Tuesday, 15 July 2014

Step By Step Guide for Windows Server 2008 Domain Controller and DNS Server Setup

This tutorial will explain how to setup Windows Server 2008 Domain Controller and DNS
Click on Start > Run

Now type dcpromo > Click OK

The system will start checking if Active Directory Domain Services ( AD DS) binaries are installed, then will start installing them. The binaries could be installed if you had run the dcpromo command previously and then canceled the operation after the binaries were installed.

The Active Directory Domain Services Installation Wizard will start, either enable the checkbox beside Use Advanced mode installation and Click Next , or keep it unselected and click on Next

The Operating System Compatibility page will be displayed, take a moment to read it and click Next

Choose Create a new domain in a new forest, Click Next

Enter the Fully Qualified Domain Name of the forest root domain inside the textbox, click Next

If you selected Use advanced mode installation on the Welcome page, the Domain NetBIOS Name page appears. On this page, type the NetBIOS name of the domain if necessary or accept the default name and then click Next.

Select the Forest Functional Level, choose the level you desire and click on Next.

Make sure to read the description of each functional level to understand the difference between each one.
In the previous step, If you have selected any Forest Functional Level other than windows Server 2008 and clicked on Next , you would then get a page to select the domain Functional Level. Select it and then click on Next

In the Additional Domain Controller Options page, you can select to install the domain Name Service to your server. Note that the First domain controller in a forest must be a Global Catalog that’s why the checkbox beside Global Catalog is selected and it cannot be cleared. The checkbox is also selected by default when you install an additional domain controller in an existing domain, however you can clear this checkbox if you do not want the additional domain controller to be a global catalog server. The first domain controller in a new forest or in a new domain can not be a Read Only Domain Controller (RODC), you can later add a RODC but you must have at least one Windows Server 2008 Domain Controller.
I want to set my DC as a DNS Server as well, so I will keep the checkbox beside DNS server selected and click on Next

If you don’t have static ip assigned to your server you will see similar to the following screen now you need to assign static ip and start the above process.

If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click Yes

Now you will have the location where the domain controller database, log files and SYSVOL are stored on the server.
The database stores information about the users, computers and other objects on the network. the log files record activities that are related to AD DS, such information about an object being updated. SYSVOL stores Group Policy objects and scripts. By default, SYSVOL is part of the operating system files in the Windows directory either type or browse to the volume and folder where you want to store each, or accept the defaults and click on Next

In the Directory Services Restore Mode Administrator Password (DSRM) page, write a password and confirm it. This password is used when the domain controller is started in Directory Services Restore Mode, which might be because Active Directory Domain services is not running, or for tasks that must be performed offline.Make sure that you memorize this password when you need it.

Summary page will be displayed showing you all the setting that you have set . It gives you the option to export the setting you have setup into an answer file for use with other unattended operations, if you wish to have such file, click on the Export settings button and save the file.

DNS Installation will start

Followed by installing Group Policy Management Console, the system will check first if it is installed or not.

Configuring the local computer to host active directory Domain Services and other operations will take place setting up this server as a Domain Controller active Directory Domain Services installation will be completed, click Finish.

Click on Restart Now to restart your server for the changes to take effect.

Once the server is booted and you logon to it, click on Start > Administrative Tools
you will notice that following have been installed :
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Users and Computers
Group Policy Management

That’s it now your new win server 2008 domain controller with dns server setup was completed.

How to setup and configure a Domain Controller on Windows Server 2008 R2

In this series of articles I will be explaining the most simple and efficient ways to perform common tasks in Windows Server and SharePoint Server environments. Here I will focus on Active Directory Domain Services setup and configuration of a new Domain Controller. 

