Windows 2000 Server: Configure Active Directory • • • • • • • •
Launched: May 05, 2001 Updated: May 05, 2001 Section: Articles & Tutorials :: Windows 2000 Author: Johannes Helmig Company: WindowsNetworking.com Printable Version Adjust font size: Rating: 3.5/5 - 948 Votes
When installing Windows 2000 Server, it is configured to work as "Standalone Server". When making the first logon , you will be presented with "Windows 2000 Configure Your Server":
You can continue the configuration at this time, but you can also select to close this windows and to configure other items on the system or to install some other software, because this window will be shown on each new logon until you have made the configuration and selected that this windows will NOT be displayed anymore. You can display this window at any time by selecting in the menu "Configure Your Server", which is part of the "Administrative Tools"
There are multiple possibilities to configure a server for "Active Directory", depending on whether you have a small network with just one server or a larger network with multiple server or even a WAN with server in multiple countries. In this installation example below, I assume that this is the only Windows 2000 server on the network.
If you have no special needs for the configuration, then you can simply follow the instructions of this wizard to configure your system: - select "This is the only server in my network" - continue with "Next":
This selection would "automatically configure" the server with all required components: - the Active Directory - a DHCP-server - a DNS-server (which is required for the Active Direcory)
Before allowing this wizard to reconfigure completely my system, I requested to "Show more details":
The wizard would define for me the IP-address for the server and the subnet for my complete network , which I did not like: I needed to use a different IP-address. I decided therefore to cancel this step and to follow the advise to go back to "Home" to select the other option : "One or more servers are already running in my network" :
No more fully automated installation by a wizard:
We need now to select manually the services to be installed from the menu on the left. Lets select "Active Directory":
You have the possibility to read more about the details of domain controller and on how to define multiple domaincontrollers in a network. ( since this example assumes only ONE Windows 2000 server on the network, I will not discuss here the terms "Tree" and "Forest")
Important: the installation of the Active Directiry requires that at least ONE partition on the harddisk is formated with NTFS. If you do not yet have such a partition, you can cancel here the installation of the Active Directory, prepare a partition in NTFS and
then restart this configuration. It is up to you to decide, which partition to use with NTFS. I personally prefer to keep the C-drive ("system drive") in FAT format, so I formatted in this example the Fdrive in NTFS . Continue the installation with "Start the Active Direcory Wizard"
just "Next"
We are installing the first Domain Controller
Again, we are installing a first domain controller and for this domain, we need to create a new domain tree. Example: I will call below my domain "JHHOME.COM". If I would now create a second domain called: "SUPPORT.JHHOME.COM", it would be part of the same domain tree as JHHOME.COM
Like in nature, trees usually grow in a forest , and using this comparison, we need to define the forest for our domain tree. In general, each new top-level domain name (like: JHHOME.COM) would be a new forest. Since this is our first domain, we need to create a new "forest" for our "Domain Tree" (which is then the only tree in our forest). Here is a difference compared to nature: one tree is just one tree and not a forest, but with computers, it is just a matter of definition) It is now required to define the name of the new domain. As I was used with Windows9x and Windows NT4 networking, I selected the name of the workgroup to become the new name of my domain. However, note already the exact message: "Full DNS name for new domain". As you are used to see with Internet Domain names, a network Domain should have now a second part separated by a dot.
To avoid problems, I am redefining my domain name to be now: "JHHOME.COM", which looks like an Internet Domain name. (I am not sure, but if you insist on using no "dotsomething", Windows 2000 will add itself ".DOM" ) It does NOT matter, whether this name is registered and in use already on the Internet, because you will be using it only on your own network, and as long as you are not registering this domain name as Internet Domain name, it will NOT be known by the Internet users.
While a network with ONLY Windows2000 systems can work using only DNS, any network with "legacy" versions of Windows (WfW, Windows95/98/ME, Windows NT4) requires the use of "NetBIOS", either using "NetBEUI" -protocol or using "NetBIOS over TCP/IP", for which I need to define a NetBIOS compatible Domain name. Here I can use now the name of the workgroup, which I like to change to a domain.
You need to define the location for the database and Log-file for the Active Directory. (on my system, I did not have the 200 Mbyte free disk capacity on my C:- system drive, so I was required = forced by the installion wizard to store this information to a different drive )
Remember the window with the information on the Active Direcory stating the need to a partition in NTFS ? At this time, the "SYSVOL" folder must be defined on an NTFS Diskpartition. The SYSVOL folder will be later visible as part of the "Network Neighborhood" or "My Network Places" and will contain
user specific file, and to be able to control the access to these files, that partition must be NTFS (since it is not possible to use a FAT -partition to define Access rights)
Active Directory is based on using a DNS-server. Since I did not yet install / configure a DNS-server, it is now required to install it. Unless you are an expert on DNS-server setup, please follow the recommondation of the wizard to let the wizard install now the DNS-server.
Again the question: will you have a network with some "legacy" systems (= all pre-Windows 20000, like Windows95/98/ME/NT4)
Let's hope, that we will never have to use this password for a Restore operation......
The summary of all the information collected in the previous steps. Selecting now "Next" will start the installation of the Active Direcory and of the DNS-server.
You may have to be patient now for a LONG time : Please, just WAIT !
