This is Part 1 of a 3 part series in installing AD DS. In this blog we will explore establishing the AD DS Forest.

In Part 2 (Installing Active Directory – Adding a child domain to an existing Active Directory Domain Services Forest (AD DS) in Windows Server – Part 2) we explored how to add a child domain to an existing AD DS Forest.

In Part 3 (Installing Active Directory Adding a child domain to an existing Active Directory Domain Services Forest in Windows Server – Part 3) we will be adding a second tree to the forest.

The Active Directory Domain Services (AD DS) design team has finished the design phase for your new AD DS environment and now it is time to implement the new forest. Using Microsoft’s best practices the Domain Name System (DNS) will be pre-installed and configured to support our new domain. The following steps have been accomplished:

• DNS has been installed
• A new Forward Lookup and Reverse Lookup Zones allowing both Secure and Non-Secure Dynamic Updates were created.
• A static IP Address was configured with the DNS entry pointing to the server’s own address.
• On the computer properties sheet the DNS suffix has been modified to represent the new AD DS Domain name and the computer restarted.
• After the computer has restarted verify the host has registered it A and Pointer records in DNS. (see diagram below)

Now that DNS is configured to support AD DS we can begin the installation.

The Local Administrator account should a strong password as it will become the first Administrator of the Domain and will be automatically be added to the following groups: Administrators, Domain Admins, Schema Admins, Enterprise Admins and Group Policy Creators Owners.

To install AD DS complete the following steps:
Use Server Manager to add the Active Directory Domain Services Role to install the Binaries to support this server becoming a Domain Controller.

1. Launch Server Manager and expand Roles, Click Add Roles.

2. Review the Before You Begin page, Click Next. On the Select Server Roles Page, Check Active Directory Domain Services, on the Add features for Active Directory Domain Service, click Add Required Feature. Click Install

3. After reviewing the Introduction to Active Directory Domain Services screen, click Next.

4. On the Confirm Installation Selection page, click Install.

5. After the installation has completed, on the Installation Results screen, click Close.

Note: The Binaries are now installed on the server to support this server becoming a Domain Controller. Use DCPROMO to promote this computer to a Domain Controller.

Using DCPROMO to make this server a Domain Controller and establish our first instance of AD DS.
1. In the Search programs and files box type DCPROMO press Enter.

2. The server will conduct a check to ensure the Binaries are installed.
Note: If the Binaries were not pre-installed, DCPROMO would install them at this point.

3. On the Welcome screen, click Next.
Note: If establishing a separate Tree in the Forest or creating a Replica Domain Controller from alternate location be sure to check the Use advanced mode installation.

4. Review the Operating System Compatibility page, click Next.

5. On the Choose a Deployment Configuration sheet, select the Create a new domain in a new forest radial button, click Next.

Note: Use the Existing Forest radial button to add a replica domain controller or child domain. If the Advanced Mode had been selected on the previous screen the option to create a tree in an existing forest would be available.

6. Enter the Fully Qualified Domain Name for your new domain. For this demonstration I will be USSHQ.Local. Click Next.

7. The AD DS Installation Wizard will verify the FQDN is unique.

8. Set Forest Function Level based off the AD DS design teams instructions, click Next.

9. Set Domain Functional Level based on the AD DS design team’s instructions, click Next. Based on your Forest Functional Level setting then the options for the Domain Level will vary.

10. The AD DS installation wizard will now examine the current DNS configuration.

11. On the Additional Domain Controller Options screen, click Next.

12. A DNS Delegation is not required as DNS is installed on this server and the Forward Lookup Zone was created for this AD DS Domain. Select the N0, do not create the DNS delegation radial button, click Next.

13. On the Location for Database, Log Files and SYSVOL sheet, click Next.
Note: If space or performance were concerned the files would be placed on a separate drive.

14. Enter a Restoration Password, click Next.
This password will be used when restarting the sever in Directory Services Restore Mode.

15. Verify your installation setting on the summary page, click Next.

Note: To create an unattended installation file click the Export setting button before clicking next.

Note: The Active Directory Domain Services Installation Wizard will not install and configure AD DS based off your entries. The progress can be viewed from the dialog box in the middle of the screen.

16. Because DNS was installed and configured prior to promoting your first Domain Controller a prompt will come up stating the wizard was unable to create the DNS zone. Click OK.

17. Click Finish, then Restart Now to restart the server. Once restarted AD DS is installed and your AD DS Forest has been established.

Verifying the installation of AD DS
1. Logon to the Domain Controller using the Administrator account credentials.
2. Launch the DNS console and verify the creation of Service Records for the newly established AD DS Forest. Below is an expanded view of the new DNS structure.

AD DS is now installed. In the next part we will examine creating a child domain in an existing tree. Until then, RIDE SAFE!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