Académique Documents
Professionnel Documents
Culture Documents
A23 Privacy Policy S 3ite In#o S ,ontact S Advertise T20== 9lue 2'ale 2eb Inc" S
How To reate an Active Directory
Server in Windows Server 2003
Vie& %roducts t'at t'is article a%%lies to"
3ystem 0i%0'is article a%%lies to a di##erent version o# 2indo&s t'an t'e one you
are usin-" ,ontent in t'is article may not be relevant to you"Visit t'e 2indo&s A
3olution ,enter
0'is article &as %reviously %ublis'ed under U42>A?4
"n T)is ,a'e
3E11AB
o ,reatin- t'e Active Directory
o Addin- Esers and ,om%uters to t'e Active Directory Domain
o 0roubles'ootin-
Bou ,annot :%en t'e Active Directory 3na%-ins
5)%and all S ,olla%se all
S:55AR9
T)is article descri1es )ow to install and con&i'(re a new
Active Directory inst;;;
0'is article describes 'o& to install and con#i-ure a ne& Active Directory installation
in a laboratory environment t'at includes 2indo&s 3erver 2004 and Active Directory"
+ote t'at you &ill need t&o net&orked servers t'at are runnin- 2indo&s 3erver 2004 #or
t'is %ur%ose in a laboratory environment"
9ack to t'e to%
Creating the Active Directory
A#ter you 'ave installed 2indo&s 3erver 2004 on a stand-alone server, run t'e Active
Directory 2iHard to create t'e ne& Active Directory #orest or domain, and t'en convert
t'e 2indo&s 3erver 2004 com%uter into t'e #irst domain controller in t'e #orest" 0o
convert a 2indo&s 3erver 2004 com%uter into t'e #irst domain controller in t'e #orest,
#ollo& t'ese ste%s*
=" Insert t'e 2indo&s 3erver 2004 ,D-:1 into your com%uter$s ,D-:1 or
DVD-:1 drive"
2" ,lick Start, click R(n, and t'en ty%e dc%romo"
4" ,lick "< to start t'e Active Directory Installation Wi=ard, and t'en click Ne+t"
>" ,lick Domain controller &or a new domain, and t'en click Ne+t"
?" ,lick Domain in a new &orest, and t'en click Ne+t"
<" 3%eci#y t'e #ull D+3 name #or t'e ne& domain" +ote t'at because t'is %rocedure
is #or a laboratory environment and you are not inte-ratin- t'is environment into
your e)istin- D+3 in#rastructure, you can use somet'in- -eneric, suc' as
mycom%any"local, #or t'is settin-" ,lick Ne+t"
A" Acce%t t'e de#ault domain +et9I:3 name (t'is is @mycom%any@ i# you used t'e
su--estion in ste% </" ,lick Ne+t"
8" 3et t'e database and lo- #ile location to t'e de#ault settin- o# t'e c*L&inntLntds
#older, and t'en click Ne+t"
9" 3et t'e 3ysvol #older location to t'e de#ault settin- o# t'e c*L&inntLsysvol #older,
and t'en click Ne+t"
=0" ,lick Install and con&i'(re t)e DNS server on t)is com$(ter, and t'en click
Ne+t"
==" ,lick ,ermissions com$ati1le only wit) Windows 2000 or Windows Server
2003 servers or o$eratin' systems, and t'en click Ne+t"
=2" 9ecause t'is is a laboratory environment, leave t'e %ass&ord #or t'e Directory
3ervices estore 1ode Administrator blank" +ote t'at in a #ull %roduction
environment, t'is %ass&ord is set by usin- a secure %ass&ord #ormat" ,lick Ne+t"
=4" evie& and con#irm t'e o%tions t'at you selected, and t'en click Ne+t"
=>" 0'e installation o# Active Directory %roceeds" +ote t'at t'is o%eration may take
several minutes"
=?" 2'en you are %rom%ted, restart t'e com%uter" A#ter t'e com%uter restarts,
con#irm t'at t'e Domain +ame 3ystem (D+3/ service location records #or t'e
ne& domain controller 'ave been created" 0o con#irm t'at t'e D+3 service
location records 'ave been created, #ollo& t'ese ste%s*
a" ,lick Start, %oint to Administrative Tools, and t'en click DNS to start
t'e D+3 Administrator ,onsole"
b" 5)%and t'e server name, e)%and Forward /oo0($ .ones, and t'en
e)%and t'e domain"
c" Veri#y t'at t'e Vmsdcs, Vsites, Vtc%, and Vud% #olders are %resent" 0'ese
#olders and t'e service location records t'ey contain are critical to Active
Directory and 2indo&s 3erver 2004 o%erations"
9ack to t'e to%
Adding Users and Computers to the Active Directory Domain
A#ter t'e ne& Active Directory domain is establis'ed, create a user account in t'at
domain to use as an administrative account" 2'en t'at user is added to t'e a%%ro%riate
security -rou%s, use t'at account to add com%uters to t'e domain"
=" 0o create a ne& user, #ollo& t'ese ste%s*
a" ,lick Start, %oint to Administrative Tools, and t'en click Active
Directory :sers and om$(ters to start t'e Active Directory Esers and
,om%uters console"
b" ,lick t'e domain name t'at you created, and t'en e)%and t'e contents"
