How do I install Active Directory on my

Windows Server 2003 server?

by Daniel Petri - January 8, 2009
Printer Friendly Version
First make sure you read and understand Active Directory Installation e!uirements" I#
you don$t com%ly &it' all t'e re!uirements o# t'at article you &ill not be able to set u%
your AD (#or e)am%le* you don$t 'ave a +I, or you$re usin- a com%uter t'at$s not
connected to a .A+/"
Note: 0'is article is only -ood #or understandin- 'o& to install t'e FIRST D in a
N!W AD Domain, in a N!W TR!!, in a N!W F"R!ST" 1eanin- - don$t do it #or
any ot'er scenario, suc' as a ne& re%lica D, in an e)istin- domain" In order to install a
2indo&s 3erver 2004 D, in an 56I30I+7 2indo&s 2000 Domain #ollo& t'e 2indo&s
2004 ADPre% ti%"
Windows 2000 Note: I# you %lan to install a ne& 2indo&s 2000 D, %lease read 8o& to
Install Active Directory on 2indo&s 2000"
Windows 200# Note: Install Active Directory on 2indo&s 3erver 2008 %rovides
com%lete instruction details #or &orkin- &it' 2indo&s 3erver 2008"
Windows Server 2003 Note: I# you %lan to install a ne& 2indo&s 3erver 2004 D, in an
e)istin- AD #orest %lease read t'e %a-e 95F:5 you -o on, ot'er&ise you$ll end u%
&it' t'e #ollo&in- error*
8ere is a !uick list o# &'at you must 'ave*
An +0F3 %artition &it' enou-' #ree s%ace
An Administrator$s username and %ass&ord
0'e correct o%eratin- system version
A +I,
Pro%erly con#i-ured 0,P;IP (IP address, subnet mask and - o%tional - de#ault
-ate&ay/
A net&ork connection (to a 'ub or to anot'er com%uter via a crossover cable/
An o%erational D+3 server (&'ic' can be installed on t'e D, itsel#/
A Domain name t'at you &ant to use
0'e 2indo&s 3erver 2004 ,D media (or at least t'e i48< #older/
9rains (recommended, not re!uired"""/
0'is article assumes t'at all o# t'e above re!uirements are #ul#illed"
Ste$ %: on&i'(re t)e com$(ter*s s(&&i+
(+ot mandatory, can be done via t'e Dc%romo %rocess/"
=" i-'t click 1y ,om%uter and c'oose Pro%erties"
2" ,lick t'e ,om%uter +ame tab, t'en ,'an-e"
4" 3et t'e com%uter$s +et9I:3 name" In 2indo&s 3erver 2004, t'is ,A+ be
c'an-ed a#ter t'e com%uter 'as been %romoted to Domain ,ontroller"
>" ,lick 1ore"
?" In t'e Primary D+3 su##i) o# t'is com%uter bo) enter t'e &ould-be domain name"
1ake sure you -ot it ri-'t" +o s%ellin- mistakes, no @o', I t'ou-'t I did it
ri-'t"""@" Alt'ou-' t'e domain name AN be c'an-ed a#ter t'e com%uter 'as been
%romoted to Domain ,ontroller, t'is is not a %rocedure t'at one s'ould consider
li-'tly, es%ecially because on t'e %ossible conse!uences" ead more about it on
my 2indo&s 2004 Domain ename 0ool %a-e"
<" ,lick :k"
A" Bou$ll -et a &arnin- &indo&"
8" ,lick :k"
9" ,'eck your settin-s" 3ee i# t'ey$re correct"
=0" ,lick :k"
==" Bou$ll -et a &arnin- &indo&"
=2" ,lick :k to restart"
Ste$ 2: on&i'(rin' t)e com$(ter*s T,-I, settin's
Bou must con#i-ure t'e &ould-be Domain ,ontroller to use it$s o&n IP address as t'e
address o# t'e D+3 server, so it &ill %oint to itsel# &'en re-isterin- 3V records and
&'en !ueryin- t'e D+3 database"
on&i'(re T,-I,
=" ,lick 3tart, %oint to 3ettin-s and t'en click ,ontrol Panel"
2" Double-click +et&ork and Dial-u% ,onnections"
4" i-'t-click .ocal Area ,onnection, and t'en click Pro%erties"
>" ,lick Internet Protocol (0,P;IP/, and t'en click Pro%erties"
?" Assi-n t'is server a static IP address, subnet mask, and -ate&ay address" 5nter t'e
server$s IP address in t'e Pre#erred D+3 server bo)"+ote* 0'is is true i# t'e server