1. Log into your Windows Server and start the Server manager
2. Navigate to the Server Roles tab and press on the Add Rolesbutton.
3. The Add Roles Wizard is going to open up, click Next.
4. The Wizard will display a list of Roles. Choose the Active Directory Domain Services Role.
5. The Active Directory Domain Services Role requires adding features to the server. Click on “Add required features” on the appearing screen and then click on next.
6. On the following screen click on Install and wait for the installation to finish. When the installation finishes click on Close.
7. At this point the Active Directory Domain Services are not configured yet.
8. If we click on Active Directory Domain Services button we get to the following screen. Our next step will be configuring Active Directory Domain Services using dcpromo.exe.
9. We are about to start the Active Directory Domain Services installation Wizard.
10. Navigate to the following screen. Choose the “Create a new domain in a new forest option” and click on next button.
11. Type in your Domain name.
12. Choose the oldest operating system in your network. This option exists for backwards compatibility of different features.
13. If your Domain Controller is a stand-alone server you don’t have to choose the DNS server option. If otherwise, it’s recommended to leave it checked.
14. Specify the folders that will contain the Active Directory controller database, log files. And SYSVOL and click on Next.
15. Choose a password for Restore mode Administrator account. (This is not the Domain Administrator account, this is an additional account used for recovery)
16. When the wizard finishes configuring the settings reboot your server.
17. After rebooting when you first log on the server is not going to accept your machine Administrator account.
18. In order to solve this issue you need to choose the “Switch User” button and login with your Domain Administrator account which is basically the same user account and password but now it belongs to a domain the domain name is needed. For example: PPSP2010\Administrator.

Install and configure a DNS server in Windows Server 2008


You can install a DNS server from the Control Panel or when promoting a member server to a domain controller (DC) (Figure A). During the promotion, if a DNS server is not found, you will have the option of installing it.

Figure A

Domain controller
To install a DNS server from the Control Panel, follow these steps:
  • From the Start menu, select | Control Panel | Administrative Tools | Server Manager.
  • Expand and click Roles (Figure B).
  • Choose Add Roles and follow the wizard by selecting the DNS role (Figure C).
  • Click Install to install DNS in Windows Server 2008 (Figure D).

Figure B

Expand and click Roles

Figure C

DNS role

Figure D

Install DNS

DNS console and configuration

After installing DNS, you can find the DNS console from Start | All Programs | Administrative Tools | DNS. Windows 2008 provides a wizard to help configure DNS.
When configuring your DNS server, you must be familiar with the following concepts:
  • Forward lookup zone
  • Reverse lookup zone
  • Zone types
A forward lookup zone is simply a way to resolve host names to IP addresses. A reverse lookup zone allows a DNS server to discover the DNS name of the host. Basically, it is the exact opposite of a forward lookup zone. A reverse lookup zone is not required, but it is easy to configure and will allow for your Windows Server 2008 Server to have full DNS functionality.
When selecting a DNS zone type, you have the following options: Active Directory (AD) Integrated, Standard Primary, and Standard Secondary. AD Integrated stores the database information in AD and allows for secure updates to the database file. This option will appear only if AD is configured. If it is configured and you select this option, AD will store and replicate your zone files.
A Standard Primary zone stores the database in a text file. This text file can be shared with other DNS servers that store their information in a text file. Finally, a Standard Secondary zone simply creates a copy of the existing database from another DNS server. This is primarily used for load balancing.
To open the DNS server configuration tool:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Highlight your computer name and choose Action | Configure a DNS Server... to launch the Configure DNS Server Wizard.
  3. Click Next and choose to configure the following: forward lookup zone, forward and reverse lookup zone, root hints only (Figure E).
  4. Click Next and then click Yes to create a forward lookup zone (Figure F).
  5. Select the appropriate radio button to install the desired Zone Type (Figure G).
  6. Click Next and type the name of the zone you are creating.
  7. Click Next and then click Yes to create a reverse lookup zone.
  8. Repeat Step 5.
  9. Choose whether you want an IPv4 or IPv6 Reverse Lookup Zone (Figure H).
  10. Click Next and enter the information to identify the reverse lookup zone (Figure I).
  11. You can choose to create a new file or use an existing DNS file (Figure J).
  12. On the Dynamic Update window, specify how DNS accepts secure, nonsecure, or no dynamic updates.
  13. If you need to apply a DNS forwarder, you can apply it on the Forwarders window. (Figure K).
  14. Click Finish (Figure L).

