Monday, February 23, 2009

How to create the first domain controller in Active Directory (Windows 2008) Part2

Welcome to part 2 of create the first domain controller in Active Directory.

If you miss part one click part 1

In part 2 we'll do some additional configurations to the domain controller. These additional configurations are not mandatory, but I do recommend them.

Basic Steps are:
1- After AD installation and server reboot, go to the NIC, TCP/IP properties and change the preferred DNS value that was set by the wizard to “”. Change it to the IP address of the server.
2- Create a reverse lookup zone in your DNS server. AD doesn’t need the reverse lookup zone to work, but it’s possible that you might need it for future apps to be installed in your network.
3- Run ipconfig /registerdns to register the PTR records in the new reverse zone.
4- Open DNS snap-in, right-click the DNS server and choose the option “Set Aging/Scavenging for all zones”. This will configure “Aging/Scavenging” for all existing zones at once.
5- Under DNS properties select advanced tab and click the check box “Enable automatic scavenging of stale records”.
6- Additionally you may want to control the interfaces that will respond to DNS queries (remember that is NOT recommended to use multiple NICs in a DC).
7- Under DNS properties select the interfaces tab and select the option “Only the following IP address:”, then select the IP address that server will use to listen for DNS queries.
8- Install latest updates
9- Reboot the server.
10- Run from cmd “dcdiag /e /v /f:c:\dcdiag.log” and check dcdiag.log for output errors that may indicate that your server has problems. Note: It’s normal that you have some warning alerts in the event logs that were generated during dcpromo process or during other actions that you did to configure the server. Dcdiag will also report these errors/warnings during “System Log” test. The reboot that I mentioned before helps you to isolate those errors since last reboot

Have fun :)

You might want to have a look at “How to add the second domain controller in Active Directory (Windows 2008 R2)”.

1 comment:

  1. That was exactly what I was looking for… THANK YOU