Professional Documents
Culture Documents
Domain Controller.
What we'll do here is go over the installation of Windows 2000 and then the
configuration of various services to insure that everything works correctly on
your Windows 2000 DC. Specifically, we've cover:
1. Boot the CD. Format the partitions if required and do all the other steps required during the
text mode phase of installation. There are no special installation requirements to make a DC
work during this phase of the installation.
2. Reboot into the GUI mode phase. On the Regional Settings page, make any changes you need
and then click Next.
3. On the Personalize Your Software page, enter your Name and Organization information
and click Next.
4. On the Your Product Key page, type in your key and click Next.
5. On the Licensing Mode page, select the appropriate licensing mode for your server and click
Next.
6. On the Computer Name and Administrator password page, enter the computer (NetBIOS)
name for your computer and a complex Administrator password. By complex, I mean
complex! I always use 17+ characters with mixed case letters, numbers and symbols. I figure
if they can crack these passwords, they're too good for me J . Click Next.
7. The Windows Components page is a key page, so pay attention!
Double click on Internet Information Services. If you need to support FTP and
NNTP, make the appropriate selections on the Internet Information Services
(IIS) page. I generally recommend that you minimize the number of IIS Servers
running on the ISA Server, but if you are using SBS, may be stuck running all of
these on the ISA/DC machine. Click OK on the Internet Information Services
page.
8. Double click on the Terminal Services option. Select Enable Terminal Services. If you need
to the client, then select the Client Creator Files option. Click OK in the Terminal Services
dialog box.
9. Click Next in the Windows 2000 Components page.
10. On the Date and Time Settings page, set the correct date, time and time zone. Click Next.
11. On the Terminal Services Setup page, select Remote administration mode option and click
Next.
12. On the Networking Settings page, select the Custom Settings option. Click Next.
13. On the Networking Components page, you are presented with the configuration settings
dialog box for the external interface of the ISA Server. I refer to this adapter as the external
interface because this interface will be listed as second on the list of adapters in the Advanced
network adapter settings. If you don't want this to be the external interface, you'll have to
manually change its priority after installation is complete. Remove the checkmarks in the
Client for Microsoft Networks and File and Printer Sharing. Double click on the Internet
Protocol (TCP/IP) entry.
Note:
After Windows 2000 installation is complete, you might want to rename the
interfaces to make them easier to work with. Give them names like InternalNIC
and ExternalNIC. Don't use names like internal and external because the
name internal is also used by the RRAS console to represent the interface used
by RAS clients. This could cause some unneeded confusion.
14. In the Internet Protocols (TCP/IP) Properties dialog box, type in the IP addressing
information appropriate for your external interface. Make sure you enter your ISP's DNS
server address in the Preferred DNS server text box. The Default gateway will either be
assigned by your ISP, or will be the LAN interface of your router that connects to the Internet.
Click on the Advanced button.
15. Click the DNS tab. Remove the checkmark from the Append parent suffixes of the primary
DNS suffix checkbox. There's no reason for your external interface to devolve queries to your
ISPs DNS server, so this might improve performance in certain situations. Also, remove the
checkmark in the Register this connection's addresses in DNS checkbox. Your ISP isn't
interested in registering your external interface and it's unlikely it supports DDNS. Click OK.
You'll get an information message telling you your WINS address is empty. Click Yes. Click
OK to close the Internet Protocol (TCP/IP) Properties dialog box. Click Next in the
Network Components page.
Reminder!
You should disable NetBIOS on the external interface of the DC/ISA Server
computer in order to prevent problems with the Browser service and prevent
browser announcements from trying to go out the external interface. All they'll
do is fill up your logs since later you will enable packet filtering to block NetBIOS
communications on the external interface. But don't do this until you're all done
with everything we talk about in this article.
16. You are presented with the Networking Components page for the internal interface of the
ISA/DC computer. Double click on the Internet Protocol (TCP/IP) entry. Enter the internal
IP address and Subnet mask. Make sure that you make the Preferred DNS server the IP
address of the internal interface. This is vitally important since this machine is going to be a
DNS server for your Active Directory domain.
17. Click the Advanced button. Click on the WINS tab. Click the Add button and add the IP
address of the internal interface of the ISA/DC computer. You will want only this IP address
to register with WINS. You do not want the external interface to register with WINS. Click
OK in the Advanced TCP/IP Settings dialog box after you have added the WINS server
address. Click OK in the Internet Protocol (TCP/IP) Properties dialog box. Click Next on
the Networking Components page.
18. On the Workgroup or Computer Domain page, leave the default selection as it is. There's
isn't a domain yet for it to join. Click Next.
19. The installation Wizard completes installing the configuration the services you selected. Click
Finish to restart the computer when its done.
20. After the computer restarts, immediately install Service Pack 2.
5. On the Zone file page, accept the default name for the DNS zone file and click Next.
6. On the Completing the New Zone Wizard page, click Finish.
4. On the Zone File page, accept the default name for the DNS zone file and click Next.
5. Click Finish on the Completing the New Zone Wizard page.
6. Right click on the Zone that you just created and click the New Host command.
7. In the New Host dialog box, type in the host name of the DC/ISA Server computer, the IP
address of the internal interface, and select the Create associated pointer (PTR) record.
Click Add Host. An information message will appear that says the record was created. Click
OK. Click Done in the New Host dialog box.
8. Check both the Forward and Reverse lookup zones to confirm that the records were created
for the DC/ISA Server computer. Click the Refresh button if you don't see the records.
1. In the DNS console, right click on your server name and click Properties.
2. In the server Properties dialog box, click on the Monitoring tab.
3. On the Monitoring tab, place a checkmark in the A simple query against a DNS server
checkbox. Then click the Test Now button. You should see a PASS entry in the Simple
Query column.
4. Remove the checkmark from the A simple query against this DNS server checkbox. Place a
checkmark in the A recursive query to other DNS servers checkbox. Click the Test Now
button. You should see a PASS in the Recursive Query column.
Congratulations! You've installed DNS and the Active Directory on your computer
and it'll all working.
Installing ISA Server
There really aren't any special steps you need to take when installing ISA Server
on the DC. But we'll go through the procedure just to be thorough.
1. Put the ISA Server CD into the tray and when the autoplay dialog box appears, click the
Install ISA Server button.
2. On the Welcome page, click Continue.
3. On the CD Key page, type in your CD Key and click OK. Click OK on the Product ID page.
4. Click I Agree on the license agreement page.
5. Click Full Installation on the setup page.
6. Since we haven't initialized the Active Directory, we can't join an array. If you're running
SBS, you probably have a single server, so this isn't an issue. In this example, we'll run a
stand-alone ISA Server. Click Yes in the dialog box informing you it can't find the schema
changes.
7. On the mode page, select the Integrated mode option and click Continue.
8. Click OK in the dialog box informing you that IIS services will be stopped and that you need
to deal with port 80!
9. On the cache size page, set your cache size, click Set and then click OK.
10. On the LAT configuration page, click the Construct Table button.
11. Note how I've selected the options in the Local Address Table dialog box. This is the ONLY
way I want you to do this! On the NIC selection, make sure you select the internal interface of
your DC/ISA Server. Click OK. Click OK in the info box informing you that the LAT has
been constructed. Click OK again.
12. Setup continues. When its finished, click OK to open the ISA Management console. Click
OK again to finish.
13. Now quickly! Right click on the Servers and Arrays node, point to View and click on the
Advanced command. I take no responsibility for problems you have it you use the Taskpad
view! (actually, I don't take responsibility for anything that happens to your ISA Server).