c" i-'t-click :sers, %oint to New, and t'en click :ser"
d" 0y%e t'e #irst name, last name, and user lo-on name o# t'e ne& user, and
t'en click Ne+t"
e" 0y%e a ne& %ass&ord, con#irm t'e %ass&ord, and t'en click to select one
o# t'e #ollo&in- c'eck bo)es*
Esers must c'an-e %ass&ord at ne)t lo-on (recommended #or most
users/
Eser cannot c'an-e %ass&ord
Pass&ord never e)%ires
Account is disabled
,lick Ne+t"
#" evie& t'e in#ormation t'at you %rovided, and i# everyt'in- is
correct, click Finis)"
2" A#ter you create t'e ne& user, -ive t'is user account members'i% in a -rou% t'at
%ermits t'at user to %er#orm administrative tasks" 9ecause t'is is a laboratory
environment t'at you are in control o#, you can -ive t'is user account #ull
administrative access by makin- it a member o# t'e 3c'ema, 5nter%rise, and
Domain administrators -rou%s" 0o add t'e account to t'e 3c'ema, 5nter%rise, and
Domain administrators -rou%s, #ollo& t'ese ste%s*
a" :n t'e Active Directory Esers and ,om%uters console, ri-'t-click t'e ne&
account t'at you created, and t'en click ,ro$erties"
b" ,lick t'e 5em1er "& tab, and t'en click Add"
c" In t'e Select >ro($s dialo- bo), s%eci#y a -rou%, and t'en click "< to
add t'e -rou%s t'at you &ant to t'e list"
d" e%eat t'e selection %rocess #or eac' -rou% in &'ic' t'e user needs
account members'i%"
e" ,lick "< to #inis'"
2" 0'e #inal ste% in t'is %rocess is to add a member server to t'e domain" 0'is
%rocess also a%%lies to &orkstations" 0o add a com%uter to t'e domain, #ollo&
t'ese ste%s*
a" .o- on to t'e com%uter t'at you &ant to add to t'e domain"
b" i-'t-click 5y om$(ter, and t'en click ,ro$erties"
c" ,lick t'e om$(ter Name tab, and t'en click )an'e"
d" In t'e om$(ter Name )an'es dialo- bo), click Domain under
5em1er "&, and t'en ty%e t'e domain name" ,lick "<"
e" 2'en you are %rom%ted, ty%e t'e user name and %ass&ord o# t'e account
t'at you %reviously created, and t'en click "<"
A messa-e t'at &elcomes you to t'e domain is -enerated"
#" ,lick "< to return to t'e om$(ter Name tab, and t'en click "< to
#inis'"
-" estart t'e com%uter i# you are %rom%ted to do so"
9ack to t'e to%
Troubleshooting
9o( annot "$en t)e Active Directory Sna$?ins
A#ter you 'ave com%leted t'e installation o# Active Directory, you may not be able to
start t'e Active Directory Esers and ,om%uters sna%-in, and you may receive an error
messa-e t'at indicates t'at no aut'ority can be contacted #or aut'entication" 0'is can
occur i# D+3 is not correctly con#i-ured" 0o resolve t'is issue, veri#y t'at t'e Hones on
your D+3 server are con#i-ured correctly and t'at your D+3 server 'as aut'ority #or t'e
Hone t'at contains t'e Active Directory domain name" I# t'e Hones a%%ear to be correct
and t'e server 'as aut'ority #or t'e domain, try to start t'e Active Directory Esers and
,om%uters sna%-in a-ain" I# you receive t'e same error messa-e, use t'e D,P:1:
utility to remove Active Directory, restart t'e com%uter, and t'en reinstall Active
Directory"
For additional in#ormation about con#i-urin- D+3 on 2indo&s 3erver 2004, click t'e
#ollo&in- article numbers to vie& t'e articles in t'e 1icroso#t Dno&led-e 9ase*
424480 ('tt%*;;su%%ort"microso#t"com;kb;424480;5+-E3; / 8o& 0o ,on#i-ure D+3 #or
Internet Access in 2indo&s 3erver 2004
42>2?9 ('tt%*;;su%%ort"microso#t"com;kb;42>2?9;5+-E3; / 8o& 0o ,on#i-ure D+3 in a
+e& 2ork-rou% 5nvironment in 2indo&s 3erver 2004
424>=8 ('tt%*;;su%%ort"microso#t"com;kb;424>=8;5+-E3; / 8o& 0o Inte-rate D+3 &it'
an 5)istin- D+3 In#rastructure I# Active Directory Is 5nabled in 2indo&s 3erver 2004
424>=A ('tt%*;;su%%ort"microso#t"com;kb;424>=A;5+-E3; / 8o& 0o Inte-rate 2indo&s
3erver 2004 D+3 &it' an 5)istin- D+3 In#rastructure in 2indo&s 3erver 2004
42>2<0 ('tt%*;;su%%ort"microso#t"com;kb;42>2<0;5+-E3; / 8o& 0o ,on#i-ure D+3
ecords #or Bour 2eb 3ite in 2indo&s 3erver 2004
424>>? ('tt%*;;su%%ort"microso#t"com;kb;424>>?;5+-E3; / 8o& 0o ,reate a +e& Ione
on a D+3 3erver in 2indo&s 3erver 2004
9ack to t'e to%
Note 0'is is a @FA30 PE9.I38@ article created directly #rom &it'in t'e 1icroso#t
su%%ort or-aniHation" 0'e in#ormation contained 'erein is %rovided as-is in res%onse to
emer-in- issues" As a result o# t'e s%eed in makin- it available, t'e materials may
include ty%o-ra%'ical errors and may be revised at any time &it'out notice" 3ee 0erms o#
Ese ('tt%*;;-o"microso#t"com;#&link;G.inkIdN=?=?00/ #or ot'er considerations"