Windows 2000 Server: Configure Active Directory
When installing Windows 2000
Server, it is configured to work as "Standalone
When making the first logon , you will be presented with
"Windows 2000 Configure Your Server":
You can continue the configuration at this time, but you can also
select to close this windows
and to configure other items on the system or to install some
other software, because this window
will be shown on each new logon until you have made the
configuration and selected that this
windows will NOT be displayed anymore.
||You can display this
window at any time by
selecting in the menu
"Configure Your Server",
which is part of the
There are multiple possibilities
to configure a server for "Active Directory", depending
whether you have a small network with just one server or a larger
network with multiple server or
even a WAN with server in multiple countries.
In this installation example below, I assume that this is the
only Windows 2000 server on the
If you have no special needs for
the configuration, then you can simply follow the instructions
of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":
This selection would "automatically configure" the
server with all required components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Direcory)
Before allowing this wizard to reconfigure completely my system,
I requested to
"Show more details":
The wizard would define for me the IP-address for the server and
the subnet for my
complete network , which I did not like: I needed to use a
I decided therefore
to cancel this step and to follow the advise to go back to "Home"
to select the other option : "One or more
servers are already running in my network" :
No more fully automated installation by a wizard:
We need now to select manually the services to be installed from
the menu on the left.
Lets select "Active Directory":
have the possibility to
read more about the details
of domain controller and
on how to define multiple
domain-controllers in a network.
( since this example assumes
ONE Windows 2000 server on the
network, I will not discuss here the
terms "Tree" and "Forest")
the installation of the Active Directiry
requires that at least ONE partition
on the harddisk is formated with NTFS.
If you do not yet have such a
partition, you can cancel here the
installation of the Active Directory,
prepare a partition in NTFS and
It is up to you to decide, which
partition to use with NTFS.
I personally prefer to keep the
C-drive ("system drive")
FAT format, so I formatted in this
example the F-drive in NTFS .
Continue the installation with
"Start the Active Direcory Wizard"
||We are installing the
first Domain Controller
||Again, we are
first domain controller and
for this domain, we need to
create a new domain tree.
Example: I will call below my
If I would now create a
second domain called:
it would be part of the same
domain tree as JHHOME.COM
||Like in nature,
grow in a forest , and using this
comparison, we need to define
the forest for our domain tree.
In general, each new
top-level domain name
would be a new forest.
Since this is our first domain,
we need to create a new "forest"
for our "Domain Tree"
(which is then the only tree
in our forest).
Here is a difference compared to
nature: one tree is just one tree and
not a forest, but with computers, it is
just a matter of definition)
||It is now required to
the name of the new domain.
As I was used with Windows9x
and Windows NT4 networking,
I selected the name of the
workgroup to become the new
name of my domain.
However, note already the
"Full DNS name for new domain".
As you are used to see with
Internet Domain names, a
network Domain should have
now a second part separated
by a dot.
||To avoid problems, I am
redefining my domain name
to be now: "JHHOME.COM",
which looks like an Internet
(I am not sure, but if you insist
using no "dot-something", Windows
2000 will add itself ".DOM"
It does NOT matter, whether
this name is registered and in
use already on the Internet,
because you will be using it
only on your own network,
and as long as you are not
registering this domain name
as Internet Domain name, it
will NOT be known by the
a network with ONLY
Windows2000 systems can
work using only DNS, any
network with "legacy"
versions of Windows
Windows NT4) requires the
use of "NetBIOS",
using "NetBIOS over TCP/IP",
for which I need to define a
NetBIOS compatible Domain
Here I can use now the name
of the workgroup, which I
like to change to a domain.
||You need to define the
for the database and Log-file
for the Active Directory.
(on my system, I did not have
the 200 Mbyte free disk capacity
on my C:- system drive, so I was
required = forced by the installion
wizard to store this information
to a different drive )
the window with
the information on
Active Direcory stating the
need to a partition in NTFS ?
At this time, the "SYSVOL"
folder must be defined on
an NTFS Disk-partition.
The SYSVOL folder will be
later visible as part of the
or "My Network Places"
and will contain user specific
file, and to be able to control
the access to these files, that
partition must be NTFS
(since it is not possible to
use a FAT
-partition to define Access rights)
||Active Directory is based
using a DNS-server.
Since I did not yet install /
configure a DNS-server,
it is now required to install it.
Unless you are an expert on
DNS-server setup, please
follow the recommondation
of the wizard to let the
wizard install now the
||Again the question:
will you have a network with
some "legacy" systems
(= all pre-Windows 20000,
||Let's hope, that we will
never have to use this password
for a Restore operation......
||The summary of all the
information collected in the
Selecting now "Next"
will start the installation
of the Active Direcory and
of the DNS-server.
||You may have to be patient now
for a LONG time :
Please, just WAIT !
||It will need to install DNS
||You may have to insert your
Windows2000 CD-ROM or point
the wizard to the installation files
on the disk (if you copied them from
CD-ROM to an I386 folder, as it is
often done on NT-installations)
You need to restart !
After making the Logon, you will be shown again the window for
"Configure Your Server":
the information has changed, since you did already make the basic
You can now select to NOT "Show this screen at
You are now able to define Active Directory Users.
If you need to change your configuration and make the system
again a Stand-alone server,
you can un-install