--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools



Recently Changed Pages:

View All Pages

View All Tags

WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.

Pages with comments

2019/11/18 13:52 1 Comment

View All Comments


Active Directory Basic Installation

This is an installation report of a basic installation of Microsoft's Active Directory through the tool dcpromo. The settings are based on a small AD domain design and should be set to your own settings when installing in a production environment.

This page is created for a 2003 AD, if you need an explanation for 2008, look here.


To start the installation go to start → run and type dcpromo. After pressing <enter> you'll get the installation wizard:


Click Next.


Click Next.


We're creating a new Active Directory domain, so keep the default and click Next.


The new domain is also created in a new tree, so keep the default and click Next.


Enter the full DNS name for your domain. I've found it a good practice to set this the same as your internal DNS domain suffix. Click Next when you're done.


Keep the suggested NetBIOS name and click Next.


Keep the defaults, both the database and the log folder won't grow out of proportion, so just click Next.


For our environment the SYSVOL folder can be kept to the default so click Next.


Select to have the wizard install and configure DNS for you. This will create all the needed SRV records for AD, which is something you really don't want to do manually. Click Next.


We don't have any pre-Windows 2000 servers lying around, so keep the default and click Next.


I use my default password 'beheer', but please document the password you use. Without this password it's not possible to start Active Directory in restore mode. Click Next.


Check your settings and click Next.


The installation and configuration starts. Please wait…


Click Finish to close the wizard and REBOOT THE MACHINE. No seriously, please do.

Check the AD installation

After the installation and after the reboot of the server it's not so wise to rush into any other installation (like Exchange). Unfortunately, Microsoft does not have the best reputation on software installations and that's not without a reason. We're going to verify if our installation went well.

Check the DC

Start → Run → dsa.msc (starts AD Users and Computers)

Check to see if the DC is listed under the 'Domain Controllers' OU.

Check the site

Start → Run → dssite.msc (starts AD Sites and Services)

Check to see if you have a 'NTDS Settings' under your DC.

Check DNS

Start → Run → dnsmgmt.msc (starts the DNS Management MMC snapin)

Check the DNS configuration and zones.

Create Reverse Lookup Zone

By default, dcpromo creates a forward lookup zone, but no reverse lookup zone. I recommend to create one right away, this will make some tools behave nice, and prevents you from creating all kind of records manually when you have to add one later on. Right click the reverse lookup zones and select 'Add new zone'. This will give you this wizard so you can select your options:


Select primary zone and click Next.


Keep the default and click Next.


Enter the network id, and click Next.


Keep the default and click Next.


So, now you have a reverse lookup zone as well.

Check folders

Check these folders to see if the content is correct:


The AD database should be created (NTDS.DIT, keeps information stored about user accounts, groups, etc.)

The edb.chk file is a checkpoint file that points to the last committed checkpoint in the log file. The edb.log file is the name of the current log file and is for the ntds.dit transactions.

res1.log and res2.log are reserve log files in case the drive runs out of disk space. These files are always 10 MB in size. (In AD 2008 these files are now named edbres00001.jrs and edbres00002.jrs).


In the SYSVOL\domain\Policies should be two directories containing the 'Default Domain Policy' and the 'Default Domain Controllers Policy'. You won't recognize them as such since they have unique names, for example '6AC1786C-016F-11D2-945F-00C04fB984F9'.


For more information about dcpromo and AD please check Microsoft's website and this is a nice starting place.


Enter your comment. Wiki syntax is allowed:
adinstall.txt · Last modified: 2019/11/18 12:21 (external edit)