AD Domain installation (install active Directory in Windows Server 2003)

A set of servers is provided as an authentication server or a logon server in Active Directory, which is called a domain controller, or DC. The process of establishing an ad domain is actually the process of installing ad on a computer that is running Windows Server 2003 or running a system on Windows servers to make it a DC. After the ad is installed, it is important to manage the ad domain by joining other computers in the network to the ad domain and creating and managing user accounts. The steps to install Active Directory on a server that is running a Windows Server 2003 (SP1) system are as follows: Steps/Methods

2. 1 1th step, in the Start menu, click Administrative tools → Configure Your Server Wizard menu item to open the Configure Your Server Wizard dialog box. In the Welcome dialog box, click next → Next button.
4. 2 2nd, the Configuration Wizard detects that network settings and network connections are normal, and if no problems are found, open the Server Roles dialog box. In the Server roles list, select the domain controller (Active Directory) option, and click the Next button, as shown in 2008112501.
   Figure 2008112501 Selecting the domain controller (Active Directory) option
6. 3 3rd Step, click the Next button directly in the Select Summary dialog box that opens. If Terminal Services is installed on the current server, users are prompted to install Active Directory to change the security policy of the Terminal server. Click the OK button, as shown in 2008112502.
   Figure 2008112502 Click the OK button
8. 4 4th, open the Active Directory Setup Wizard dialog box and click the Next button in the Welcome dialog box.
   Tip: Users can also enter the DCPROMO command in the Run dialog box and press ENTER to open the Active Directory Installation Wizard.
10. 5 5th, in the Operating System Compatibility dialog box that opens, clients who are prompted to run older versions of the Windows system will not be able to log on to the Windows Server 2003 (SP1) system domain. Click the "Next" button, shown in 2008112503.
    Figure 2008112503 "Operating System Compatibility" dialog box
12. 6 6th, open the Domain Controller Type dialog box, where you need to specify the role that this Windows Server 2003 (SP1) system server serves. If you are creating a completely new domain, you must select the domain controller for new domain radio box and click the Next button, shown in 2008112504.
    Figure 2008112504 Selecting the domain controller for new domain radio box
14. 7th, in the open Create a new Domain dialog box, ad can organize the domain into a domain tree and then organize the domain tree into a forest. If you want to create the first field in a new domain tree (also the first domain tree in the New Forest), you need to select the "Domain in New Forest" Radio box and click the Next button, 2008112505.
    Figure 2008112505 Selecting the "domains in New Forest" Radio box
16. 8th, open the "New Domain Name" dialog box, enter the domain name you want to use in the "DNS full name of new domain" edit box, and click the "Next" button, shown in 2008112506.
    Figure 2008112506 "New Domain Name" dialog box
18. 9th step, in the NetBIOS Domain Name dialog box that opens, you need to specify a NetBIOS domain name for the new domain. Because previous versions of Windows 2000 systems, such as Windows 9X Systems, may be running in the corporate LAN, these systems do not recognize the domain name. Therefore, the ad domain prepares a domain name that they can recognize for these systems, the "NetBIOS domain name." By default, the Setup wizard will use the leftmost portion of the delimiter in the domain name as the NetBIOS domain name. The user can leave the default values and click the Next button, shown in 2008112507.
    Figure 2008112507 The NetBIOS Domain Name dialog box
    Tip: If the default NetBIOS domain name is the same as the other computers on the network, the computer name conflict is prompted, and the NetBIOS domain name is automatically reset, as shown in 2008112508.
    Figure 2008112508 prompting for user name collisions
20. 10th, open the database and Log Files Folder dialog box, where you need to set the path of the two folders. The ad domain stores the ad database as two parts, one for the ad database file itself and the other for the transaction log. If you store the ad database file in an NTFS partition, you can achieve significantly better performance than the FAT partition. If you store the transaction log files on a different physical hard disk than the ad data file (and use a different IDE channel), you can update both the AD database and the log, and the performance gains are equally noticeable. If you have only one hard disk system installed on your computer, you can leave the default path and click the Next button, shown in 2008112509.
    Figure 2008112509 Database and log File Folders dialog box
22. 11th, in the Shared System Volume dialog box that opens, you need to select an NTFS-formatted partition path for the SYSVOL folder. The Sysvol folder stores important user Configuration and control information files (such as System policy files, default profiles, and logon scripts) in the ad domain, and the folder is automatically copied to the other DCs, enabling synchronization of domain information updates. However, the system's automatic replication of the Sysvol folder requires support for NTFS partitions, which is why you need an NTFS partition as mentioned in table 8-1. In this example, the hard drive's C-zone is an NTFS partition, so keep the default path and click the Next button, shown in 2008112510.
    Figure 2008112510 Shared System Volume dialog box
24. 12th Step, wait a while. The DNS Registration Diagnostics dialog box opens, and you can see the error prompt in the diagnostic results listed. This is because the DNS service is not configured correctly on this server, so select the "Install and configure the DNS server on this computer and set this DNS server as the preferred DNS server for this computer" radio box. Click the "Next" button, shown in 2008112511.
    Figure 2008112511 The DNS Registration Diagnostics dialog box
    Tip: DNS is the basis of the ad domain, and ad will store a list of domain controllers and global catalog servers in DNS, so it is necessary to have a DNS server in the network. It is also possible to have the installation Wizard automatically set up DNS servers on the DC during ad installation, which is more appropriate for users who are not familiar with DNS and ad domains.
26. 13th, in the Permissions dialog box that opens, you need to set the default permissions for the user and group objects. In fact, the permissions mentioned here are mainly related to the Anonymous logon problem of the RAS (Remote access server, remotely accessible server). Because RAS is not working in a domain that does not have anonymous logins in the NT4 domain. If you are sure that the server systems in your corporate network are above Windows 2000, it is recommended that you select the only permissions that are compatible with the operating system of the Windows Server 2003 System check box. This option improves security by turning off anonymous logons for the RAS server. Click the "Next" button, shown in 2008112512.
    Figure 2008112512 Permissions dialog box
28. 14th, open the "Administrator password for directory Services Restore Mode" dialog box to set a set of restore passwords. During the startup of Windows Server 2003 (SP1) systems, there is an option to rebuild the corrupted AD database and restore it to an earlier version that is internally consistent. However, this is a double-edged sword, because rebuilding the database and destroying the database is a good idea in the eyes of the attacker, so it is necessary to set the restore password. Click the "Next" button, shown in 2008112513.
    Figure 2008112513 Administrator password for Directory Services Restore Mode dialog box
    Tip: Set the restore password to conform to the password policy, which is enforced when the user changes or creates a password. The password policy mainly includes the following two aspects:
    ★ does not include all or part of the user account name;
    ★ Length of at least six characters, must contain both English capital letters (from A to Z), English lowercase letters (from A to Z), 10 basic numbers (from 0 to 9) and non-alphabetic characters (for example,!, $, #,%) four letters in a category.
30. 15th, in the Summary dialog box, confirm that your settings are correct, and click the Next button to start installing AD. The Windows Installer dialog box opens during Setup to install the DNS server and requires that you insert the Windows Server 2003 (SP1) system installation CD or specify the system installation source files. The installation process for ad is lengthy and typically takes 20-30 minutes, as shown in 2008112514.
    Figure 2008112514 Installing active Directory
32. 16th, click the Finish button after installation, and restart the computer as prompted, as shown in 2008112515.
    Figure 2008112515 Completing the Active Directory Installation Wizard END

Basic software Information

AD Domain installation (install active Directory in Windows Server 2003)