Microsoft Active Directory
Installing and Configuring Microsoft Active Directory on Windows Server 2008
Active Directory is a technology developed by Microsoft that is responsible for providing a variety of network services built around LDAP and Kerberos authentication. As such, it is commonly used in Windows domains to handle machine identification, user authentication, ACL implementations etc. As implementations may vary depending on the complexity of your infrastructure, we will briefly cover the steps to installing and configuring a single instance of Active Directory on Windows Server 2008.
If you are adding your directory to an existing domain, you will need to use the ADPrep tool, available on the Windows 2008 Server DVD. ADPrep is a command-line tool that extends the Active Directory schema, and updates permissions as necessary to prepare an existing forest and domain for a domain controller that runs the Windows Server 2008 operating system. You can find out more about this here:
http://technet.microsoft.com/en-us/library/cc731728.aspx
Once you are ready to start configuring your server, you can either choose the Add Roles option from the Initial Configuration Tasks screen, or you can choose the Roles option from the Server Manager console and then choose to Add Roles. Both approaches will open the Add Roles wizard, and will allow you to configure Active Directory.
You can click Next, and then select Active Directory Domain Services from the list of options available. Note that there are a variety of other Active Directory Services that are also available should you wish to make use of them, however, you will need to explore these options on your own in the future.
Click Next on the informational screen that follows, at which point the wizard will provide you with the option to install all of the requirements to enable Active Directory Domain Services. When the installation has completed, click on the link in the wizard, "Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe)". This will open the DCPromo Wizard, which you will use to configure Active Directory. If you accidentally close the wizard without opening the DCPromo Wizard, you can simply run dcpromo from the Run dialog.
Opt to use the Advanced Mode and click Next in the DCPromo wizard. Read the informational screen that follows and click Next to continue. You will now be presented with the following screen:
Obviously the configuration steps will differ, depending on whether you are adding the Directory to an existing forest, or if you are creating a new domain in a new forest. In this case, we will opt for the latter and configure a standalone instance of Active Directory. Click Next.
Enter a fully qualified domain name and click Next.
Enter a NetBIOS name for your server. This should simply be the first part of the fully qualified domain name you gave in the previous step.
Choose the level of functionality (and backward compatability) that you want. If you are only adding Windows 2008 Servers to the domain, then opt for Windows 2008 Server. However, if you may add Windows 2003 servers to your forest, you should opt for Windows 2003 Server.
As the primary domain controller in your newly created domain, the DNS server will have to be installed on this system. Ensure that DNS is checked and click Next. You should receive a warning message, notifying you that no delegation could be created. Simply click Yes to continue with the configuration, as this server will be the DNS server for the domain.
The wizard will now prompt you for the database, log files, and SYSVOL folder. Generally, you can accept the defaults and click Next, but you may prefer to move these files to a dedicated drive if you expect that your domain is likely to be very large.
Finally, you will be prompted for an administrative password for Directory Services Restore Mode. Fill this in and click Next. You will be presented with a confirmation screen, which you can click Next on and your Active Directory Domain Controller will be configured. When it is complete, you will need to reboot. At this point, you will be able to manage your server and add users and machines as you require.