dcsimg

Active Directory Tutorial, A Quick Start Set Up Guide Page 2

By Dan DiNicolo (Send Email)
Posted Jan 25, 2008


The wizard that walks you through the process is fairly straightforward, but be sure to choose to create a standard primary lookup zone, as shown below.


Active Directory Tutorial --  New Zone Wizard

Once the zone has been created, the next step is to ensure that your server is pointing at itself for DNS name resolution. Go into the server's TCP/IP properties and add the IP address of this server as the DNS server address. This step is critical, so be sure not to skip it.

Once this step has been completed, you are ready to begin the Active Directory installation process by running dcpromo from the Run command, as shown below.

The Active Directory installation wizard is another simple tool. Our goal is to create a new Active Directory domain, in a new tree, in a new forest - this is ultimately covered in the first 3 input screens of the dcpromo process. The first input screen is shown below.

When prompted for your Active Directory domain name, choose exactly the same name as the DNS zone that you set up earlier — for example, company.local.

There is nothing wrong with using a private DNS zone name internally on your network. In fact, many companies prefer it, because it allows them to separate internal and external naming. Most small companies use the services of a hosting provider to handle their email, web, and DNS services. If you did choose to use your public DNS name internally, you would then need to manually create additional DNS records for all of your external clients on your internal servers, or internal clients would not be able to reach your public servers properly. Using a private name internally makes life a great deal easier; the internal DNS server will resolve names for internal servers, while external DNS (like that hosted by your ISP) will still properly resolve the names of external resources.

The main reason for setting up DNS in advance is to avoid a very common problem. Many people complain that their DNS server will not resolve names for Internet hosts on account of the Root Hints file not being present, as well as the fact that they cannot configure Forwarders. What this means is that your DNS server has been configured as a Root Server during the Active Directory installation process. In other words, your DNS server thinks that it is the top of the DNS hierarchy, and as such, there is no higher level to which queries should be forwarded. If your DNS implementation is lacking a Root Hints file or the ability to set up Forwarders, see this Microsoft KB article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q229840

Once Active Directory is installed, you should be able to access the Internet from this server, since it will forward DNS queries to other external DNS servers as necessary, starting with the Root Servers. However, for faster name resolution, you should consider setting up DNS forwarding. To do this, access the properties of you DNS server in the DNS tool, and add the IP addresses of your ISPs DNS servers to the Forwarder tab. This ensures that DNS queries for external resources will first be forwarded to your ISP, where information on many external servers is likely already cached. In general, this will result in better name resolution performance.

After Active Directory is installed, all of your internal clients should also be pointing at your new domain controller for DNS name resolution. Once they are pointing at the new domain controller for DNS purposes, add the Windows NT/2000/XP clients to your new domain.

If you want to add additional domain controllers to your network, ensure that they are pointing to your new DNS server for name resolution prior to running dcpromo.

If you wish, you can also make any new domain controller a DNS server by installing the DNS service on that box, and then configuring it as a secondary name server. Alternatively, you can also install DNS and then configure your company.local domain as an Active Directory integrated zone, where DNS information is actually stored as part of the Active Directory database.

Original date of publication, 04/02/2003

Page 2 of 2


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.