Before creating a domain, it is imperative that you plan the number of forests required to ensure that your business runs smoothly. To do this, you first identify:
- The factors that influence the domain design model, such as what resources are available and how extensive the network should be
- The number of domains required in each forest, which is determined by the number of users, how frequently data changes across the network and the speed of the link bsetween the domains
- Whether to upgrade the existing domains or deploy new ones
Once you have resolved the three key areas above, you can begin creating your domain
a) Assign a static IP address
Log into Windows Server 2008 as an administrator and access the IP properties of the Local Area Network (LAN) connection for the server. Access the server’s network properties from the desktop by selecting Start, right-clicking Network, and then selecting Properties.
The ‘Network and Sharing Centre’ screen should appear. Click on ‘Manage network connections’. Right-click the appropriate Local Area Connection in the Network Connections Window and select Properties.
In the Local Area Connection Properties dialog box, you select Internet Protocol Verson 4 (TCP/IPv4) and then click Properties. Now enter your business’ IP address, subnet mask, default gateway, preferred DNS server, and an alternate DNS server for the server’s LAN connection. Then click OK to save the changes. Now close Network and Sharing Centre.
Please note that the above image is just an example and your network settings may be different.
b) Add role Active Directory Domain Services (AD DS)
Second, add the Active Directory Domain Services (AD DS) role to the server. Active Directory is a directory service created by Microsoft for Windows domain networks. Active Directory provides a central location for network administration and security. Access the Server Manager through the Start menu.
Select the ‘Roles’ node, in the Roles pane, click the Add Roles link. The ‘Add Roles Wizard’ opens.
The Select Server Roles page lists the roles you can choose to install.
Select the Active Directory Domain Services check box and click Next (twice). Click Install on the Confirm Installation Selections page. The Installation Results pages confirms that the role has been installed and you click the Close button to close the wizard. Active Directory Domain Services is now installed on your computer and readily accessible from Server Manager.
c) Promote the server to a domain controller.
It is essential that your domain has a domain controller as it manages security authentication requests from the domain. Launch the AD DS installation wizard by clicking Start – Run and typing dcpromo in the dialog box.
The AD DS installation wizard launches. Click Next to continue.
Since you are setting up a brand new domain, you click the radio button ‘Create a new domain in a new forest‘ and click Next.
On the Name the Forest Root Domain page, you type your business’ preferred fully qualified domain name (FQDN) – For example, Domainsareeasy.com – for the forest’s root domain and click Next.
Set the forest functional level determines the features of AD DS that are enabled on it. In Windows Server 2008, the additional features include Distributed File System (DFS) replication support, Advanced Encryption Standard support for the Kerberos protocol, and fine-grained password policies. If you set the level to Windows Server 2003 or an earlier version, you can raise htis level to Windows Server 2008 at a later time. Once you have chosen the functional level click Next.
Set domain functional level and click Next.
Additional Domain Controller Options page allows you to select additional options for this domain controller. The Domain Naming System (DNS) server checkbox is automatically selected because the primary domain controller should control the publishing of domain information. Click Next to continue (Note – a message box will display, adivsing you that a delegation for this DNS Server will not be created).
On the Location for Database, Log Files, and SYSVOL page, you can specify where folders for this new domain should be saved. You can either accept the default locations or assign your preferred destinations.
On the Directory Services Restore Mode Administrator Password page, type in a password that will enable you to work on the domain controller when it’s started in Restore mode, and click Next.
Summary page lists the options you have chosen and you click Next.
AD DS role is installed on the computer for your domain. Click ‘Finish’ to exit the wizard and click ‘Restart now’ for changes to take effect at next login.