itsel# &ill also be it$s o&n D+3 server" I# you 'ave anot'er
o%erational 2indo&s 2000;2004 server t'at is %ro%erly con#i-ured as your D+3
server (read my ,reate a +e& D+3 3erver #or AD %a-e/ - enter t'at server$s IP
address instead*
<" ,lick Advanced"
A" ,lick t'e D+3 0ab"
8" 3elect @A%%end %rimary and connection s%eci#ic D+3 su##i)es@
9" ,'eck @A%%end %arent su##i)es o# t'e %rimary D+3 su##i)@
=0" ,'eck @e-ister t'is connection$s addresses in D+3@" I# t'is 2indo&s
2000;2004-based D+3 server is on an intranet, it s'ould only %oint to its o&n IP
address #or D+3C do not enter IP addresses #or ot'er D+3 servers 'ere" I# t'is
server needs to resolve names on t'e Internet, it s'ould 'ave a #or&arder
con#i-ured"
==" ,lick :D to close t'e Advanced 0,P;IP 3ettin-s %ro%erties"
=2" ,lick :D to acce%t t'e c'an-es to your 0,P;IP con#i-uration"
=4" ,lick :D to close t'e .ocal Area ,onnections %ro%erties"
Ste$ 3: on&i'(re t)e DNS .one
(+ot mandatory, can be done via t'e Dc%romo %rocess/"
0'is article assumes t'at you already 'ave t'e D+3 service installed" I# t'is is not t'e
case, %lease read ,reate a +e& D+3 3erver #or AD"
Furt'ermore, it is assumed t'at t'e D, &ill also be it$s o&n D+3 server" I# t'at is not t'e
case, you 1E30 con#i-ure anot'er 2indo&s 2000;2004 server as t'e D+3 server, and i#
you try to run D,P:1: &it'out doin- so, you$ll end u% &it' errors and t'e %rocess
&ill #ail"
Also see F 2'at$s +e& in 7rou% PolicyG
reatin' a Standard ,rimary Forward /oo0($ .one
=" ,lick 3tart, %oint to All Pro-rams, %oint to Administrative 0ools, and t'en click
D+3 1ana-er" Bou see t&o Hones under your com%uter name* For&ard .ooku%
Ione and everse .ooku% Ione"
2" i-'t click For&ard .ooku% Iones and c'oose to add a ne& Hone"
4" ,lick +e)t" 0'e ne& #or&ard looku% Hone must be a %rimary Hone so t'at it can
acce%t dynamic u%dates" ,lick Primary, and t'en click +e)t"
>" 0'e name o# t'e Hone must be t'e same as t'e name o# t'e Active Directory
domain, or be a lo-ical D+3 container #or t'at name" For e)am%le, i# t'e Active
Directory domain is named @lab"d%etri"net@, le-al Hone names are @lab"d%etri"net@,
@d%etri"net@, or @net@" 0y%e t'e name o# t'e Hone, and t'en click
+e)t"
?" Acce%t t'e de#ault name #or t'e ne& Hone #ile" ,lick +e)t"
<" 0o be able to acce%t dynamic u%dates to t'is ne& Hone, click @Allo& bot'
nonsecure and secure dynamic u%dates@" ,lick +e)t"
A" ,lick Finis'"
Bou s'ould no& make sure your com%uter can re-ister itsel# in t'e ne& Hone" 7o to t'e
,ommand Prom%t (,1D/ and run @i%con#i- ;re-isterdns@ (no !uotes, du'"""/" 7o back to
t'e D+3 console, o%en t'e ne& Hone and re#res' it (F?/" +otice t'at t'e com%uter s'ould
by no& be listed as an A ecord in t'e ri-'t %ane"
I# it$s not t'ere try to reboot (alt'ou-' i# it$s not t'ere a reboot &on$t do muc' -ood/"
,'eck t'e s%ellin- on your Hone and com%are it to t'e su##i) you created in ste% =" ,'eck
your IP settin-s"
!na1le DNS Forwardin' &or Internet connections 2Not
mandatory3
=" 3tart t'e D+3 1ana-ement ,onsole"
2" i-'t click t'e D+3 3erver obJect #or your server in t'e le#t %ane o# t'e console,
and click Pro%erties"
4" ,lick t'e For&arders tab"
>" In t'e IP address bo) enter t'e IP address o# t'e D+3 servers you &ant to #or&ard
!ueries to - ty%ically t'e D+3 server o# your I3P" Bou can also move t'em u% or
do&n" 0'e one t'at is 'i-'est in t'e list -ets t'e #irst try, and i# it does not res%ond
