PlayUKlottery.com - win up to 42 million Pounds
Lesson 5: Installing Active Directory Directory Services

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 5: Installing Active Directory Directory Services

This lesson presents information on installing Active Directory directory services, including using the Active Directory Installation wizard. In addition, the lesson addresses the database and shared system volume that Active Directory directory services create during installation. Finally, the lesson discusses domain modes.

After this lesson, you will be able to

  • Install Active Directory directory services.

Estimated lesson time: 30 minutes

The Active Directory Installation Wizard

You use the Active Directory Installation wizard to perform the following tasks:

  • Adding a domain controller to an existing domain

  • Creating the first domain controller of a new domain

  • Creating a new child domain

  • Creating a new domain tree

To launch the Active Directory Installation wizard, you can use the Windows 2000 Configure Server wizard to start the Active Directory wizard or you can run Dcpromo.exe. When you run the Active Directory Installation wizard on a stand-alone server, it steps you through the process of installing Active Directory directory services on the computer and creating a new domain controller.

As you install Active Directory directory services, you can choose whether to add the new domain controller to an existing domain or create the first domain controller for a new domain.

Adding a Domain Controller to an Existing Domain

If you choose to add a domain controller to an existing domain, you create a peer domain controller. You create peer domain controllers for redundancy and to reduce the load on the existing domain controllers.

Creating the First Domain Controller for a New Domain

If you choose to create the first domain controller for a new domain, you create a new domain. You create domains on your network to partition your information, which enables you to scale Active Directory directory services to meet the needs of very large organizations. When you create a new domain, you can create a new child domain or a new tree. If you choose to create a new child domain, the new domain is created as a child domain in an existing domain. When you create a new domain tree, the new domain does not become part of an existing domain. You can create a new tree in an existing forest, or you can create a tree and start a new forest.

NOTE
Running Dcpromo.exe on a domain controller allows you to remove Active Directory directory services from the domain controller and demotes the domain controller to a stand-alone server. If you remove Active Directory directory services from all domain controllers in a domain, you also delete the directory database for the domain, and the domain no longer exists.

The Database and Shared System Volume

Installing Active Directory directory services creates the database and database log files, as well as the shared system volume. Table 4.3 describes the purpose and location of these files.

Table 4.3 Types of Files Created by Installing Active Directory Directory Services

Type of file created Description
Database and database log files The database is the directory for the new domain, and the log file temporarily stores changes made to the Active Directory database.

The default location for the database and database log files is systemroot\Ntds.

For best performance, place the database and the log file on separate hard disks.

Shared system volume The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the Group Policy objects for both the current domain as well as the enterprise. The file replication services use the shared system volume to replicate files and Group Policy information among domain controllers. The default location for the shared system volume is systemroot\Sysvol.

The shared system volume must be located on a partition or volume formatted with NTFS.

Replication of the shared system volume occurs on the same schedule as replication of Active Directory directory services. As a result, you might not notice file replication to or from the newly created system volume until two replication periods have elapsed (typically, 10 minutes). This is because the first file replication period updates the configuration of other system volumes so that they are aware of the newly created system volume.

Domain Modes

There are two domain modes: mixed mode and native mode.

Mixed Mode

When you first install a Windows 2000 Server domain controller or upgrade an existing domain controller running an earlier version of Windows NT to Windows 2000 Server, the domain controller runs in mixed mode. Mixed mode allows the domain controller to interact with any domain controllers in the domain that are running previous versions of Windows NT Server. Domain controllers running previous versions of Windows NT Server are called down-level domain controllers.

Native Mode

When all the domain controllers in the domain run Windows 2000 Server, and you do not plan to add any more down-level domain controllers to the domain, you can switch the domain from mixed mode to native mode.

Several things happen during the conversion from mixed mode to native mode:

  • Support for down-level replication and down-level domain controllers ceases. Therefore all the domain controllers in your domain must be running Windows 2000.

  • You can no longer add new down-level domain controllers to the domain.

  • The server that served as the primary domain controller during migration is no longer the domain master; all domain controllers begin acting as peers.

NOTE
The change from mixed mode to native mode is one way only; you cannot change from native mode to mixed mode.

Use the following procedure to switch the domain mode:

  1. Start the Active Directory Domains and Trusts snap-in.

  2. Right-click the domain name, and then click Properties.

  3. On the General tab, click Change To Native Mode.

  4. In the Warning dialog box, click Yes, and then click OK.

Practice: Installing Active Directory Directory Services and Viewing Your Domain

In this practice, you will promote your stand-alone server to a domain controller by installing Active Directory directory services on it. You will use My Network Places to confirm that your domain exists and then use the Active Directory Users and Computers snap-in to view your domain. The last thing you will do in this practice is change the mode of your domain from the default mixed mode to native mode.

Exercise 1: Promoting a Stand-Alone Server to a Domain Controller

In this exercise, you will run Dcpromo.exe to install Active Directory directory services on your stand-alone server, making it a domain controller in a new domain.

  • To install Active Directory directory services on a stand-alone server

    1. Click Start and then click Run.

    2. Type dcpromo and then click OK.

      3. The Active Directory Installation wizard appears.

    3. Click Next to continue.

      4. The Domain Controller Type page appears.

    4. Ensure that the Domain Controller For A New Domain option is selected, and then click Next.

      5. The Create Tree Or Child Domain page appears.

    5. Ensure that the Create A New Domain Tree option is selected, and then click Next.

      6. The Create Or Join Forest page appears.

    6. Ensure that the Create A New Forest Of Domain Trees option is selected, and then click Next.

      7. The New Domain Name page appears.

    7. Type domain.com in the Full DNS Name For New Domain box, and then click Next.

    NOTE
    If you are not using domain.com as your DNS domain name, type the name you are using.