It will need to install DNS
You may have to insert your Windows2000 CDROM or point the wizard to the installation files on the disk (if you copied them from CD-ROM to an I386 folder, as it is often done on NTinstallations)
Finished !
You need to restart ! After making the Logon, you will be shown again the window for "Configure Your Server":
the information has changed, since you did already make the basic configuration. You can now select to NOT "Show this screen at startup". You are now able to define Active Directory Users. If you need to change your configuration and make the system again a Stand-alone server, you can un-install Active Directory.
About Johannes Helmig Dr.Johannes Helmig is working as Director, Technical Knowledge Management in the Belgium office of Gerber Technology where he is involved in Customer Service and internal training, with special interest in Networking. Click here for Johannes Helmig's section.
Receive all the latest articles by email!
Get all articles delivered directly to your mailbox as and when they are released on WindowsNetworking.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.
• •
Real-Time Article Update Monthly Article Update
Latest articles by Johannes Helmig • • • • •
About the new Windows XP Professional Logon Screen : New XP style or NT4/2000 style Windows 2000 DCC and ICS Windows 2000 / XP WNTIPCFG Connecting Windows XP to Multiple Networks: Office and Home Windows 2000 Network Sharing
Related links • • • • •
Windows 2000 / XP Professional TCP/IP Routing Gaining Speed: Empty Prefetch on your XP System DOS Network Boot Floppy Using WebDAV with IIS Recovering Windows XP using the Recovery Console
Featured Links* Citrix burning a hole in your pocket? Get 2X ApplicationServer - unlimited - for $995 Free IP PBX: 3CX VOIP Phone system for Windows SIP-based IP PBX developed for Windows. Scaleable, eliminates phone wiring & lowers call costs via VOIP providers. Download FREE edition: no limitations or time outs. Everyday Active Directory Disasters - Are You at Risk? Understand the risks and expenses of everyday Active Directory disasters with the new Quest Software white paper, "Justifying a Recovery Plan for Everyday Disasters." Read the new white paper now. Network Faxing Easily Integrated With Your Applications GoldFax is the proven market leader with customers like Citigroup, Ford, and thousands
of small businesses depending on GoldFax for their fax infrastructure. Control user access to USB sticks, media players (iPod, Creative Zen) and more! "68% Of organizations are affected by internal network security breaches." Prevent data theft and virus infections from within your network - Download free 30-day trial. •
•
•
• •
Free IP PBX: 3CX VOIP Phone system for Windows SIP-based IP PBX developed for Windows. Scaleable, eliminates phone wiring & lowers call costs via VOIP providers. Download FREE edition: no limitations or time outs. Control user access to USB sticks, media players (iPod, Creative Zen) and more! "68% Of organizations are affected by internal network security breaches." Prevent data theft and virus infections from within your network - Download free 30-day trial. Network Faxing Easily Integrated With Your Applications GoldFax is the proven market leader with customers like Citigroup, Ford, and thousands of small businesses depending on GoldFax for their fax infrastructure. Citrix burning a hole in your pocket? Get 2X ApplicationServer - unlimited - for $995 Everyday Active Directory Disasters - Are You at Risk? Understand the risks and expenses of everyday Active Directory disasters with the new Quest Software white paper, "Justifying a Recovery Plan for Everyday Disasters." Read the new white paper now.
Receive all the latest articles by email! Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Become a WindowsNetworking.com member! Discuss your network issues with thousands of other network administrators. Click here to join!
Community Area • •
Login Register
Dell are now seeking ambitious candidates to join them and develop their careers accordingly. Visit the Dell Careers Center to find out more! • •
•
• •
• • • • • •
Admin KnowledgeBase Articles & Tutorials o Common for all OSes o Dial up Networking, ICS, RAS, ADSL o General Networking o Network Protocols o Network Troubleshooting o VoIP o Windows 2000 o Windows 2003 o Windows 95/98/ME o Windows Longhorn Server o Windows NT 4 o Windows Vista o Windows XP o Wireless Networking Authors o Mitch Tulloch o Brien M. Posey o Don Parker o Robert J. Shimonski o Andrew Z. Tabona o Johannes Helmig Blogs Hardware o Anti-Spam Hardware o Anti-Virus Hardware o Firewalls & VPN o Mail Archiving o Servers o Storage IP PBX, SIP & VoIP FAQ Sponsored by 3CX Links Message Boards Newsletter Signup RSS Feed Software o Administration tools / Ping & trace utils o Backup software
o o o o o o o o o o o o o
Data recovery software Email archiving Help desk software IP PBX Servers Misc. network administrator tools Network inventory software Network monitoring / management Patch Management Remote control software Software distribution and metering Storage and quota software Terminal Servers Thin Client Servers
Featured Products TechGenix Sites ISAserver.org The No.1 ISA Server 2006 / 2004 / 2000 resource site. MSExchange.org The leading Microsoft Exchange Server 2007 / 2003 / 2000 resource site. WindowSecurity.com Network Security & Information Security resource for IT administrators. MSTerminalServices.org A leading Microsoft Terminal Services and Citrix resource site. • • • • • • • • • •
Admin KnowledgeBase Articles & Tutorials Authors Blogs Hardware Links Message Boards Newsletters RSS Software
About Us : Email us : Product Submission Form : Advertising Information WindowsNetworking.com is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers. Copyright © 2006 TechGenix Ltd. All rights reserved. Please read our Privacy Policy