&it'in a -iven time limit - t'e !uery &ill be #or&arded to t'e ne)t server in t'e
list"
?" ,lick :D"
reatin' a Standard ,rimary Reverse /oo0($ .one
Bou can (but you don$t 'ave to/ also create a reverse looku% Hone on your D+3 server"
0'e Hone$s name &ill be t'e same as your 0,P;IP +et&ork ID" For e)am%le, i# your IP
address is =92"=<8"0"200, t'en t'e Hone$s name &ill be =92"=<8"0 (D+3 &ill a%%end a
lon- name to it, don$t &orry about it/" Bou s'ould also con#i-ure t'e ne& Hone to acce%t
dynamic u%dates" I -uess you can do it on your o&n by no&, can$t youG
Ste$ 4: R(nnin' D,R"5"
A#ter com%letin- all t'e %revious ste%s (remember you didn$t 'ave to do t'em/ and a#ter
double c'eckin- your re!uirements you s'ould no& run Dc%romo"e)e #rom t'e un
command"
=" ,lick 3tart, %oint to un and ty%e @dc%romo@"
2" 0'e &iHard &indo&s &ill a%%ear" ,lick +e)t"
4" In t'e :%eratin- 3ystem ,om%atibility &indo&s read t'e re!uirements #or t'e
domain$s clients and i# you like &'at you see - %ress +e)t"
>" ,'oose Domain ,ontroller #or a ne& domain and click +e)t"
?" ,'oose ,reate a ne& Domain in a ne& #orest and click +e)t"
<" 5nter t'e #ull D+3 name o# t'e ne& domain, #or e)am%le - kuku"co"il - t'is must
be t'e same as t'e D+3 Hone you$ve created in ste% 4, and t'e same as t'e
com%uter name su##i) you$ve created in ste% =" ,lick +e)t" 0'is
ste% mi-'t take some time because t'e com%uter is searc'in- #or t'e D+3 server
and c'eckin- to see i# any namin- con#licts e)ist"
A" Acce%t t'e t'e do&n-level +et9I:3 domain name, in t'is case it$s DEDE" ,lick
+e)t
8" Acce%t t'e Database and .o- #ile location dialo- bo) (unless you &ant to c'an-e
t'em o# course/" 0'e location o# t'e #iles is by de#ault KsystemrootKL+0D3, and
you s'ould not c'an-e it unless you 'ave %er#ormance issues in mind" ,lick +e)t"
9" Acce%t t'e 3ysvol #older location dialo- bo) (unless you &ant to c'an-e it o#
course/" 0'e location o# t'e #iles is by de#ault KsystemrootK3B3V:., and you
s'ould not c'an-e it unless you 'ave %er#ormance issues in mind" 0'is #older
must be on an +0F3 v?"0 %artition" 0'is #older &ill 'old all t'e 7P: and scri%ts
you$ll create, and &ill be re%licated to all ot'er Domain ,ontrollers" ,lick +e)t"
=0" I# your D+3 server, Hone and;or com%uter name su##i) &ere not con#i-ured
correctly you &ill -et t'e #ollo&in- &arnin-*0'is means t'e Dc%romo &iHard
could not contact t'e D+3 server, or it did contact it but could not #ind a Hone
&it' t'e name o# t'e #uture domain" Bou s'ould c'eck your settin-s" 7o back to
ste%s =, 2 and 4" ,lick :k"Bou 'ave an o%tion to let Dc%romo do t'e
con#i-uration #or you" I# you &ant, Dc%romo can install t'e D+3 service, create
t'e a%%ro%riate Hone, con#i-ure it to acce%t dynamic u%dates, and con#i-ure t'e
0,P;IP settin-s #or t'e D+3 server IP address"0o let Dc%romo do t'e &ork #or
you, select @Install and con#i-ure t'e D+3 server"""@"
,lick +e)t"
:t'er&ise, you can acce%t t'e de#ault c'oice and t'en !uit Dc%romo and c'eck
ste%s =-4"
==" I# your D+3 settin-s &ere ri-'t, you$ll -et a con#irmation &indo&"
Just click +e)t"
=2" Acce%t t'e Permissions com%atible only &it' 2indo&s 2000 or 2indo&s 3erver
2004 settin-s, unless you 'ave le-acy a%%s runnin- on Pre-22D servers"
=4" 5nter t'e estore 1ode administrator$s %ass&ord" In 2indo&s 3erver 2004 t'is
%ass&ord can be later c'an-ed via +0D3E0I." ,lick +e)t"
=>" evie& your settin-s and i# you like &'at you see - ,lick +e)t"
