"I shall provide you the easiest steps which I am following in setting up of an active directory based domain at my office.
1. Install a Windows Server Machine
2. Run DCPROMO on it from command prompt and configure it as the primary DC and while asked configure DNS also on the same machine. Now the important things you should remeber to configure every systems in to a domain are DC FQDN, IP address of DC, an Administrator Username and Administrative password
3. Just connect every computers including server just configured to a switch in star topology
4. In every client computers give IP address in the same range as the DC and use the preferred DNS IP address as that of the IP address of DC
5. Go to My Computer-->Properties-->Computer Name-->Network ID on every client computers and join each one in to domain by following the steps.
6. Restart each computer and now the clients are ready as the member of a domain group
7. You may go to Active Directory Users and Computers in DC and can add user names of each users to grant them network acess on each computer
8. Remember to create general username and password on each machines as each users may try to login to another computers to acess shares, printers etc."
"QQ:
First off, I would like to thank all who have responded so far...
I have a couple of questions, but best I should let on one more detail of our setup. I run a separate box as a router/gateway, installed with Untangle. This box is set to 192.168.1.1, and provides gateway access to the outside world.
The server is assigned 192.168.1.3 (192.168.1.2 is assigned to an unused DMZ port on the Untangle server).
Now what I am particularly fuzzy on is what to assign the would-be DC server as regards a being a "domain controller for a new domain" as well as "domain in a new forest". Are these options correct in my situation? What do I assign the DNS name as, or does it matter? Keep in mind, this server is not meant to be accessed from the internet, so I am unclear as to the subtleties of setting up INTERNAL domains...does it matter what I call this?
Also, as above the netbios name?
I am also fuzzy in the setup of DNS in my particular case. I have the internal network all static IP's (192.168.1.x), and like I mention have a separate gateway/router system, how do I set this up?
One of the walkthroughs posted in this thread are instruction for a laboratory environment, and recommend leaving password empty for directory services restore mode, should I do this?
Anyway, the initial setup is what I am worried about. I feel pretty comfortable setting up users and permissions, as well as playing with the group policies...
I have a couple of questions, but best I should let on one more detail of our setup. I run a separate box as a router/gateway, installed with Untangle. This box is set to 192.168.1.1, and provides gateway access to the outside world.
The server is assigned 192.168.1.3 (192.168.1.2 is assigned to an unused DMZ port on the Untangle server).
Now what I am particularly fuzzy on is what to assign the would-be DC server as regards a being a "domain controller for a new domain" as well as "domain in a new forest". Are these options correct in my situation? What do I assign the DNS name as, or does it matter? Keep in mind, this server is not meant to be accessed from the internet, so I am unclear as to the subtleties of setting up INTERNAL domains...does it matter what I call this?
Also, as above the netbios name?
I am also fuzzy in the setup of DNS in my particular case. I have the internal network all static IP's (192.168.1.x), and like I mention have a separate gateway/router system, how do I set this up?
One of the walkthroughs posted in this thread are instruction for a laboratory environment, and recommend leaving password empty for directory services restore mode, should I do this?
Anyway, the initial setup is what I am worried about. I feel pretty comfortable setting up users and permissions, as well as playing with the group policies...
AA:yes, your first dc should be domain controller for new domain and domain in a new forest. ad isn't affected by the IP addressing scheme though you are likely going to want outbound internet connection for things like updates unless you are using a WSUS server or some other product. you may also want to allow ntp out so your DC can sync with an internet time source unless your router will be the intermediary.
the domain name, dns name, and netbios name are also arbitrary as long as they are unique within your network (which i'd assume they will be). the only recommendations that i have here are:
1. once you put in the domain name, take the defaults everywhere else. that is, use the short name that ad presents to you and don't change the dns namespace. that is only going to lead to headaches.
2. don't use a single label domain name for the dns name (eg internal.). this is guaranteed to be a pain for you.
3. don't use a .lcl extension for your dns or domain name (eg internal.lcl). though msft products are fine with it, there are 3rd-party products that are not.
you can leave the dsrm password blank if you'd like. it certainly isn't recommended and it does create some minor level of risk. "
the domain name, dns name, and netbios name are also arbitrary as long as they are unique within your network (which i'd assume they will be). the only recommendations that i have here are:
1. once you put in the domain name, take the defaults everywhere else. that is, use the short name that ad presents to you and don't change the dns namespace. that is only going to lead to headaches.
2. don't use a single label domain name for the dns name (eg internal.). this is guaranteed to be a pain for you.
3. don't use a .lcl extension for your dns or domain name (eg internal.lcl). though msft products are fine with it, there are 3rd-party products that are not.
you can leave the dsrm password blank if you'd like. it certainly isn't recommended and it does create some minor level of risk. "
