Friday, July 6, 2012

Installing Active Directory on Windows Server 2008

Microsoft Active Directory provides the structure to centralize the network management and store information about network resources across the entire domain. Active Directory uses Domain Controllers to keep this centralized storage available to network users. In order to configure a Windows Server 2008 machine to act as Domain Controller, several considerations and prerequisites should be taken into account, and several steps should be performed. In this article I will guide you through these prerequisites and steps of creating a new Windows Server 2008 Domain Controller for a new Active Directory domain in a new forest.

Considerations when Installing a new Windows Server 2008 forest

When you install AD to create the first domain controller in a new Windows Server 2008 forest, you must keep the following considerations in mind:
  • You must make forest and domain functional level decisions that determine whether your forest and domain can contain domain controllers that run Windows 2000 Server, Windows Server 2003, or both. To read more about forest and domain functional levels please refer to the links below.
  • Domain controllers running the Microsoft Windows NT Server 4.0 operating system are NOT supported with Windows Server 2008.
  • Servers running Windows NT Server 4.0 are NOT supported by domain controllers that are running Windows Server 2008, meaning you MUST have additional DCs running Windows 2000/2003 to support older NT 4.0 servers.
  • The first Windows Server 2008 domain controller in a forest must be a global catalog server and it cannot be an RODC.

Installing Active Directory Domain Services (AD-DS)

In Windows Server 2008, unlike previous server operating Systems, there is an additional step that needs to be taken before running DCPROMO to promote the server to Domain Controller and installing Active Directory on it. This step is the installation of Active Directory Domain Services (AD-DS) role on the server. In fact, the AD-DS role is what enables the server to act as a Domain Controller, but you will still need to run DCPROMO the regular way.
AD-DS can be installed in one of 3 methods:

Method 1 – Server Manager/Initial Configuration Tasks

Roles can and should be added from Server Manager (but they can also be initiated from the Initial Configuration Tasks wizard that auto-opens the first time you log on to the server).
  1. Open Server Manager by clicking the icon in the Quick Launch toolbar, or from the Administrative Tools folder.
  2. Wait till it finishes loading, then click on Roles > Add Roles link.
  3. In the Before you begin window, click Next.
  4. In the Select Server Roles window, click to select Active Directory Domain Services, and then click Next.
  5. In the Active Directory Domain Services window read the provided information if you want to, and then click Next.
  6. In the Confirm Installation Selections, read the provided information if you want to, and then click Next.
  7. Wait till the process completes.
  8. When it ends, click Close.
  9. Going back to Server Manager, click on the Active Directory Domain Services link, and note that there's no information linked to it, because the DCPROMO command has not been run yet.
  10. Now you can click on the DCPROMO link, or read on.
    1. To run DCPROMO, enter the command in the Run command, or click on the DCPROMO link from Server Manager > Roles > Active Directory Domain Services.
    2. Depending upon the question if AD-DS was previously installed or not, the Active Directory Domain Services Installation Wizard will appear immediately or after a short while. Click Next.
    3. Note: The Advanced features of DCPROMO will be discussed in a future article.
    4. In the Operating System Compatibility window, read the provided information and click Next.
    5. In the Choosing Deployment Configuration window, click on "Create a new domain in a new forest" and click Next.
    6. Enter an appropriate name for the new domain. Make sure you pick the right domain name, as renaming domains is a task you will not wish to perform on a daily basis. Click Next.
    7. Note: Do NOT use single label domain names such as "mydomain" or similar. You MUST pick a full domain name such as "mydomain.local" or "" and so on. The wizard will perform checks to see if the domain name is not already in use on the local network.
    8. Pick the right forest function level. Windows 2000 mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. Read my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article for more information on that.
    9. Pick the right domain function level. Windows 2000 Native mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the domain you're creating.
    10. Note: If you select "Windows Server 2008" for the forest function level, you will Not be prompted to pick a domain function level. Read more about domain and forest function levels on my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article.
    11. The wizard will perform checks to see if DNS is properly configured on the local network. In this case, no DNS server has been configured, therefore, the wizard will offer to automatically install DNS on this server.
    12. Note: The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.
    13. It's most likely that you'll get a warning telling you that the server has one or more dynamic IP Addresses. Running IPCONFIG /all will show that this is not the case, because as you can clearly see, I have given the server a static IP Address. So, where did this come from? The answer is IPv6. I did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning.
    14. You'll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.
    15. Next, change the paths for the AD database, log files and SYSVOL folder. For large deployments, carefully plan your DC configuration to get the maximum performance. When satisfied, click Next.
    16. Enter the password for the Active Directory Recovery Mode. This password must be kept confidential, and because it stays constant while regular domain user passwords expire (based upon the password policy configured for the domain, the default is 42 days), it does not. This password should be complex and at least 7 characters long. I strongly suggest that you do NOT use the regular administrator's password, and that you write it down and securely store it. Click Next.
    17. In the Summary window review your selections, and if required, save them to an unattend answer file. When satisfied, click Next.
    18. The wizard will begin creating the Active Directory domain, and when finished, you will need to press Finish and reboot your computer.
      Note: You can automate the rebooting process by checking the Reboot on Completion checkbox. To automate domain controller installations, you can use an answer file or you can specify unattended installation parameters at the command line.  You can test functionality by using AD management tools such as Active Directory Users and Computers, examine the Event Logs, services and folders and shares that have been created.