      The NetBIOS Domain Name page appears.

    1. Ensure that DOMAIN appears in the Domain NetBIOS Name box, and then click Next.

      2. The Database And Log Locations page appears.

    2. Ensure that C:\Winnt\Ntds is the location of both the database and the log, and click Next.

    NOTE
    If you did not install Windows 2000 on the C drive or in the Winnt directory, both locations should default to the Ntds folder on the drive and in the folder where you installed Windows 2000.

      The Shared System Volume page appears.

    1. Ensure that the Sysvol folder location is C:\Winnt\Sysvol.

    NOTE
    If you did not install Windows 2000 on the C drive or in the Winnt directory, the Sysvol location should default to a Sysvol folder on the drive and in the folder where you installed Windows 2000.

      What is the one Sysvol location requirement?

      What is the function of Sysvol?

      Answers

    1. Click Next to accept C:\Winnt\Sysvol (or the default path on your system) as the path for Sysvol.

      2. The Permissions page appears.

    2. Select Permissions Compatible Only With Windows 2000 Servers, and then click Next.

      3. The Directory Services Restore Mode Administrator Password page appears.

    3. Type password in the Password and Confirm Password boxes, and then click Next.

    NOTE
    For simplicity you are using password for the Administrator's password. You should always use a complex password for the Administrator account and, in this case, a password that is not the same as your Administrator password.

      The Summary page appears with a list of the options you selected.

    1. Review the contents of the Summary page, and then click Next.

      2. The Configuring Active Directory progress indicator appears as Active Directory directory services are installed on the server. This process will take several minutes.

    2. When the Completing The Active Directory Installation Wizard page appears, click Finish, and then click Restart Now.

    Exercise 2: Viewing Your Domain

    In this exercise, you will view your domain.

  • To explore My Network Places

    1. Log on as Administrator.

    2. Double-click My Network Places.

      3. The My Network Places window appears.

    3. Double-click Entire Network, and then click the Entire Contents link.

      4. The Microsoft Windows Network icon appears.

    4. Double-click the Microsoft Windows Network icon.

      5. The Microsoft Windows Network window appears, and the Domain icon should be listed.

    5. Close the Microsoft Windows Network window.

    Exercise 3: Using the Active Directory Users and Computers Snap-In

    In this exercise, you will use the Active Directory Users and Computers snap-in to view your domain.

  • To use the Active Directory Users and Computers Snap-In

    1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users And Computers.

    2. In the console tree, expand domain.com.

    NOTE
    If you did not use domain for your domain name, double-click your domain name.

      What selections are listed under domain?

      Answer

    1. In the console tree, click Domain Controllers.

      2. Notice that SERVER1 appears in the details pane.

    NOTE
    If you did not use SERVER1 as your server name, the name of your server appears in the details pane.

    1. Leave the Active Directory Users And Computers window open.

    Exercise 4: Changing Your Domain from Mixed Mode to Native Mode

    In this exercise, you will change your domain mode from mixed mode to native mode.

  • To change your domain from mixed mode to native mode

    1. In the console tree, click domain.com to select it.

    NOTE
    If you did not use domain.com for your domain name, click your domain name.

    1. Click Action and then click Properties on the Action menu.

      2. The Domain.com Properties dialog box appears.

    2. On the General tab, click the Change Mode button.

      3. An Active Directory Service dialog box displays a warning that once the domain mode is changed to native mode, you cannot change back.

    3. Click Yes, and then click OK to close the Properties dialog box for your domain.

      4. An Active Directory message box displays a message indicating that the operation completed successfully and that it may take 15 minutes or more for the information to replicate to all domain controllers.

    4. Click OK, and close all open windows.

    Lesson Summary

    To install Active Directory directory services, you can use the Windows 2000 Configure Your Server wizard to start the Active Directory Installation wizard. You can also go to a command prompt and type dcpromo to launch the Active Directory Installation wizard. You use the Active Directory Installation wizard to add a domain controller to an existing domain, to create the first domain controller of a new domain, to create a new child domain, and to create a new domain tree.

    When installing Active Directory directory services, a database and a log file are created. The database is the directory for the new domain, and the log file temporarily stores changes made to the Active Directory directory services database. The default location for the database and database log files is systemroot\Ntds. A shared system volume is also created when you install Active Directory directory services. The shared system volume is a folder structure that exists on all Windows 2000 domain controllers. It stores scripts and some of the Group Policy objects for both the current domain as well as the enterprise. The file replication services use the shared system volume to replicate files and Group Policy information among domain controllers. The default location for the shared system volume is systemroot\Sysvol.

    When you first install or upgrade a domain controller to Windows 2000 Server, the domain controller runs in mixed mode. Mixed mode allows domain controllers to interact with any domain controllers in the domain that are running previous versions of Windows NT Server (down-level domain controllers). When all the domain controllers in the domain run Windows 2000, and you do not plan to add any more down-level domain controllers to the domain, you can switch the domain from mixed mode to native mode. Native mode does not support down-level replication. When you change from mixed mode to native mode, the server that was the primary domain controller during migration is no longer the domain master; all domain controllers in native mode act as peers.

    In the practice section of this lesson, you used Dcpromo.exe to start the Active Directory Installation wizard so that you could install Active Directory directory services on your computer, promote your computer to a domain controller, and create a domain. You then viewed your domain using My Network Places and the Active Directory Users and Computers tool. Finally, you changed your domain controller from mixed mode to native mode.