Windows 2000 Server: Configure Active Directory

by Johannes Helmig [Published on 5 May 2001 / Last Updated on 5 May 2001]

When installing Windows 2000 Server, it is configured to work as "Standalone Server".

When making the first logon , you will be presented with "Windows 2000 Configure Your Server":


You can continue the configuration at this time, but you can also select to close this windows
and to configure other items on the system or to install some other software, because this window
will be shown on each new logon until you have made the configuration and selected that this
windows will NOT be displayed anymore.

You can display this
window at any time by
selecting in the menu
"Configure Your Server",
which is part of the
"Administrative Tools"

There are multiple possibilities to configure a server for "Active Directory", depending on
whether you have a small network with just one server or a larger network with multiple server or
even a WAN with server in multiple countries.

In this installation example below, I assume that this is the only Windows 2000 server on the
network.


If you have no special needs for the configuration, then you can simply follow the instructions
of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":


This selection would "automatically configure" the server with all required components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Direcory)

Before allowing this wizard to reconfigure completely my system, I requested to
"Show more details":

The wizard would define for me the IP-address for the server and the subnet for my
complete network , which I did not like: I needed to use a different IP-address.
I decided therefore to cancel this step and to follow the advise to go back to "Home"
to select the other option : "One or more servers are already running in my network" :


No more fully automated installation by a wizard:

We need now to select manually the services to be installed from the menu on the left.

Lets select "Active Directory":

You have the possibility to
read more about the details
of domain controller and
on how to define multiple
domain-controllers in a network.
( since this example assumes only
ONE Windows 2000 server on the
network, I will not discuss here the
terms "Tree" and "Forest")




Important:
the installation of the Active Directiry
requires that at least ONE partition
on the harddisk is formated with NTFS.
If you do not yet have such a
partition, you can cancel here the
installation of the Active Directory,
prepare a partition in NTFS and
then restart this configuration.

It is up to you to decide, which
partition to use with NTFS.
I personally prefer to keep the
C-drive ("system drive") in
FAT format, so I formatted in this
example the F-drive in NTFS .

Continue the installation with
"Start the Active Direcory Wizard"
just "Next"
We are installing the
first Domain Controller
Again, we are installing a
first domain controller and
for this domain, we need to
create a new domain tree.

Example: I will call below my
domain "JHHOME.COM".
If I would now create a
second domain called:
"SUPPORT.JHHOME.COM",
it would be part of the same
domain tree as JHHOME.COM
Like in nature, trees usually
grow in a forest , and using this
comparison, we need to define
the forest for our domain tree.

In general, each new
top-level domain name
(like: JHHOME.COM)
would be a new forest.

Since this is our first domain,
we need to create a new "forest"
for our "Domain Tree"
(which is then the only tree
in our forest).
Here is a difference compared to
nature: one tree is just one tree and
not a forest, but with computers, it is
just a matter of definition)
It is now required to define
the name of the new domain.

As I was used with Windows9x
and Windows NT4 networking,
I selected the name of the
workgroup to become the new
name of my domain.

However, note already the
exact message:
"Full DNS name for new domain".
As you are used to see with
Internet Domain names, a
network Domain should have
now a second part separated
by a dot.

To avoid problems, I am
redefining my domain name
to be now: "JHHOME.COM",
which looks like an Internet
Domain name.
(I am not sure, but if you insist on
using no "dot-something", Windows
2000 will add itself ".DOM" )

It does NOT matter, whether
this name is registered and in
use already on the Internet,
because you will be using it
only on your own network,
and as long as you are not
registering this domain name
as Internet Domain name, it
will NOT be known by the
Internet users.
While a network with ONLY
Windows2000 systems can
work using only DNS, any
network with "legacy"
versions of Windows
(WfW, Windows95/98/ME,
Windows NT4) requires the
use of "NetBIOS", either
using "NetBEUI" -protocol or
using "NetBIOS over TCP/IP",
for which I need to define a
NetBIOS compatible Domain
name.
Here I can use now the name
of the workgroup, which I
like to change to a domain.

You need to define the location
for the database and Log-file
for the Active Directory.

(on my system, I did not have
the
200 Mbyte free disk capacity
on my C:- system drive, so I was
required = forced by the installion
wizard to store this information
to a different drive )
Remember the window with
the information on the
Active Direcory
stating the
need to a partition in NTFS ?

At this time, the "SYSVOL"
folder must be defined on
an NTFS Disk-partition.

The SYSVOL folder will be
later visible as part of the
"Network Neighborhood"
or "My Network Places"
and will contain user specific
file, and to be able to control
the access to these files, that
partition must be NTFS
(since it is not possible to use a FAT
-partition to define Access rights)

Active Directory is based on
using a DNS-server.
Since I did not yet install /
configure a DNS-server,
it is now required to install it.

Unless you are an expert on
DNS-server setup, please
follow the recommondation
of the wizard to let the
wizard install now the
DNS-server.
Again the question:
will you have a network with
some "legacy" systems
(= all pre-Windows 20000,
like Windows95/98/ME/NT4)
Let's hope, that we will
never have to use this password
for a Restore operation......
The summary of all the
information collected in the
previous steps.

Selecting now "Next"
will start the installation
of the Active Direcory and
of the DNS-server.
You may have to be patient now
for a LONG time :
Please, just WAIT !
It will need to install DNS
You may have to insert your
Windows2000 CD-ROM or point
the wizard to the installation files
on the disk (if you copied them from
CD-ROM to an I386 folder, as it is
often done on NT-installations)

Finished !
You need to restart !

After making the Logon, you will be shown again the window for "Configure Your Server":

the information has changed, since you did already make the basic configuration.
You can now select to NOT "Show this screen at startup".

You are now able to define Active Directory Users.

If you need to change your configuration and make the system again a Stand-alone server,
you can un-install Active Directory.

Featured Links