=?" 3ee t'e &iHard -oin- t'rou-' t'e various sta-es o# installin- AD" 2'atever you
do - +5V5 click ,ancelMMM Bou$ll &reck your com%uter i# you do" I# you see you
made a mistake and &ant to undo it, you$d better let t'e &iHard #inis' and t'en run
it a-ain to undo t'e AD"
=<" I# all &ent &ell you$ll see t'e #inal con#irmation &indo&" ,lick Finis'"
=A" Bou must reboot in order #or t'e AD to #unction %ro%erly"
=8" ,lick estart no&"
Ste$ 6: )ec0in' t)e AD installation
Bou s'ould no& c'eck to see i# t'e AD installation &ent &ell"
=" First, see t'at t'e Administrative 0ools #older 'as all t'e AD mana-ement tools
installed"
2" un Active Directory Esers and ,om%uters (or ty%e @dsa"msc@ #rom t'e un
command/" 3ee t'at all :Es and ,ontainers are t'ere"
4" un Active Directory 3ites and 3ervices" 3ee t'at you 'ave a site named De#ault-
First-3ite-+ame, and t'at in it your server is listed"
>" I# t'ey don$t (like in t'e #ollo&in- screens'ot/, your AD #unctions &ill be broken
(a -ood si-n o# t'at is t'e lon- time it took you to lo- on" 0'e @Pre%arin- +et&ork
,onnections@ &indo&s &ill sit on t'e screen #or many moments, and even &'en
you do lo- on many AD o%erations &ill -ive you errors &'en tryin- to %er#orm
t'em/" N 9ad0'is mi-'t 'a%%en i# you did not manually con#i-ure
your D+3 server and let t'e D,P:1: %rocess do it #or you"
Anot'er reason #or t'e lack o# 3V records (and o# all ot'er records #or t'at
matter/ is t'e #act t'at you DID con#i-ure t'e D+3 server manually, but you made
a mistake, eit'er &it' t'e com%uter su##i) name or &it' t'e IP address o# t'e D+3
server (see ste%s = t'rou-' 4/"
:%en t'e D+3 console" 3ee t'at you 'ave a Hone &it' t'e same name as your AD
domain (t'e one you$ve Just created, rememberG Du'"""/" 3ee t'at &it'in it you
'ave t'e > 3V record #olders" 0'ey must e)ist"
N 7ood
0o try and #i) t'e %roblems #irst see i# t'e Hone is con#i-ured to acce%t dynamic
u%dates"
?" i-'t-click t'e Hone you created, and t'en click Pro%erties"
<" :n t'e 7eneral tab, under Dynamic E%date, click to select @+onsecure and
secure@ #rom t'e dro%-do&n list, and t'en click :D to acce%t t'e c'an-e"Bou
s'ould no& restart t'e +50.:7:+ service to #orce t'e 3V re-istration"Bou
can do it #rom t'e 3ervices console in Administrative tools*
:r #rom t'e command %rom%t ty%e @net sto% netlo-on@, and a#ter it #inis'es, ty%e
@net start netlo-on@"
.et it #inis', -o back to t'e D+3 console, click your Hone and re#res' it (F?/" I# all
is ok you$ll no& see t'e > 3V record #olders"
I# t'e > 3V records are still not %resent double c'eck t'e s%ellin- o# t'e Hone in
t'e D+3 server" It s'ould be e)actly t'e same as t'e AD Domain name" Also
c'eck t'e com%uter$s su##i) (see ste% =/" Bou &on$t be able to c'an-e t'e
com%uter$s su##i) a#ter t'e AD is installed, but i# you 'ave a s%ellin- mistake
you$d be better o## by removin- t'e AD no&, be#ore you 'ave any users, -rou%s
and ot'er obJects in %lace, and t'en a#ter re%airin- t'e mistake - re-runnin-
D,P:1:"
A" ,'eck t'e +0D3 #older #or t'e %resence o# t'e re!uired #iles"
8" ,'eck t'e 3B3V:. #older #or t'e %resence o# t'e re!uired sub#olders"
9" ,'eck to see i# you 'ave t'e 3B3V:. and +50.:7:+ s'ares, and t'eir
location"
I# all o# t'e above is ok, I t'ink it$s sa#e to say t'at your AD is %ro%erly installed"
I# not, read 0roubles'ootin- Dc%romo 5rrors and re-read ste%s =-> in t'is article"
3i-n E% For t'e Petri I0 Dno&led-ebase 2eekly Di-estM
5-mail Address*
Sign Up Now!
