Active Directory for Server 2008

Before you start you next adventure you will need a few things (Planning):

A Fully Qualified Domain Name, this can be a domain you think is a good idea, or it could be a registered domain (think of the security implications of that also) that ends with the common extension of a domain. These are .com, .org, .net, ect - there are a lot of domain extensions used to separate the different types of domains, some newer cooperations use .biz, a state or local city would use .gov, a search will show you what is available. However if this is a private not accessible by someone on the www or internet you can use any thing with three letters. Be aware that the standards may apply and the install may fail...

If you use a registered domain name you have to insure your private network is protected because a registered domain has a assigned IP, some ISP's offer a dynamic IP that changes periodically (DHCP) but if you are hosting a web service you will have a static IP then you need to separate the web service from your private network accordingly. My choice is the web service that is registered such as this web site and that my business FQDN are not the same. See this page for information on setting up a DMZ and a private network.

Just what do you have to do to have Active Directory on your (private) network?

After you have done your setup with Server 2008 you would use Server Manager, on the right hand column there are some suggestions for your server services.  However you should have done most / all of these, scroll down to "Roles" and open it.

First you need to install and configure DNS and / maybe DHCP (DHCP may not be what you want on your network your planning with dictate static IP's for all computers or DHCP with a dynamic IP strategy).

Check the boxes of the desired role /  service, you have to have DNS and / maybe DHCP installed and operational before proceeding to install Active Directory. (Note: If you need a tutorial on these see this index.)

You may also want to install .Net v 3.5 before moving on to the install of DNS / DHCP, this will save you time when you are installing any additional applications that require .Net

Finish the install and then configure your DNS / DHCP.

Now you are ready to begin your Active Directory install

Back to Server Manager, scroll down to "Roles" and open it, you will see five items, to start you will need the second one - Active Directory Domain Services, you can check more boxes for more roles however some roles are dependent on AD Domain Services so I suggest you install it first then once it is setup come back for the other services you need, I tried to hurry my install by selecting Certificates, the setup started then an error (AD not configured...) stopped it...

Read this page it will tell you what you need to do next...

Now you can proceed, click next.

The installation is complete, click next...

The first page of the install summary.

Scroll down to the next section, read the line that is highlighted, you need to use a command prompt with Administrative rights then type in dcpromo.exe

Now you are ready to began your Active Directory setup, click next when ready.

If this is the first domain on the network use the "Create new..." however is this network is part of a larger corporate network you would select the "Existing Forest" - to this you need more information than I have available, contact your Senior Systems Engineers for this information, they will supply you with the forest name, administrator's id and password - in most cases this is very confidential information and may want you to create the normal domain and then they will add it to the existing forest...

Remember the FQDN at the top of the page? This is important unless it is a test domain, a production domain name you enter will be the root of the Forest if there are more sub domains, if you fake it or enter the wrong FQDN you will be doing this again... When ready continue.

No other Domain Controllers on this network? Ok next...

As you can see NetBIOS is still important, it shortens names so humans can remember them, easier than a 256 character alphanumeric expression...

If your domain does not support any legacy computers or workstations then choose the version of Server 2008 you are installing, however be aware that older workstations and servers (if brought on to the domain) will not function correctly and may not be able to connect to network shares or service. I always error on the side of legacy.

When complete click next...

As you can see DNS service is installed and active, the options are grayed out you can not add or change them.

Read the warning, do the integration step when the Active Directory setup is complete.

You can change these paths now, however it is not recommended, note where the data is located.

Read this page before you create the password! It requires complexity and can NOT be reset, in addition you will need this password to create a Back Up Domain Controller and if you are to move this domain into a Forest!

This page is important if you plan requires Backup Domain Controllers (BDC), you can export the settings making the set up of one or more BDC's faster...

Read the notice about Group Policy, you can use the Group Policy to standardize all the servers / workstations in your domain. If you haven't used this tool you should look at how Group Policy's work and how to configure them.

And then...

Now that you have Active Directory installed your work is just starting as Domain Administrator... :)