Figure E


Figure F

Forward lookup zone

Figure G

Desired zone

Figure H

IPv4 or IPv6

Figure I

Reverse lookup zone

Figure J

Choose new or existing DNS file

Figure K

Forwarders window

Figure L


Managing DNS records

You have now installed and configured your first DNS server, and you're ready to add records to the zone(s) you created. There are various types of DNS records available. Many of them you will never use. We'll be looking at these commonly used DNS records:
  • Start of Authority (SOA)
  • Name Servers
  • Host (A)
  • Pointer (PTR)
  • Canonical Name (CNAME) or Alias
  • Mail Exchange (MX)

Start of Authority (SOA) record

The Start of Authority (SOA) resource record is always first in any standard zone. The Start of Authority (SOA) tab allows you to make any adjustments necessary. You can change the primary server that holds the SOA record, and you can change the person responsible for managing the SOA. Finally, one of the most important features of Windows 2000 is that you can change your DNS server configuration without deleting your zones and having to re-create the wheel (Figure M).

Figure M

Change configuration

Name Servers

Name Servers specify all name servers for a particular domain. You set up all primary and secondary name servers through this record.
To create a Name Server, follow these steps:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Expand the Forward Lookup Zone.
  3. Right-click on the appropriate domain and choose Properties (Figure N).
  4. Select the Name Servers tab and click Add.
  5. Enter the appropriate FQDN Server name and IP address of the DNS server you want to add.

Figure N

Name Server

Host (A) records

A Host (A) record maps a host name to an IP address. These records help you easily identify another server in a forward lookup zone. Host records improve query performance in multiple-zone environments, and you can also create a Pointer (PTR) record at the same time. A PTR record resolves an IP address to a host name.
To create a Host record:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Expand the Forward Lookup Zone and click on the folder representing your domain.
  3. From the Action menu, select New Host.
  4. Enter the Name and IP Address of the host you are creating (Figure O).
  5. Select the Create Associated Pointer (PTR) Record check box if you want to create the PTR record at the same time. Otherwise, you can create it later.
  6. Click the Add Host button.

Figure O

A Host (A) record

Pointer (PTR) records

A Pointer (PTR) record creates the appropriate entry in the reverse lookup zone for reverse queries. As you saw in Figure H, you have the option of creating a PTR record when creating a Host record. If you did not choose to create your PTR record at that time, you can do it at any point.
To create a PTR record:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Choose the reverse lookup zone where you want your PTR record created.
  3. From the Action menu, select New Pointer (Figure P).
  4. Enter the Host IP Number and Host Name.
  5. Click OK.

Figure P

New Pointer

Canonical Name (CNAME) or Alias records

A Canonical Name (CNAME) or Alias record allows a DNS server to have multiple names for a single host. For example, an Alias record can have several records that point to a single server in your environment. This is a common approach if you have both your Web server and your mail server running on the same machine.
To create a DNS Alias:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Expand the Forward Lookup Zone and highlight the folder representing your domain.
  3. From the Action menu, select New Alias.
  4. Enter your Alias Name (Figure Q).
  5. Enter the fully qualified domain name (FQDN).
  6. Click OK.

Figure Q

Alias Name

Mail Exchange (MX) records

Mail Exchange records help you identify mail servers within a zone in your DNS database. With this feature, you can prioritize which mail servers will receive the highest priority. Creating MX records will help you keep track of the location of all of your mail servers.
To create a Mail Exchange (MX) record:
  1. Select DNS from the Administrative Tools folder to open the DNS console.
  2. Expand the Forward Lookup Zone and highlight the folder representing your domain.
  3. From the Action menu, select New Mail Exchanger.
  4. Enter the Host Or Domain (Figure R).
  5. Enter the Mail Server and Mail Server Priority.
  6. Click OK.

Figure R

Host or Domain

Other new records

You can create many other types of records. For a complete description, choose Action | Other New Records from the DNS console (Figure S). Select the record of your choice and view the description.

Figure S

Create records from the DNS console

Troubleshooting DNS servers

When troubleshooting DNS servers, the nslookup utility will become your best friend. This utility is easy to use and very versatile. It's a command-line utility that is included within Windows 2008. With nslookup, you can perform query testing of your DNS servers. This information is useful in troubleshooting name resolution problems and debugging other server-related problems. You can access nslookup (Figure T) right from the DNS console.

Figure T

Nslookup utility