Search Site
Sponsors
FR!! Active Directory 5onitorin' 0ake t'e
-uess&ork out o# &'ic' 21I counters to use #or a%%s like 1icroso#tO Active
DirectoryP and 3'arePointP" 3olar2inds F55 21I 1onitor makes it easyM
Download t)is FR!! des0to$ tool now7
(t Networ0 Tro(1les)ootin' Time in Hal&7 0est
3%eed, Per#ormance, 9and&idt' Q 1ore" Free Trial Download Availa1le Here
8
Free om$liance Download V1&are ,om%liance
,'ecker %rovides real time com%liance c'eck a-ainst s%eci#ic standards and best
%ractices" Free do&nload"
Start 5onitorin' 9o(r Networ0 Now 7et a 40-day trial
o# 3olar2inds #la-s'i% net&ork monitorin- solution R :rion +P1" A-entless
solution auto discovers net&ork and be-ins monitorin- via 2eb-based console
immediately" Valid email re!uired"

A23 Privacy Policy S 3ite In#o S ,ontact S Advertise T20== 9lue 2'ale 2eb Inc" S
How To reate an Active Directory
Server in Windows Server 2003
Vie& %roducts t'at t'is article a%%lies to"
3ystem 0i%0'is article a%%lies to a di##erent version o# 2indo&s t'an t'e one you
are usin-" ,ontent in t'is article may not be relevant to you"Visit t'e 2indo&s A
3olution ,enter
0'is article &as %reviously %ublis'ed under U42>A?4
"n T)is ,a'e
3E11AB
o ,reatin- t'e Active Directory
o Addin- Esers and ,om%uters to t'e Active Directory Domain
o 0roubles'ootin-
Bou ,annot :%en t'e Active Directory 3na%-ins
5)%and all S ,olla%se all
S:55AR9
T)is article descri1es )ow to install and con&i'(re a new
Active Directory inst;;;
0'is article describes 'o& to install and con#i-ure a ne& Active Directory installation
in a laboratory environment t'at includes 2indo&s 3erver 2004 and Active Directory"
+ote t'at you &ill need t&o net&orked servers t'at are runnin- 2indo&s 3erver 2004 #or
t'is %ur%ose in a laboratory environment"
9ack to t'e to%
Creating the Active Directory
A#ter you 'ave installed 2indo&s 3erver 2004 on a stand-alone server, run t'e Active
Directory 2iHard to create t'e ne& Active Directory #orest or domain, and t'en convert
t'e 2indo&s 3erver 2004 com%uter into t'e #irst domain controller in t'e #orest" 0o
convert a 2indo&s 3erver 2004 com%uter into t'e #irst domain controller in t'e #orest,
#ollo& t'ese ste%s*
=" Insert t'e 2indo&s 3erver 2004 ,D-:1 into your com%uter$s ,D-:1 or
DVD-:1 drive"
2" ,lick Start, click R(n, and t'en ty%e dc%romo"
4" ,lick "< to start t'e Active Directory Installation Wi=ard, and t'en click Ne+t"
>" ,lick Domain controller &or a new domain, and t'en click Ne+t"
?" ,lick Domain in a new &orest, and t'en click Ne+t"
<" 3%eci#y t'e #ull D+3 name #or t'e ne& domain" +ote t'at because t'is %rocedure
is #or a laboratory environment and you are not inte-ratin- t'is environment into
your e)istin- D+3 in#rastructure, you can use somet'in- -eneric, suc' as
mycom%any"local, #or t'is settin-" ,lick Ne+t"
A" Acce%t t'e de#ault domain +et9I:3 name (t'is is @mycom%any@ i# you used t'e
su--estion in ste% </" ,lick Ne+t"
8" 3et t'e database and lo- #ile location to t'e de#ault settin- o# t'e c*L&inntLntds
#older, and t'en click Ne+t"
9" 3et t'e 3ysvol #older location to t'e de#ault settin- o# t'e c*L&inntLsysvol #older,
and t'en click Ne+t"