  11. Method 2 – Servermanagercmd.exe

    Servermanagercmd.exe is the command prompt equivalent of the Add Roles and Add Features wizards in Server Manager. Through the use of various command line options, you can quickly and easily add or remove features and roles to or from your server, including the AD-DS role. To install AD-DS by using Servermanagercmd.exe, simply enter the following command in the Command Prompt window:
    Servermanagercmd.exe –I ADDS-Domain-Controller
    Let the command run and when it finishes, AD-DS will be installed on the server.

    Method 3 – Letting DCPROMO do the job

    Oh yes. If you forget to install AD-DS or simply want to skip clicking on some windows, you can run DCPROMO from the Run command and before it is executed, the server will check to see if the AD-DS binaries are installed. Since they are not, they will auto-install. After you complete the Add Roles Wizard, either click the link to start the Active Directory Domain Services Installation Wizard, or close Server Manager and manually run DCPROMO from the Run command.

    Running DCPROMO

    After installing the AD-DS role, we need to run DCPROMO to perform the actual Active Directory database and function installation. Note: This guide assumes this is the first Domain controller in the forest, thus creating a new domain in a new forest. For a guide on how to add additional Domain Controllers to existing domains, please read my upcoming "Installing Additional Windows Server 2008 Domain Controllers in your Existing Active Directory Domain" article.

How to Install and Configure Windows Server 2008 DHCP Server


Dynamic Host Configuration Protocol (DHCP) is a core infrastructure service on any network that provides IP addressing and DNS server information to PC clients and any other device. DHCP is used so that you do not have to statically assign IP addresses to every device on your network and manage the issues that static IP addressing can create. More and more, DHCP is being expanded to fit into new network services like the Windows Health Service and Network Access Protection (NAP). However, before you can use it for more advanced services, you need to first install it and configure the basics. Let’s learn how to do that.

Installing Windows Server 2008 DHCP Server

Installing Windows Server 2008 DCHP Server is easy. DHCP Server is now a “role” of Windows Server 2008 – not a windows component as it was in the past.
To do this, you will need a Windows Server 2008 system already installed and configured with a static IP address. You will need to know your network’s IP address range, the range of IP addresses you will want to hand out to your PC clients, your DNS server IP addresses, and your default gateway. Additionally, you will want to have a plan for all subnets involved, what scopes you will want to define, and what exclusions you will want to create.
To start the DHCP installation process, you can click Add Roles from the Initial Configuration Tasks window or from Server Manager à Roles à Add Roles.

