Creating the Active Directory
[pic]After you have installed Windows Server 2003 on a stand-alone server, run the Active Directory Wizard to create the new Active Directory forest or domain, and then convert the Windows Server 2003 computer into the first domain controller in the forest. To convert a Windows Server 2003 computer into the first domain controller in the forest, follow these steps:
1. Insert the Windows Server 2003 CD-ROM into your computer's CD-ROM or DVD-ROM drive.
2. Click Start, click Run, and then type dcpromo.
3. Click OK to start the Active Directory Installation Wizard, and then click Next.
4. Click Domain controller for a new domain, and then click ...view middle of the document...
14. The installation of Active Directory proceeds. Note that this operation may take several minutes.
15. When you are prompted, restart the computer. After the computer restarts, confirm that the Domain Name System (DNS) service location records for the new domain controller have been created. To confirm that the DNS service location records have been created, follow these steps:
1. Click Start, point to Administrative Tools, and then click DNS to start the DNS Administrator Console.
2. Expand the server name, expand Forward Lookup Zones, and then expand the domain.
3. Verify that the _msdcs, _sites, _tcp, and _udp folders are present. These folders and the service location records they contain are critical to Active Directory and Windows Server 2003 operations.
[pic]Back to the top
Adding Users and Computers to the Active Directory Domain
[pic]After the new Active Directory domain is established, create a user account in that domain to use as an administrative account. When that user is added to the appropriate security groups, use that account to add computers to the domain.
1. To create a new user, follow these steps:
1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console.
2. Click the domain name that you created, and then expand the contents.
3. Right-click Users, point to New, and then click User.
4. Type the first name, last name, and user logon name of the new user, and then click Next.
5. Type a new password, confirm the password, and then click to select one of the following check boxes:
▪ Users must change password at next logon (recommended for most users)
▪ User cannot change password
▪ Password never expires
▪ Account is disabled
6. Review the information that you provided, and if everything is correct, click Finish.
1. After you create the new user, give this user account membership in a group that permits that user to perform administrative tasks. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps:
1. On the Active Directory Users and Computers console, right-click the new account that you created, and then click Properties.
2. Click the Member Of tab, and then click Add.
3. In the Select Groups dialog box, specify a group, and then click OK to add the groups that you want to the list.
4. Repeat the selection process for each group in which the user needs account membership.
5. Click OK to finish.
1. The final step in this process is to add a...