=0" ,lick Install and con&i'(re t)e DNS server on t)is com$(ter, and t'en click
Ne+t"
==" ,lick ,ermissions com$ati1le only wit) Windows 2000 or Windows Server
2003 servers or o$eratin' systems, and t'en click Ne+t"
=2" 9ecause t'is is a laboratory environment, leave t'e %ass&ord #or t'e Directory
3ervices estore 1ode Administrator blank" +ote t'at in a #ull %roduction
environment, t'is %ass&ord is set by usin- a secure %ass&ord #ormat" ,lick Ne+t"
=4" evie& and con#irm t'e o%tions t'at you selected, and t'en click Ne+t"
=>" 0'e installation o# Active Directory %roceeds" +ote t'at t'is o%eration may take
several minutes"
=?" 2'en you are %rom%ted, restart t'e com%uter" A#ter t'e com%uter restarts,
con#irm t'at t'e Domain +ame 3ystem (D+3/ service location records #or t'e
ne& domain controller 'ave been created" 0o con#irm t'at t'e D+3 service
location records 'ave been created, #ollo& t'ese ste%s*
a" ,lick Start, %oint to Administrative Tools, and t'en click DNS to start
t'e D+3 Administrator ,onsole"
b" 5)%and t'e server name, e)%and Forward /oo0($ .ones, and t'en
e)%and t'e domain"
c" Veri#y t'at t'e Vmsdcs, Vsites, Vtc%, and Vud% #olders are %resent" 0'ese
#olders and t'e service location records t'ey contain are critical to Active
Directory and 2indo&s 3erver 2004 o%erations"
9ack to t'e to%
Adding Users and Computers to the Active Directory Domain
A#ter t'e ne& Active Directory domain is establis'ed, create a user account in t'at
domain to use as an administrative account" 2'en t'at user is added to t'e a%%ro%riate
security -rou%s, use t'at account to add com%uters to t'e domain"
=" 0o create a ne& user, #ollo& t'ese ste%s*
a" ,lick Start, %oint to Administrative Tools, and t'en click Active
Directory :sers and om$(ters to start t'e Active Directory Esers and
,om%uters console"
b" ,lick t'e domain name t'at you created, and t'en e)%and t'e contents"
c" i-'t-click :sers, %oint to New, and t'en click :ser"
d" 0y%e t'e #irst name, last name, and user lo-on name o# t'e ne& user, and
t'en click Ne+t"
e" 0y%e a ne& %ass&ord, con#irm t'e %ass&ord, and t'en click to select one
o# t'e #ollo&in- c'eck bo)es*
Esers must c'an-e %ass&ord at ne)t lo-on (recommended #or most
users/
Eser cannot c'an-e %ass&ord
Pass&ord never e)%ires
Account is disabled
,lick Ne+t"
#" evie& t'e in#ormation t'at you %rovided, and i# everyt'in- is
correct, click Finis)"
2" A#ter you create t'e ne& user, -ive t'is user account members'i% in a -rou% t'at
%ermits t'at user to %er#orm administrative tasks" 9ecause t'is is a laboratory
environment t'at you are in control o#, you can -ive t'is user account #ull
administrative access by makin- it a member o# t'e 3c'ema, 5nter%rise, and
Domain administrators -rou%s" 0o add t'e account to t'e 3c'ema, 5nter%rise, and
Domain administrators -rou%s, #ollo& t'ese ste%s*
a" :n t'e Active Directory Esers and ,om%uters console, ri-'t-click t'e ne&
account t'at you created, and t'en click ,ro$erties"
b" ,lick t'e 5em1er "& tab, and t'en click Add"
c" In t'e Select >ro($s dialo- bo), s%eci#y a -rou%, and t'en click "< to
add t'e -rou%s t'at you &ant to t'e list"
