180 likes | 515 Views
Active Directory. Installation. Naming. Computer has Full computer name, generally same as DNS name, consisting of Computer name Primary DNS suffix NetBIOS name Domain has DNS name NetBIOS name. Changing Names. Can change Computer name of a workstation or member server
E N D
Active Directory Installation
Naming • Computer has • Full computer name, generally same as DNS name, consisting of • Computer name • Primary DNS suffix • NetBIOS name • Domain has • DNS name • NetBIOS name
Changing Names • Can change • Computer name of a workstation or member server • Primary DNS suffix of a workstation or member server • Cannot change • Domain name • Applies to both DNS and NetBIOS names • Computer name of a domain controller • Applies to both DNS and NetBIOS names • Must ensure that server names are correct before promoting to DC
Full Computer Name • Set in System Properties/Network Identification • Made by concatenating • Computer Name • Generally same as hostname (part of DNS name up to first ‘.’) • Primary DNS suffix • NetBIOS name is always first 15 characters of computer name • Cannot be changed • Must still be unique if using central WINS servers • Recommended unique for DCs even if not using central WINS servers
Naming Conventions • Computer name • Unitcode+name of choice • E.g. oucs-fred, chem-w2kserver1 • Recommended to keep 15 characters or less • Primary DNS suffix • DNS domain name (e.g. oucs.ox.ac.uk, chem.ox.ac.uk) • http://www.oucs.ox.ac.uk/network/wins/ for full details
Prerequisites for Active Directory Installation • 2000 Server, correctly named • NTFS Partition • Minimum of 200MB for AD database • Minimum of 50MB for log files • TCP/IP Protocol configured to use DNS • If at all possible, have at least two DCs for resilience
Information Required for Active Directory Installation • Domain name for new AD domain • DNS name (must be same as unit name) • NetBIOS name • NB although untested, it is possible for a domain controller to have a different primary DNS suffix from the AD domain name • Need to turn off “Change primary DNS suffix when domain membership changes” option in System Properties before promoting to DC • Location for AD database and log files • Password for Directory Services Restore Mode Administrator account
Installing Active Directory on the First Domain Controller • Run dcpromo to start the AD installation wizard • Don’t use the initial screen to configure the server — less flexible • Make it a DC for a new domain, create a new domain tree and new forest of domain trees • AD domain name must be same as unit DNS name for correct DNS integration • NetBIOS name of domain same as first part of DNS name by default • May need to change, especially if already using this name for existing NT domain
Installing AD on the First Domain Controller cont. • For best performance, put database files and log files on different hard disks • Sysvol must be on NTFS partition • Only choose “Permissions compatible with pre-2000 computers” if you have NT servers in domain • Don’t forget the Directory Services Restore Mode administrator password — it is not the same as the AD Administrator account
Installing Active Directory on Subsequent Domain Controllers • Run dcpromo • Select option to set up Additional DC for existing domain • Put main AD administrator account details into Network credentials page • Give DNS name of domain • For other information, as per the first DC
Post-installation Tasks • Install and Configure DNS if necessary • For second and subsequent DCs, the first DC must already have DNS configured • Check SRV records correctly registered in DNS (more information later) • If no NT DCs, switch to native mode • AD Users and Computers/Properties of domain/General tab/Change Mode • Cannot be reversed
Post-installation Tasks cont. • Check creation of default containers • Active Directory Users and Computers • Computers, Users, ForeignSecurityPrincipals, Domain Controllers • Verify SYSVOL creation • Run %systemroot%\sysvol (change if you put it somewhere else) • Check existence of following directories • domain, staging, staging areas, sysvol • Verify shares • Command Prompt — “net share” command • Look for NETLOGON and SYSVOL shares
Post-installation Tasks cont. • Verify AD database and log file existence • Run %systemroot%\ntds (change if you put them elsewhere) • Check for ntds.dit (database), edb.* (transaction logs and checkpoint file), res*.log (reserved transaction logs) • Check for replication partner entries in AD Sites and Services under NTDS Settings for each server • Check event logs for errors
Removing Active Directory from a Domain Controller • First, good idea to ensure replication is up to date; may want to move Operations Master roles manually; may need to change time synchronization if PDC emulator changes • Run dcpromo • Note that unlike NT, 2000 servers can be promoted to DCs and demoted to member servers as desired • Note also that demoting the last domain controller in a domain will delete all information contained in AD • Users, groups, etc.
References • Best practice methods for Windows 2000 Domain Controller setup • http://support.microsoft.com/support/kb/articles/Q216/8/99.ASP • Promoting and demoting domain controllers • http://support.microsoft.com/support/kb/articles/Q238/3/69.ASP
References • How to Verify an Active Directory Installation • http://support.microsoft.com/support/kb/articles/Q298/1/43.ASP