Skip to main content

Install Active Directory Domain Services Roles in Windows Server 2008

 Install Active Directory Domain Services Roles in Windows Server 2008

First way!
Unlike legacy versions of Microsoft-based Network Operating Systems, Windows server 2008 requires Active Directory Domain Services (AD DS) Role binaries to be installed prior to the installation of Active Directory Services. Although the concept of promoting a standalone Windows server 2008 to the domain controller is identical to the process used in Windows server 2003, however the previous version did not offer any binary installation separately. Moreover, when Active Directory Domain Services binaries are successfully installed on Windows server 2008, the wizard automatically offers a link to initiate DCPROMO command in order to install Active Directory Services to promote the Network Operating System a domain controller. As an administrator if you want to install Active Directory Domain Services Role on Windows server 2008 you need to follow the steps given as below:
1. Logon to Windows server 2008 operating system with local administrator account and click on Start button.
2. From the appeared menu click on Server Manager.
3. On the opened box in the left pane click on Roles.
4. From the right pane click on Add Roles link.
5. On Before You Begin page click on Next button.
6. On Select Server Roles page check Active Directory Domain Services checkbox and click on Next button.

7. On Active Directory Domain Services page click on Next button.

8. On Confirm Installation Selections page click on Install button to kick start the installation of Active Directory Domain Services binaries.

Then you will need to do the DCPromo. or following the below as well.

Second way!

1. To install Active Directory in Windows 2008 server, open run and type in dcpromo and click OK

2. Running dcpromo will start installing Active Directory Domain Services binaries. Please wait and active directory domain services installation wizard will open automatically once the binaries have been installed.

3. Welcome to the active directory domain services installation wizard. This wizard helps you install active directory domain services (AD DS) on this server, making the server an Active Directory domain controller.
To continue, click next.

Some wizard pages in the Active Directory Domain Services Installation Wizard appear only if you select the Use advanced mode installation check box on the Welcome to the Active Directory Domain Services Installation Wizard page of the wizard.
Advanced mode installation provides experienced users with more control over the installation process, without confusing newer users with configuration options that may not be familiar. For users who do not select the Use advanced mode installation check box, the wizard uses default options that apply to most configurations.
The Use advanced mode installation option on the Welcome page of the wizard is an alternative to running dcpromo at a command prompt with the /adv switch (dcpromo /adv).
The following table lists the additional wizard pages that appear for each deployment configuration when you select the Use advanced mode installation check box.

4. Operating System Compatibility: Improved security settings in Windows Server 2008 and Windows Server 2008 R2 affect older version of Windows

Windows Server 2008 and "Windows Server 2008 R2" domain controllers have a new more secure default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0." This setting prevents Microsoft Windows and non-Microsoft SMB "clients" from using weaker NT 4.0 style cryptography algorithms when establishing security channel sessions against Windows Server 2008 or "Windows Server 2008 R2" domain controllers. As a result of this new default, operations or applications that require a security channel serviced by Windows Server 2008 or "Windows Server 2008 R2" domain controllers might fail.
Platforms impacted by this change include Windows NT 4.0, as well as non-Microsoft SMB "clients" and network-attached storage (NAS) devices that do not support stronger cryptography algorithms. Some operations on clients running versions of Windows earlier than Windows Vista with Service Pack 1 are also impacted, including domain join operations performed by the Active Directory Migration Tool or Windows Deployment Services.
For more information about this setting, see Knowledge Base article 942564 (
5. Creating a new forest in Windows 2008 Server

To create a new forest, you must be a member of the local Administrators group on the server where you are installing AD DS.
DNS and NetBIOS names

Before you create a new forest, be sure that you have completely planned your DNS infrastructure. To create a new forest, you must know the full DNS name for it. You can install the DNS Server service before you install AD DS or, preferably, you can choose to have the Active Directory Domain Services Installation Wizard install the DNS Server service for you.
If you have the wizard install the DNS Server service, the wizard uses the DNS name that you provide to automatically generate a NetBIOS name for the first domain in the forest. The wizard verifies that the DNS name and the NetBIOS name are unique on the network before it continues.
You must select the Use advanced mode installation check box on the Welcome to the Active Directory Domain Services Installation Wizard page to specify a different NetBIOS name than the name that is generated automatically by the wizard.

6. Name the forest Root Domain: The first domain in the forest is the forest root domain. It’s name is also the name of the forest.

7. Set Forest Function Level: Select the forest functional level.

The Windows Server 2003 forest functional level provides all features that are available in Windows 2000 forest functional level, and the following additional features:
- Linked-value replication, which improves the replication to changes to group memberships.
- More efficient generation of complex replication topologies by the KCC.
- Forest trust, which allows organizations to easily share internal resources across multiple forests.
Any new domains that are created in this forest will automatically operate at the Windows Server 2003 domain functional level.

