Instructions for installing Active Directory on Windows Server 2008

Microsoft Active Directory provides a centralized solution, managing and storing network resource information across the entire domain. In addition, Active Directory using Domain Controllers is responsible for storing and distributing storage for all users in the system, and setting up Windows Server 2008 as the Domain Controller role. In the following article, I will show you some basic steps to create a Windows Server 2008 Domain Controller system for Active Directory domains.

Some notes when installing new Windows Server 2008:

When performing an AD installation, you need to create the first domain controller in Windows Server 2008, so consider and remember the following:

- Domain controllers using Microsoft Windows NT Server 4.0 operating system are not supported by Windows Server 2008.

- Windows NT Server 4.0 server system is not supported by active domain controllers in Windows Server 2008, meaning you must have additional domain controllers using Windows 2000/2003 to support NT 4.0 server.

- The first Windows Server 2008 domain controller is required to be a global server system and must not become a RODC.

Installing Active Directory Domain Services (AD-DS):

In Windows Server 2008 operating system, unlike previous systems, you need to apply additional steps of DCPROMO to 'push' the server to the Domain Controller and install Active Directory directly on it. This step acts as an installation of Active Directory Domain Services (AD-DS) on the server. In fact, the role of AD-DS is to enable the server to handle the Domain Controller's task, but you still have to execute the DCPROMO command. AD-DS can be installed in three ways.

Method 1: Server Manager / Initial Configuration Tasks

Open Server Manager> Roles> Add Roles:

Click Next at the next window:

In the Select Server Roles window , select Active Directory Domain Services and click Next :

The Active Directory Domain Services window is displayed, you can refer to the information provided by the system here and click Next :

Click Install at the Confirm Installation Selections window :

And wait for the whole process to complete:

Click Close :

Then return to Server Manager , click on the Active Directory Domain Services link , but cannot be used because DCPROMO is not enabled:

Select the DCPROMO path and continue to follow the instructions there:

Method 2: use servermanagercmd.exe

This Servermanagercmd.exe statement is equivalent to the Add Roles and Add Features feature of Server Manager. The main structure of this command is as follows:

Servermanagercmd.exe - I ADDS-Domain-Controller

All you need to do is wait for the process to finish.

Method 3: DCPROMO

If you forget to install AD-DS or simply want to skip these complicated steps, use DCPROMO from the Command Prompt, and before it works, the server will check if the AD-DS is installed correctly. not yet If not, the system will continue:

After completing the Add Roles Wizard , continue to use the Active Directory Domain Services Installation Wizard or close the Server Manager function again.

Use DCPROMO:

After installing the AD-DS roles, we need DCPROMO to create the database for Active Directory and other functions.

Type dcpromo from Run or select the DCPROMO link in Manager> Roles> Active Directory Domain Services:

Depending on whether the AD-DS is installed, the Active Directory Domain Services Installation Wizard will continue to appear, click Next :

In the Operating System Compatibility window, you can refer to more details and click Next :

Next, go to Choosing Deployment Configuration and select Create a new domain in a new forest and Next :

Enter the appropriate name for the new domain and Next :

Note that you should not use domain names like mydomain or similar, but fully declared as mydomain.local or mydomain.com . The next process takes place, the system will check whether the domain name is appropriate and used or not:

Choose the correct level of the forest function level , default to Windows 2000 (here is Windows Server 2008 ):

Next is the domain function level entry, the default being Windows 2000 Native (here is Windows Server 2008 ):

If you select Windows Server 2008 in the forest function level section , the system will not warn users of choosing domain function levels.

Next, the system will continue to check whether DNS is configured and set up. In this case, no DNS server has been configured, so the installer will automatically install DNS on this server:

Note again that the first DC must be Global Catalog . In most cases, the user will receive a warning message that the server currently has 1 or more dynamic IP addresses. Type the command IPCONFIG / all. Where did this feature come from? The answer here is IPv6. In systems with IPv6 but not in use, you can ignore the following warning:

Next may be a message about DNS not yet configured, you skip and click Next :

Change the path of the AD database, log file and SYSVOL directory. For large models, set up DC so as to achieve the best possible performance. Then click Next :

Set password for Active Directory Recovery Mode . The user should set a password based on a combination of a minimum of 7 characters, noting that no password should be identical in the same system. Click Next:

In the last window, you can review your entire setup section. Click Next:

The installation process will start creating the Active Directory domain , and when it is finished, click Finish and restart the system:

The process is complete, the server system has added the role of Domain Controller . Now you can fully test the features by using AD management tools such as Active Directory Users and Computers, Event Logs, services, folders, authorization and sharing . just created. Good luck!

The link to learn more about the basic process of installing or removing AD DS, you can refer directly to Microsoft.