We will go
through the process of setup a domain controller using server2012.
AD Prerequisites
1. Windows server 2012
2. NTFS Partition
3. DNS: The DNS should be ready with
forward and reverse lookup zone and should allow dynamic updates. Although you
can install DNS during the process of AD setup, Microsoft recommended best practice
is to setup DNS prior to AD setup. If you prefer to choose during AD setup, it
will create the AD integrated DNS for you.
4. Static IP: The server should be
configured with static IP and with the DNS server address.
5. DNS Suffix representing the namespace
added to computer properties.
As shown in
the figure my NIC is configured with static IP 192.168.117.100 and we setup DNS
in the same server and configured that too.
Also we
changed the DNS suffix to xyz.com to represent the namespace that we are going to
use.
We setup the DNS
server with forward and reverse lookup zone for xyz.com and also allowed
dynamic updates.
So all the prerequisites are completed and let us go through the Active Directory Installation.By default no roles or features installed on server 2012. Open up the server manager and click on manage to add roles and features.
Choose role based or feature based installation.
Click on install and the process of making the server ready for to be a domain controller will be started.Click on the close button.
Click on add a new forest and xyz.com as the domain name.
The first radio button is to add additional domain controller to the existing domain and the second one is to add additional domain either as a child domain or as an additional tree. Since this is our first DC, it will be the forest root. The next screen will prompt you to choose the forest and domain functional level. As per your current requirements, means later if you want to add 2008 server as an additional DC or you have an application that requires the lower forest or domain functional level you can opt for lower forest functional level.
After that you can see to select the DC capabilities. Since we installed DNS in the same machine, can't deselect that. Also as it is the first DC, it should be a global catalog server and it can't be RODC which we will discuss later, as RODC requires DC to get the directory replica.
The directory service restore mode is used to restore the AD database or doing the maintenance on AD or to move AD. In that situations, we have to use the restore mode password.
Click Next and it will ask you to specify DNS delegation options. In our case DNS delegation is not required as it is in the same server and If you have a separate DNS server that hosts your forward and reverse lookup zones, you have to provide the delegate credentials for that server. So uncheck the box and click Next.
The additional options screen will ask you to verify the NETBIOS name. Leave it as it is.
Click Next and it will ask you for the database, log files and sysvol path.By default it will be in the windows directory. If you have any performance concerns, you can change the path.
Click Next
Click Next and it will check for all the prerequisites.
Installing AD DS from Install from Media
(IFM)
Now
we are going to setup an additional Domain Controller. From server 2000 onwards
AD uses multi master replication. I.e. Every Domain Controller has a writable
copy of the database they maintains. The additional DC will replicate from the
first DC during initial setup. If we are adding the DC in the same site, the
replication will be very fast. Usually IFM is used in situations like you want
to setup additional DC in a remote location and it will take time to replicate
the database and policies from the first DC to the second location. So we can
copy the database and sysvol folders from first DC and use it in the second
one. We can take the backup of AD to the local server and then copy it to the
removable media and we can use it in the remote server. We are using IFM option
to setup the additional DC.
So first let us take the backup of AD
from our DC1. Run the command prompt as the administrator and type ntdsutil.
Type activate
instance ntds
Type IFM
If you type
help you can see all the parameters used with ifm. We are going to take the backup
of AD and sysvol and hence type create sysvol full c:\ad_bkp. Ad_bkp is the folder
I created to take the backup.
You can see
the defragmentation and copying process
We
will get the message that the IFM media created successfully in c:\ad_bkp.
Type quit to
exit ifm and quit again to exit ntdsutil. Now I have the backup of AD database,
registry, policies and scripts.
Join the second server to xyz.com and add active directory domain services in to that. As it is the same procedures we discussed earlier I am not putting thr screen shots. Start promote server to domain controller. Choose additional DC to existing domain and xyz.com as the domain. During the additional options, choose install from media and show the path to removable media ad_bkp.
The remaining steps are same as of the first DC.