8. The next windows will be set Domain Functional Level. Select it and then click on Next
9. Additional Domain Controller Options

The first domain controller in a forest must be a global catalog server and cannot be an RODC. We recommend that you install the DNS Server service on the first domain controller.

10. If the wizard not able to create delegation, just click yes to continue…

11. Location for Database, Log Files and SYSVOL
Specify the folders that will contain the active directory domain controller database, log files and SYSVOL

12. Directory Services Restore Mode Administrator Password.
The directory services restore mode administrator account is different from the domain administrator account.

Assign a password for the administrator account that will be used when this domain controller is started in directory services restore mode.

13. Summary of your Active Directory configuration for setting up domain controller in Windows 2008 server. Click next to install Active Directory in Windows 2008 Server

14. This wizard is configuring active directory domain services in Windows 2008 server. This process can take from a few minutes to server hours, depending on your environment and the options that you selected

15. Completing the active directory domain service installation wizard. Active Directory Domain Service is now installed on this computer as domain controller.

Click Finish to Restart the computer and once your server is booted login to the server. You can see the following.

  • Active Directory Administrative center
    Active Directory Domain and Trusts
    Active Directory Module for WIndows
    Active Directory Sites and Servies
    Active Directory Users and Computers
    ADSI Edit 

Installing Active Directory in Windows 2008 Server and making the server as Domain Controller is not that difficult if you follow all the above steps.

So in my opinion ! , There are some people doing the first way and some doing the second way and in my opinion there are no difference at all both will install binaries then the AD services!


Popular posts from this blog

Recreating a missing VMFS datastore partition in VMware vSphere 5.x and 6.x

    Symptoms A datastore has become inaccessible. A VMFS partition table is missing.   Purpose The partition table is required only during a rescan. This means that the datastore may become inaccessible on a host during a rescan if the VMFS partition was deleted after the last rescan. The partition table is physically located on the LUN, so all vSphere hosts that have access to this LUN can see the change has taken place. However, only the hosts that do a rescan will be affected.   This article provides information on: Determining whether this is the same problem Resolving the problem   Cause This issue occurs because the VMFS partition can be deleted by deleting the datastore from the vSphere Client. This is prevented by the software, if the datastore is in use. It can also happen if a physical server has access to the LUN on the SAN and does an install, for example.   Resolution To resolve this issue: Run the  partedUtil  command on the host with the issues and verify if your output

ما هى ال FSMO Roles

  بأختصار ال FSMO Roles هى اختصار ل Flexible Single Operation Master و هى عباره عن 5 Roles فى ال Active Directory و هما بينقسموا لقسمين A - Forest Roles 1- Schema Master Role و هى ال Role اللى بتتحكم فى ال schema و بيكون فى Schema Master Role واحد فى ال Forest بيكون موجود على Domain Controller و بيتم التحكم فيها من خلال ال Active Directory Schema Snap in in MMC بس بعد ما يتعمل Schema Register بواسطه الامر التالى من ال Cmd regsvr32 schmmgmt.dll 2-Domin Naming Master و هى ال Role المسئوله عن تسميه ال Domains و بتتأكد ان مفيش 2 Domain ليهم نفس الاسم فى ال Forest و بيتم التحكم فيها من خلال ال Active Directory Domains & Trusts B- Domain Roles 1-PDC Emulator و هى ال Role اللى بتتحكم فى ال Password change فى ال domain و بتتحكم فى ال time synchronization و هى تعتبر المكان الافتراضى لل GPO's و هى تعتبر Domain Role مش زى الاتنين الاولانيين و بيتم التحكم فيها من خلال ال Active directory Users & Computers عن طريق عمل كليك يمين على اسم الدومين و نختار operations master فى تاب ال PDC Emu

Unlock the VMware VM vmdk file

  Unlock the VMware VM vmdk file Kill -9 PID Sometimes a file or set of files in a VMFS become locked and any attempts to edit them or delete will give a device or resource busy error, even though the vm associated with the files is not running. If the vm is running then you would need to stop the vm to manipulate the files. If you know that the vm is stopped then you need to find the ESX server that has the files locked and then stop the process that is locking the file(s). 1. Logon to the ESX host where the VM was last known to be running. 2.  vmkfstools -D /vmfs/volumes/path/to/file  to dump information on the file into /var/log/vmkernel 3.  less /var/log/vmkernel  and scroll to the bottom, you will see output like below: a. Nov 29 15:49:17 vm22 vmkernel: 2:00:15:18.435 cpu6:1038)FS3: 130: <START vmware-16.log> b. Nov 29 15:49:17 vm22 vmkernel: 2:00:15:18.435 cpu6:1038)Lock [type 10c00001 offset 30439424 v 21, hb offset 4154368 c. Nov 29 15:49:17 vm22 vmkernel: gen 664