and you should see that a new bunch of services have been installed including the Active Directory based ones.
In part 3 of this guide I will be showing you around Active Directory and guiding you through the process of adding users and computers.