Active Directory On Windows Server 2008

Active Directory on Windows Server 2008 Requirements
by Daniel Petri - January 7, 2009

1

Tweet 0

The process of installing an Active Directory domain in Windows Server 2008 is quite simple, but some beginners or IT professionals that
have never had a chance to get their hands on AD installations and that are not familiar with its requirements might stumble across a few
pitfalls.
So, what do we need in order to successfully install Active Directory on a Windows Server 2008?
Here is a quick list of what you must have:
An NTFS partition with enough free space
An Administrator's username and password
The correct operating system version
A NIC
Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
A network connection (to a hub or to another computer via a crossover cable)
An operational DNS server (which can be installed on the DC itself)
A Domain name that you want to use
Brains (recommended, not required...)
After you have all the above go ahead and read my "Installing Active Directory on Windows Server 2008" article.
An NTFS Partition
To successfully install AD you must have at least one NTFS formatted partition. Back in older operating systems this was something that
you actually had to tell people about, because *some* administrators had servers that did not have their partitions formatted with NTFS.
Nowadays, NTFS is the only way to go in Windows-based servers, but I will nevertheless put it on the writing, just to make sure.
This partition is where the SYSVOL folder is placed, and usually, that is the C:' partition, but for large AD deployments, this could very well
be a different partition.
To convert a partition (C:) to NTFS type the following command in the command prompt window:
convert c:/fs:ntfs
Like 11 Share Share
Active Directory on Windows Server 2008 Requirements http://www.petri.co.il/active-directory-windows-server-2008-requirements.htm
1 of 11 12/29/2012 2:58 PM
Free space on your disk
You need at least 250mb of free space on the partition you plan to install AD on. Of course you'll need more than that if you plan to create
more users, groups and various AD objects.
Local Administrator's username and password
Remember, only a local Administrator (or equivalent) can install the first domain and thus create the new forest. Other installation
scenarios - such as adding additional (replica) DCs require either Domain Admin permissions, or, in case of new domains in the same tree
or in new trees - Enterprise Admins permissions.
The right operating system version - Windows Server 2008 Standard, Enterprise or Data Center
Duh... however, note that you CAN install Active Directory on Server Core versions. Please read my "Understanding Windows Server 2008
Server Core" and "Installing Active Directory on Windows 2008 Server Core" articles for more information on Server Core.
IP Configuration
While it is possible to install Active Directory on a server that has a dynamically-assigned IP address, it doesn't make much sense to do so.
It's much better to configure the server with a manual and dedicated IP address. If you do not use a dedicated IP address, DNS registrations
may not work and Active Directory functionality may be lost. If the computer is a multi-homed computer, the network adapter that is not
connected to the Internet can host the dedicated IP address.
The Active Directory domain controller should point to its own IP address in the DNS server list to prevent possible DNS connectivity issues.
To configure your IP configuration, use the following steps:
Note: IP addresses can be also configured from the Command Prompt by using the NETSH command, but I will not describe that procedure
here.
Right-click Network, and then click Properties. 1.
2 of 11 12/29/2012 2:58 PM
If you do not have the Network icon visible on your desktop, use Control Panel.
In the Control Panel'Network and Sharing Center window, click on the manage Network Connections link on the left. 2.
3 of 11 12/29/2012 2:58 PM
Note: You can get to the same window by typing NCPA.cpl in the run command.
In the Control Panel'Network Connections window, right-click Local Area Connection, and then click Properties. 3.
4 of 11 12/29/2012 2:58 PM
Click Internet Protocol version 4 (TCP/IPv4), and then click Properties. 4.
5 of 11 12/29/2012 2:58 PM
Note: You can also configure the TCP/IPv6 properties, but you do NOT have to, and frankly, unless you require TCP/IPv6 functionality,
I'd simply ignore it or disable it. More on that, in a future article.
Make sure you have a static and dedicated IP address. If you don't need Internet connectivity through this specific NIC you can use a
Private IP range such as 192.168.101.0 with a Subnet Mask of 255.255.255.0.
5.
6 of 11 12/29/2012 2:58 PM
The next step is not required, but I usually recommend checking that the correct configuration is in place. Click Advanced, and then
click the DNS tab. The DNS information should be configured as follows:
6.
Configure the DNS server addresses to point to the DNS server. This should be the computer's own IP address if it is the first server or if
you are not going to configure a dedicated DNS server.
If the Append these DNS suffixes (in order) option is selected for the resolution of unqualified names, the Active Directory DNS
domain name should be listed first, at the top of the list.