Figure 1: Adding a new Role in Windows Server 2008
When the Add Roles Wizard comes up, you can click Next on that screen.
Next, select that you want to add the DHCP Server Role, and click Next.

Figure 2: Selecting the DHCP Server Role
If you do not have a static IP address assigned on your server, you will get a warning that you should not install DHCP with a dynamic IP address.
At this point, you will begin being prompted for IP network information, scope information, and DNS information. If you only want to install DHCP server with no configured scopes or settings, you can just click Next through these questions and proceed with the installation.
On the other hand, you can optionally configure your DHCP Server during this part of the installation.
In my case, I chose to take this opportunity to configure some basic IP settings and configure my first DHCP Scope.
I was shown my network connection binding and asked to verify it, like this:

Figure 3: Network connection binding
What the wizard is asking is, “what interface do you want to provide DHCP services on?” I took the default and clicked Next.
Next, I entered my Parent Domain, Primary DNS Server, and Alternate DNS Server (as you see below) and clicked Next.

Figure 4: Entering domain and DNS information
I opted NOT to use WINS on my network and I clicked Next.
Then, I was promoted to configure a DHCP scope for the new DHCP Server. I have opted to configure an IP address range of to cover the 25+ PC Clients on my local network. To do this, I clicked Add to add a new scope. As you see below, I named the Scope WBC-Local, configured the starting and ending IP addresses of, subnet mask of, default gateway of, type of subnet (wired), and activated the scope.

Figure 5: Adding a new DHCP Scope
Back in the Add Scope screen, I clicked Next to add the new scope (once the DHCP Server is installed).
I chose to Disable DHCPv6 stateless mode for this server and clicked Next.
Then, I confirmed my DHCP Installation Selections (on the screen below) and clicked Install.

Figure 6: Confirm Installation Selections
After only a few seconds, the DHCP Server was installed and I saw the window, below:

Figure 7: Windows Server 2008 DHCP Server Installation succeeded
I clicked Close to close the installer window, then moved on to how to manage my new DHCP Server.

How to Manage your new Windows Server 2008 DHCP Server

Like the installation, managing Windows Server 2008 DHCP Server is also easy. Back in my Windows Server 2008 Server Manager, under Roles, I clicked on the new DHCP Server entry.

Figure 8: DHCP Server management in Server Manager
While I cannot manage the DHCP Server scopes and clients from here, what I can do is to manage what events, services, and resources are related to the DHCP Server installation. Thus, this is a good place to go to check the status of the DHCP Server and what events have happened around it.
However, to really configure the DHCP Server and see what clients have obtained IP addresses, I need to go to the DHCP Server MMC. To do this, I went to Start à Administrative Tools à DHCP Server, like this:

Figure 9: Starting the DHCP Server MMC
When expanded out, the MMC offers a lot of features. Here is what it looks like:

Figure 10: The Windows Server 2008 DHCP Server MMC
The DHCP Server MMC offers IPv4 & IPv6 DHCP Server info including all scopes, pools, leases, reservations, scope options, and server options.
If I go into the address pool and the scope options, I can see that the configuration we made when we installed the DHCP Server did, indeed, work. The scope IP address range is there, and so are the DNS Server & default gateway.

Figure 11: DHCP Server Address Pool

Figure 12: DHCP Server Scope Options
So how do we know that this really works if we do not test it? The answer is that we do not. Now, let’s test to make sure it works.

How do we test our Windows Server 2008 DHCP Server?

To test this, I have a Windows Vista PC Client on the same network segment as the Windows Server 2008 DHCP server. To be safe, I have no other devices on this network segment.
I did an IPCONFIG /RELEASE then an IPCONFIG /RENEW and verified that I received an IP address from the new DHCP server, as you can see below:

Figure 13: Vista client received IP address from new DHCP Server
Also, I went to my Windows 2008 Server and verified that the new Vista client was listed as a client on the DHCP server. This did indeed check out, as you can see below:

Figure 14: Win 2008 DHCP Server has the Vista client listed under Address Leases
With that, I knew that I had a working configuration and we are done!

