Quick Start Guide to Setting Up Active Directory

Setting up Active Directory is far from difficult. However, many people experience problems with their installation shortly after completing it because they neglect to properly plan their implementation of DNS. I receive e-mail on almost a weekly basis from users who have gone ahead and run dcpromo, and then wonder why client systems can't properly connect to the Internet. The purpose of this article is to act as a quick primer toward ensuring that Active Directory works, while at the same time allowing your network systems proper Internet access.

Before I begin, it's worth mentioning that this article is aimed at users who are looking to install and work with Active Directory on a small or home network. It is not aimed at users upgrading from NT 4 or those planning a major Active Directory deployment including Exchange 2000, although the central concepts outlined still hold true. However, if you are looking for a quick and easy guide to setting up an AD test network, then this article should help to ensure that you get started on the right foot. I assume that the server we are configuring will be the first domain controller in your new Active Directory domain, and that your internal systems can already access the Internet via some method, such as Internet Connection Sharing, NAT, or perhaps some type of connection-sharing hardware router.

The first and most important step in installing Windows 2000 Active Directory is properly planning your DNS implementation. AD cannot exist without DNS, so this is well worth paying attention to. Unfortunately, in their quest for simplicity, Microsoft decided that DNS would be installed automatically as part of the Active Directory installation process if you didn't explicitly configure it in advance. As such, my suggestion is that you always configure DNS manually prior to even considering Active Directory. If you don't, you will probably end up with a DNS implementation that doesn't meet your needs.

At this point, I am going to assume that you have Windows 2000 Server installed. The first step towards a proper AD implementation will involve installing and configuring DNS. If you haven't done so already, add the DNS service to your server from the Windows Components option in Add/Remove Programs in Control Panel, as shown below.

After adding DNS, the next step is configuring a new DNS zone. The name of the zone is important, and I generally suggest using a "private" name for Active Directory, such as company.local instead of a public name that your company may have already registered, such as company.com. This will help to ensure that both your internal and external hostnames resolve correctly once all is said and done. In this case, create a new zone called company.local using the DNS administrative tool. This is accomplished by right clicking on Forward Lookup Zones and choosing New Zone.