d" e%eat t'e selection %rocess #or eac' -rou% in &'ic' t'e user needs
account members'i%"
e" ,lick "< to #inis'"
2" 0'e #inal ste% in t'is %rocess is to add a member server to t'e domain" 0'is
%rocess also a%%lies to &orkstations" 0o add a com%uter to t'e domain, #ollo&
t'ese ste%s*
a" .o- on to t'e com%uter t'at you &ant to add to t'e domain"
b" i-'t-click 5y om$(ter, and t'en click ,ro$erties"
c" ,lick t'e om$(ter Name tab, and t'en click )an'e"
d" In t'e om$(ter Name )an'es dialo- bo), click Domain under
5em1er "&, and t'en ty%e t'e domain name" ,lick "<"
e" 2'en you are %rom%ted, ty%e t'e user name and %ass&ord o# t'e account
t'at you %reviously created, and t'en click "<"
A messa-e t'at &elcomes you to t'e domain is -enerated"
#" ,lick "< to return to t'e om$(ter Name tab, and t'en click "< to
#inis'"
-" estart t'e com%uter i# you are %rom%ted to do so"
9ack to t'e to%
Troubleshooting
9o( annot "$en t)e Active Directory Sna$?ins
A#ter you 'ave com%leted t'e installation o# Active Directory, you may not be able to
start t'e Active Directory Esers and ,om%uters sna%-in, and you may receive an error
messa-e t'at indicates t'at no aut'ority can be contacted #or aut'entication" 0'is can
occur i# D+3 is not correctly con#i-ured" 0o resolve t'is issue, veri#y t'at t'e Hones on
your D+3 server are con#i-ured correctly and t'at your D+3 server 'as aut'ority #or t'e
Hone t'at contains t'e Active Directory domain name" I# t'e Hones a%%ear to be correct
and t'e server 'as aut'ority #or t'e domain, try to start t'e Active Directory Esers and
,om%uters sna%-in a-ain" I# you receive t'e same error messa-e, use t'e D,P:1:
utility to remove Active Directory, restart t'e com%uter, and t'en reinstall Active
Directory"
For additional in#ormation about con#i-urin- D+3 on 2indo&s 3erver 2004, click t'e
#ollo&in- article numbers to vie& t'e articles in t'e 1icroso#t Dno&led-e 9ase*
424480 ('tt%*;;su%%ort"microso#t"com;kb;424480;5+-E3; / 8o& 0o ,on#i-ure D+3 #or
Internet Access in 2indo&s 3erver 2004
42>2?9 ('tt%*;;su%%ort"microso#t"com;kb;42>2?9;5+-E3; / 8o& 0o ,on#i-ure D+3 in a
+e& 2ork-rou% 5nvironment in 2indo&s 3erver 2004
424>=8 ('tt%*;;su%%ort"microso#t"com;kb;424>=8;5+-E3; / 8o& 0o Inte-rate D+3 &it'
an 5)istin- D+3 In#rastructure I# Active Directory Is 5nabled in 2indo&s 3erver 2004
424>=A ('tt%*;;su%%ort"microso#t"com;kb;424>=A;5+-E3; / 8o& 0o Inte-rate 2indo&s
3erver 2004 D+3 &it' an 5)istin- D+3 In#rastructure in 2indo&s 3erver 2004
42>2<0 ('tt%*;;su%%ort"microso#t"com;kb;42>2<0;5+-E3; / 8o& 0o ,on#i-ure D+3
ecords #or Bour 2eb 3ite in 2indo&s 3erver 2004
424>>? ('tt%*;;su%%ort"microso#t"com;kb;424>>?;5+-E3; / 8o& 0o ,reate a +e& Ione
on a D+3 3erver in 2indo&s 3erver 2004
9ack to t'e to%
Note 0'is is a @FA30 PE9.I38@ article created directly #rom &it'in t'e 1icroso#t
su%%ort or-aniHation" 0'e in#ormation contained 'erein is %rovided as-is in res%onse to
emer-in- issues" As a result o# t'e s%eed in makin- it available, t'e materials may
include ty%o-ra%'ical errors and may be revised at any time &it'out notice" 3ee 0erms o#
Ese ('tt%*;;-o"microso#t"com;#&link;G.inkIdN=?=?00/ #or ot'er considerations"