Verify that the information in the DNS Suffix for this connection box is the same as the Active Directory domain name.
Make sure that the Register this connection's addresses in DNS check box is selected.
7 of 11 12/29/2012 2:58 PM
Active Network Connection Required During Installation
The installation of Active Directory requires an active network connection. When you attempt to use DCPROMO.exe to promote a Windows
Server 2008 computer to a domain controller that doesn't have a connected and active NIC, you will receive the following error message:
8 of 11 12/29/2012 2:58 PM
And after hitting Next, this error will appear:
Active Directory Domain Services Installation Wizard The TCP/IP networking protocol must be properly configured. Complete the
configuration before you proceed.
This problem can occur if the network cable is not plugged into a hub or other network device. (Screenshot of
9 of 11 12/29/2012 2:58 PM
a connected NIC) (Sample of a disconnected or un-plugged network cable)
To resolve this problem, plug the network cable into a hub or other network device. While highly improbable that the network connection
status would be disconnected in a server that is about to be deployed in a production environment, this could be the case when building the
server for testing purposes. If network connectivity is not available and this is the first domain controller in a new forest, you can finish
DCPROMO.exe by installing Microsoft Loopback Adapter.
DNS Configuration
A DNS server that supports Active Directory DNS entries (SRV records) must be present for Active Directory to function properly. In my
Windows 2000/2003 versions of the Active Directory installation tips I recommended to manually install and configure DNS prior to running
DCPROMO. However, in Windows Server 2008, and when installing the FIRST Domain Controller in the Active Directory domain, I tend to
recommend that you allow the DCPROMO wizard to automatically build the proper DNS services and configuration.
Client Connections
When considering Internet connectivity, it is recommended (and in most cases, this is the proper and most-used configuration) that the
client computers connect to the Internet through a NAT device (i.e. a Router that translates private IP addresses to one public one, and
allows connectivity through one ISP-assigned IP address). This prevents any issues that may arise if clients obtain an IP address from your
Internet service provider (ISP). In Small Office or Home Office (SOHO) scenarios, this can be achieved by using a second network adapter
on the server connected to a hub. You can use NAT and Routing on the server to isolate the clients on the local network. The clients should
point to the domain's INTERNAL DNS server, and NOT to the ISP's DNS server, to ensure proper DNS connectivity. The internal DNS server's
forwarder will then allow the clients to access DNS addresses on the Internet.
Do not use Single-Label domain names
As a general rule, Microsoft recommends that you register DNS domain names for internal and external namespaces with Internet
authorities. This is true for Windows 2000/2003 and for Windows Server 2008. This includes the DNS names of Active Directory domains,
unless such names are sub-domains of names that are registered by your organization name, for example, "corp.example.com" is a
sub-domain of "example.com". When you register DNS names with Internet authorities, it prevents possible name collisions should
registration for the same DNS domain be requested by another organization, or if your organization merges, acquires or is acquired by
another organization that uses the same DNS names.
DNS names that don't include a period ("dot", ".") are said to be single-label (for example, com, net, org, bank, companyname) and cannot
be registered on the Internet with most Internet authorities.
Conclusion
10 of 11 12/29/2012 2:58 PM
Now that you've read and made sure you meet all the above requirements, continue by reading my "Installing Active Directory on Windows
Server 2008" article.
Recent Windows Server 2008 Forum threads
Got a question? Post it on our Windows Server 2008 forums!
Related Articles
Installing Active Directory on Windows 2008 Server Core
Installing Active Directory on Windows Server 2008
Exporting Information from Active Directory Snapshots in Windows Server 2008
Raising Windows Server 2008 Active Directory Domain and Forest Functional Levels
Installing Active Directory on Windows 2008 Server Core
Installing Active Directory on Windows Server 2008
Exporting Information from Active Directory Snapshots in Windows Server 2008
Raising Windows Server 2008 Active Directory Domain and Forest Functional Levels

1

Tweet 0

Privacy Policy | Sitemap | Contact
Blue Whale Web Inc.
Like 11 Share Share
Add a comment
view + more
Facebook social plugin
6 comments

Nadir Awan : !T Security Engineer at Smart move technologies
very informative.
Reply : : Like : January 16 at 5:32am +
Amit Klaynia
Fundamental of Network.
Reply : Like : April 28 at 3:58am
11 of 11 12/29/2012 2:58 PM

Active Directory On Windows Server 2008

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Active Directory On Windows Server 2008

Diunggah oleh

Hak Cipta:

Format Tersedia

Active Directory on Windows Server 2008 Requirements

by Daniel Petri - January 7, 2009

Anda mungkin juga menyukai