Basics To Know Before Moving From A Windows PC To An Apple Mac

Changing phones, email providers or web browsers is something that takes a lot of conviction and adjusting to; imagine if you felt compelled to change your OS? The move would definitely be a bigger adjustment and if you’re switching from Windows 7 to Mac, since the adjustment would probably be equivalent to sleeping on the opposite of the bed. This guide helps you ease in to that adjustment. It is neither a feature list nor a comparison between the two operating systems. It was written just to tell you where the electric box is, and how the plumbing works. Briefly, we will look at how you can search for apps, files and folders on your Mac, find and install apps, manage windows and finding system preferences.
The difference between a Mac and Windows will be apparent the second you start your system. First thing you want to get to know is how you are going to do anything on a Mac, and by anything, I mean opening a file/folder, where do files and apps go, and what to expect instead of ‘My Computer’.

Windows Taskbar & Start Menu –> Mac Dock & System Menu Bar

As a Windows 7 user, you’ve grown comfortable with finding and accessing applications from the Start Menu and pinning your frequently used items to the Taskbar. In effect, the Start Menu is where you have app access from, and the Taskbar is where the currently running applications reside. In Mac you will meet the Dock.
The Dock is like a dashboard (not to be confused with the Dashboard for Widgets); icons for applications like the Finder, the Launcher, Mission Control and Safari can be found here. All these are default Mac applications that will help you perform some very basic functions. As in Windows 7, you can add your frequently-used apps to the Dock. Apps are listed to the left, folders and minimized windows go to the right. You will find three folders on the Dock – Applications, Documents and Downloads.
the dock
At the top of the desktop, you will see a horizontal bar known as the System Menu Bar; this bar is omnipresent, regardless of which app or utility you launch. The menus on this bar, however, will change to reflect those of the active app.
system meu bar
You will find that that the menu listed on this bar change as you click different app windows. If you have Safari window (or Chrome or Firefox) active, the menu bar will show options that you would normally see on the Title bar in Windows. Unlike windows, where the menu options for each application, program or utility is within its own window, app menus are always listed on this bar when the app window is active. As a rule, whenever you want to view settings for any app, select it, so that it becomes the active window, and the menu bar reflects its menu items. The preferences that appear in the system menu bar usually belong to the active app, and not the system itself.

What’s Up, Dock?

dock icons
As corny as that line is, you need to know what those icons on the Dock do, if you want to do more than just admire your Mac. Finder is a Mac system utility for exploring files on your Hard Disk, much akin to Windows Explorer in Windows 7. The Finder icon is best described as a two faced blue guy. Click the icon to launch the Finder.
The Launchpad app makes it easy for you to view all installed apps on your Mac, use the mouse wheel to move across screens and view different apps. Click on any app to launch it. Once an app is launched, its icon will appear on the Dock.
In case you do not see the Launchpad icon on the Dock, visit the Applications folder to find and launch it. Once launched, right-click the app, and from the Options submenu, choose Keep in Dock to pin the app to the Dock. To remove an app from the Dock, drag & drop it on to the desktop and it will vanish in a puff of virtual smoke.
You will also see the Safari icon, a navigation compass, that will launch Apple’s default web browser. On the far right of the Dock, you will see the Trash Can which is Mac’s equivalent to Window’s Recycle Bin and works similarly. You can send items to the Trash Can from the right-click context menu, or drag & drop them on to the icon in the Dock.

Windows Start Search & Mac Spotlight

In Windows 7, the start menu has a search feature that lets you find folders, files, applications and system utilities by typing in their name. To do the same in Mac, click the magnifying glass icon on the top right of the system menu bar and start typing in a file or app name. The Spotlight feature will search as you type, and list all matches. The search is universal, i.e., it will search for apps, files and folders.

