C
Cary Shultz [MVP]
As a starter to your question: You would need to take
any machine ( a server class machine would be best! but
you can use a "workstation" - depends on what you are
going to do with it! ) and install Windows 2000
Server ( or Advanced Server or Data Center ). At this
point do not install anything else. There is a reason!
Give it a static IP Address and simply join it to a
WORKGROUP for the time being.
Once this is done, open up the command prompt and enter
DCPROMO. This will begin the process to "upgrade" it to
a Domain Controller. Please note that in WIN2000 there
are no more Primary Domain Controllers ( PDC ) or Back-up
Domain Controllers ( BDC ) like in Windows NT 4.0.....
You will be asked a bunch of questions: make sure to
select that this is the first domain in the domain tree
and the first domain tree in the Forest. You see, the
structure ( from the top down ) in Microsoft Windows 2000
Active Directory is the Forest, which consists of Domain
Trees, which consist of Domains. You can have a single
Domain Forest ( for example, mydomain.com is the one and
only domain in the one and only Domain Tree in the AD
Forest ).
DNS is all important in WIN2000 AD. You really want to
make sure that you have this right. There is something
called Active Directory Integrated DNS ( or Dynamic DNS )
that essentially does away with the Zone Transfer as DNS
replicates with the Active Directory. Granted, you can
still have the "old" zone transfer if you choose!
Active Directory is comprised of three partitions, or
Naming Contexts. There is the Schema Naming Context,
there is the Configuration Naming Context and finally
there is the Domain Naming Context.
There are five FSMO Roles that a Domain Controller can
hold. Two of them are Forest-wide roles and three of
them are Domain-wide roles. The Schema Master and Domain
Naming Master roles are the two Forest-wide roles. The
PDC Emulator Master, the RID Master and the
Infrastructure Master roles are the three Domain-wide
roles. So, if mydomain.com needed to have two child
domains, child01.mydomain.com and child02.mydomain.com,
then we would have the two Forest-wide roles and then
three each of the three Domain-wide roles. So, there
would be the three for mydomain.com and the three for
child01.mydomain.com and finally the three for
child02.mydomain.com!
I would now install whatever other 'components' that you
might want / need to install: DHCP, Terminal Services (
Remote Admin Mode? ), etc. etc. etc.
I would now install Windows 2000 Service Pack 4 ( or
SP3 ) and then do IE6SP1 and then all the Critical and
Recommended Updates ( well, on the Recommended Updates
those that are necessary ).
I would consider moving up to "Native Mode". There are
two modes in WIN2000: Native Mode and Mixed Mode. Mixed
Mode is the way to go if you have - or will have - any
WINNT 4 BDCs. That is essentially the only reason
to be in Mixed Mode. Well, and if you think that there
might one day exist the possibililty that you might need
to change the domain name. Probably not going to apply
to you so change to Native Mode. Group Nesting and
Universal Groups, to name a couple, are the benefits
of 'going native'.
Right now we are sitting pretty with a nice WIN2000 AD
Domain Controller. We would have to create user account
objects and group objects and the like.
Granted, there are still a few things to do but this is
just a "big Picture" right now. I have not talked about
setting up Sites using the Active Directory Sites and
Services MMC ( aka ADSS MMC ), but I will. I have not
talked about the Support Tools, but I will. I have not
spokenm about Global Catalog Servers, but I will.
I think that this is a good stoping point as there is
really a lot of information to digest / research.
Keep in mind that Redundancy is really important and the
motto is "One is none and two is one!". I saw that motto
posted in here by someone who works in the US Navy! So,
once you have the first DC up and running think about a
second one. You would simply install WIN2000 on a
machine, join it to the domain and then run DCPROMO. Only
this time you are adding an additional Domain Controller
to an existing domain. You will be promted to
enter the credentials of the Administrator ( or whatever
account is appropriate ).
HTH,
Cary
any machine ( a server class machine would be best! but
you can use a "workstation" - depends on what you are
going to do with it! ) and install Windows 2000
Server ( or Advanced Server or Data Center ). At this
point do not install anything else. There is a reason!
Give it a static IP Address and simply join it to a
WORKGROUP for the time being.
Once this is done, open up the command prompt and enter
DCPROMO. This will begin the process to "upgrade" it to
a Domain Controller. Please note that in WIN2000 there
are no more Primary Domain Controllers ( PDC ) or Back-up
Domain Controllers ( BDC ) like in Windows NT 4.0.....
You will be asked a bunch of questions: make sure to
select that this is the first domain in the domain tree
and the first domain tree in the Forest. You see, the
structure ( from the top down ) in Microsoft Windows 2000
Active Directory is the Forest, which consists of Domain
Trees, which consist of Domains. You can have a single
Domain Forest ( for example, mydomain.com is the one and
only domain in the one and only Domain Tree in the AD
Forest ).
DNS is all important in WIN2000 AD. You really want to
make sure that you have this right. There is something
called Active Directory Integrated DNS ( or Dynamic DNS )
that essentially does away with the Zone Transfer as DNS
replicates with the Active Directory. Granted, you can
still have the "old" zone transfer if you choose!
Active Directory is comprised of three partitions, or
Naming Contexts. There is the Schema Naming Context,
there is the Configuration Naming Context and finally
there is the Domain Naming Context.
There are five FSMO Roles that a Domain Controller can
hold. Two of them are Forest-wide roles and three of
them are Domain-wide roles. The Schema Master and Domain
Naming Master roles are the two Forest-wide roles. The
PDC Emulator Master, the RID Master and the
Infrastructure Master roles are the three Domain-wide
roles. So, if mydomain.com needed to have two child
domains, child01.mydomain.com and child02.mydomain.com,
then we would have the two Forest-wide roles and then
three each of the three Domain-wide roles. So, there
would be the three for mydomain.com and the three for
child01.mydomain.com and finally the three for
child02.mydomain.com!
I would now install whatever other 'components' that you
might want / need to install: DHCP, Terminal Services (
Remote Admin Mode? ), etc. etc. etc.
I would now install Windows 2000 Service Pack 4 ( or
SP3 ) and then do IE6SP1 and then all the Critical and
Recommended Updates ( well, on the Recommended Updates
those that are necessary ).
I would consider moving up to "Native Mode". There are
two modes in WIN2000: Native Mode and Mixed Mode. Mixed
Mode is the way to go if you have - or will have - any
WINNT 4 BDCs. That is essentially the only reason
to be in Mixed Mode. Well, and if you think that there
might one day exist the possibililty that you might need
to change the domain name. Probably not going to apply
to you so change to Native Mode. Group Nesting and
Universal Groups, to name a couple, are the benefits
of 'going native'.
Right now we are sitting pretty with a nice WIN2000 AD
Domain Controller. We would have to create user account
objects and group objects and the like.
Granted, there are still a few things to do but this is
just a "big Picture" right now. I have not talked about
setting up Sites using the Active Directory Sites and
Services MMC ( aka ADSS MMC ), but I will. I have not
talked about the Support Tools, but I will. I have not
spokenm about Global Catalog Servers, but I will.
I think that this is a good stoping point as there is
really a lot of information to digest / research.
Keep in mind that Redundancy is really important and the
motto is "One is none and two is one!". I saw that motto
posted in here by someone who works in the US Navy! So,
once you have the first DC up and running think about a
second one. You would simply install WIN2000 on a
machine, join it to the domain and then run DCPROMO. Only
this time you are adding an additional Domain Controller
to an existing domain. You will be promted to
enter the credentials of the Administrator ( or whatever
account is appropriate ).
HTH,
Cary