This Active Directory tutorial is aimed at users looking to install and work with Active Directory on a small or home network. If you are planning a major Active Directory deployment, much of what is outlined here will hold true; however, for the nitty-gritty details, we recommend checking our numerous Windows Server 2008 and 2008 R2 Active Directory articles and other recent articles about Active Directory capabilities and limitations. News about Active Directory can also be found on ServerWatch.
With this Active Directory tutorial, find out how to get your servers up and running, and at the same time ensure your network systems retain proper Internet access.
Setting up Active Directory is not difficult. However, many people experience problems with their installation shortly after completing it because they neglect to properly plan their implementation of DNS. I receive e-mail on almost a weekly basis from users who have gone ahead and run dcpromo, and then wonder why client systems can’t properly connect to the Internet. The purpose of this article is to act as a quick primer toward ensuring that Active Directory works, while at the same time allowing your network systems proper Internet access.
Before I begin, it’s worth mentioning that this article is aimed at users who are looking to install and work with Active Directory on a small or home network. It is not aimed at users upgrading from NT 4 or those planning a major Active Directory deployment including Exchange 2000, although the central concepts outlined still hold true. However, if you are looking for a quick and easy guide to setting up an AD test network, then this article should help to ensure that you get started on the right foot. I assume that the server we are configuring will be the first domain controller in your new Active Directory domain, and that your internal systems can already access the Internet via some method, such as Internet Connection Sharing, NAT, or perhaps some type of connection-sharing hardware router.
The first and most important step in installing Windows 2000 Active Directory is properly planning your DNS implementation. AD cannot exist without DNS, so this is well worth paying attention to. Unfortunately, in their quest for simplicity, Microsoft decided that DNS would be installed automatically as part of the Active Directory installation process if you didn’t explicitly configure it in advance. As such, my suggestion is that you always configure DNS manually prior to even considering Active Directory. If you don’t, you will probably end up with a DNS implementation that doesn’t meet your needs.
At this point, I am going to assume that you have Windows 2000 Server installed. The first step towards a proper AD implementation will involve installing and configuring DNS. If you haven’t done so already, add the DNS service to your server from the Windows Components option in Add/Remove Programs in Control Panel, as shown below.
|Active Directory Networking Services|
After adding DNS, the next step is configuring a new DNS zone. The name of the zone is important, and I generally suggest using a “private” name for Active Directory, such as company.local instead of a public name that your company may have already registered, such as company.com. This will help to ensure that both your internal and external hostnames resolve correctly once all is said and done. In this case, create a new zone called company.local using the DNS administrative tool. This is accomplished by right clicking on Forward Lookup Zones and choosing New Zone.
|Creating a New Zone|