Control Panel & System Preferences

Control Panel is a massive feature in Windows 7, and on Mac, you get System Preferences. To access System Preferences, click the Apple icon on the system menu bar and select System Preferences. You can set system time, volume, display, networks, user accounts, parental controls, printers etc, all from here.
System Preferences


While you will be able to use any ordinary mouse with your Mac, you will notice from the get go that scrolling is reversed, i.e., scrolling the mouse wheel up actually scrolls a page down, and scrolling the mouse wheel down, scrolls a page up. Don’t think your mouse is broken, or that you might have plugged it in the wrong way – that’s just how things are on a Mac. You might also have noticed that the close, minimize and maximize buttons are all located on the upper left of windows, and not the the upper right as in Windows 7.

Opening A File

Selecting a file and hitting the return (enter) key will not open a file, it will ready the file for renaming, to open a file, either double click it or select it and hit Command + O.

Viewing Hard Disk And User Files

Unlike Windows 7, you will not see options to view “My Computer”, in order to view the Hard Disk, open the Finder menu on the System Menu Bar and open Preferences. From the General tab, select which items you would like to view on your desktop. Check the Hard Disks options and you will be able to view all disks connected to your Mac.
view hard disk
You will find four folders; ApplicationsSystem, Library and Users. The Applications folder will show all installed apps on your Mac, the Library folder will list folders created by Apps. The System folder is where files for system utilities and apps are saved. This is where you will find the extensions folder for Safari.
system files


When you move to a Mac, you move to an OS that relies on apps for any and all functions that aren’t basic. Installing apps in Mac isn’t difficult, it is just different. In Windows, applications are in EXE format, in Mac they are DMG. There is seldom an installation procedure involved. A majority of Apps are installed from the Mac App Store, an app that resides on the Dock and requires you to sign in with your Apple ID.

How To Install An App

Search or browse for apps in the Mac App Store, to download a paid app, you will have to associate a credit card with your Apple ID. To download a free app, simply click where it says Free, the button will turn green to read Install and will ask you to sign in to your Apple ID. Once you’ve signed, download will begin. Download and installation are synonymous here. Once download is complete, click the app icon in either the Applications folder or in the launch pad.
install app
The Mac App Store isn’t the only place you can download apps from, as developers host apps on their websites, and the only difference you will experience when downloading apps like this is, that they will rest in the Downloads folder and you will have to manually move them to the Applications folder. In further, rarer cases, the developer might have zipped the file, which will unzip via the default archiving utility.

Quitting & Closing An App

In Windows 7, you can exit an instance of some apps without closing. For example, you can close and image you were editing in Paint, without exiting the program itself. Similarly, in Mac, closing and quitting are often separate functions. Case in point, you might exit Safari (or Chrome, or Firefox), but it will continue to run, unless you quit them by right-clicking the app icon in the Dock and selecting Quit.
quit app

Force Quitting Apps

Mac’s Task Manager equivalent can be found in the Utilities folder in Applications and is called the Activity Monitor. You can use the Activity Monitor to quit apps as you used the Task Manager to quit processes but it is a longer process.
If you want to quickly quit an app that’s stopped responding, hit Command + Option + Escape, select the app you want to quit from the window that opens, and click Force Quit.

Mission Control & Window Management

You will find that windows minimize individually in Mac, and are not grouped as they are in Windows 7. That might make it difficult to organize your workspace, but things work differently in a Mac. Windows are best organized using Mission Control. This is a Mac feature that lets you create desktop spaces that you can switch to. More specifically, if you have trackpad, you can use the three finger swipe gesture to switch to a desktop. Each desktop space remembers which windows you were working in, and you can move windows from one desktop to another. To use Mission Control, click the icon in the Dock, and use the plus sign in the far right corner to add as many desktops as you like and drag & drop a window on to another desktop.
Hopefully, after reading this brief guide, you will have an idea of where to look when you want to access a file/folder, or change a system preference. Mac is, in no way, any less of an OS than Windows, but getting used to a new OS or finding out where everything is, can often be frustrating. Mac, if nothing else, is very different from Windows, and these are just a few things you should know before you go digging deeper.