Before this starts you may wonder what is an Active Directory in which case I will quote Wikipedia and say:
“Active Directory serves as a central location for network administration and security. It is responsible for authenticating and authorizing all users and computers within a network of Windows domain type, assigning and enforcing security policies for all computers in a network and installing or updating software on network computers. For example, when a userlogs into a computer that is part of a Windows domain, it is Active Directory that verifies his or her password and specifies whether he or she is a system administrator or normal user”. http://en.wikipedia.org/wiki/Active_Directory
If you wish to obtain more information you can go directly to the source which is Microsoft and obtain more information .
Having said that let us proceed with the tutorial.
1) Starting from Windows 2008 roles have been implemented and as such we will have to install the role of “Active Directory Domain Services”.
2) Once you press the Add Roles button you will be greeted with a window giving a short summary as to what an Active Directory is. Once you click Next you will see the list of all available Roles. From the list you will need to select Active Directory Domain Services.
3) The Operating System may require you to install the .NET Framework 3.5 features. Select “Add requested Features” and installation will start.
4) Upon completing the installation you will be greeted with this window, provided all went well.
7) We will now proceed to configure the actual Active Directory. We will do this by going to the Run prompt and type in dcpromo. This will invoke the administration panel for the Active Directory. Once dcpromo is invoked for the first time you will be greeted with a welcoming window and an information window. The latter is important to read. It basically states that legacy technology is being dropped when it comes to connecting with NT4 technology Operating Systems to the Domain Controller. It goes beyond that and it also included non Windows software such as older versions of SAMBA which runs on Linux. In other words the clients will need to be upgraded because it simply does not make any sense for the Domain Controller to be still employ archaic technology.
8) Once you click Next you will then be asked to either add this machine as a Domain Controller in an existing Forest of create a new Forest. In our case we will select Create a new Domain in a new Forest.
9) In this step we will give a FULLY QUALIFIED DOMAIN NAME to our Forest Root Domain. Please note that if you use a .COM, .NET, .ORG and so on domain, the server will go out on the Internet in order to search for the appropriate DNS server to attach it self to it. This will not work in our example. In our example we will create a Domain Name that we only will be able to see and use. In this case the FQDN will be ACTIVEDIRECTORY.VMHOME. It could have easily been something like “MrAwesome.SuperHero”.
10) In the following sections you will be asked the level of backwards comparability you wish to employ in regards to Domain Functional Level and Forest Functional Level. The lowest level of comparability is Windows 2003. In other words what ever your choice is it means that you will be able to add Domain Controllers from the lowest level you chose and above. In this case my lowest level of comparability is Windows 2008.
11) At this point we will need to install the DNS role. The reason as to why we need to do this is well explained by http://technet.microsoft.com in a very clear way. The full article is located here: How DNS Support for Active Directory Works
“Every Windows Server 2003 or later Active Directory domain has a DNS domain name (for example, contoso.com), and every Windows Server 2003 or later based computer has a DNS name (for example, win2kserver.contoso.com). Architecturally, domains and computers are represented both as objects in Active Directory and as nodes in DNS.
Because DNS domains and Active Directory domains share identical domain names, it is easy to confuse their roles. The two namespaces, although typically sharing an identical domain structure, store different data and, therefore, manage different objects:
- DNS stores zones and resource records, and Active Directory stores domains and domain objects. Both systems use a database to resolve names.
- DNS resolves domain names and computer names to resource records through requests received by DNS servers as DNS queries to the DNS database.
- Active Directory resolves domain object names to object records through requests that are received by domain controllers either as LDAP search requests or as modify requests to the Active Directory database.
Thus, the Active Directory domain computer account object is in a different namespace from the DNS host record that represents the same computer in the DNS zone.”
12) At this point the Operating System will throw a tantrum and state that it is not a good idea to have a DNS server with a Dynamic IP…and indeed it is not. It is actually a disaster to do so. As such we will nee to do certain changes regarding the IP settings of the this server. In the screenshot below are my settings and I will explain what they mean:
IP Address: 10.0.0.6 is the static IP address I have given to this server.
SubNet Mask: Tells in which network this server belongs to.
Default Gateway: This is the IP address of my router and it gives this server a way out in order to connect with the Internet.
Preferred DNS Server: This must point to the DNS server and as it happens to be the DNS server in our case is the server we will use for a Domain Controller and as such the DNS Server address will be 10.0.0.6. I do not have an alternate DNS server and that is why the second entry is left blank.
13) Windows will nag us again with the message below which basically states that it cannot reach the Internet is order to find a DNS. At this point it is safe to say click “Yes” to proceed with the setup.
14) When installing Active Directory we are also installing a database that is used to contain information regarding this Domain Controller. This is not a sophisticated setup and as such we will use the default settings.
15) You will be asked to enter a password which is for disaster recovery purposes.
15) You will then be asked if you want to export the setting in a plain text file and then you will be asked to proceed with finishing off the setup of your Active Directory Domain Controller…..and that is all she wrote. You now are ready to use an Active Directory.