Step-by-Step Guide to a Common Infrastructure for Windows Server 2003 Deployment

Part 1: Installing Windows Server 2003 as a Domain Controller

Published: September 17, 2004

This document is the first in a series of step by step guides explaining how to build a common network infrastructure for deployment of the Microsoft WindowsServer 2003 operating system. Subsequent guides build upon this base infrastructure by detailing the configuration of common customer use scenarios. This guide begins with the installation of the Windows Server 2003 operating system and Active Directory. On This Page Introduction Overview Server Installation Appendix A: Active Directory Populace Additional Resources

Introduction
Step-by-Step Guides
The Microsoft Windows Server 2003 Deployment step-by-step guides provide hands-on experience for many common operating system configurations. The guides begin by establishing a common network infrastructure through the installation of Windows Server 2003, the configuration of Active Directory, the installation of a Windows XP Professional workstation, and finally the addition of this workstation to a domain. Subsequent step-by-step guides assume that you have this common network infrastructure in place. If you do not wish to follow this common network infrastructure, you will need to make appropriate modifications while using these guides. The common network infrastructure requires the completion of the following guides.

Part I: Installing Windows Server 2003 as a Domain Controller Part II: Installing a Windows XP Professional Workstation and Connecting it to a

Domain Once the common network infrastructure is configured, any of the additional step-by-step guides may be employed. Note that some step-by-step guides may have additional prerequisites above and beyond the common network infrastructure requirements. Any additional requirements will be noted in the specific step-by-step guide.

Microsoft Virtual PC

The Windows Server 2003 Deployment step-by-step guides may be implemented within a physical lab environment or through virtualization technologies like Microsoft Virtual PC 2004 or Virtual Server 2005. Virtual machine technology enables customers to run multiple operating systems concurrently on a single physical server. Virtual PC 2004 and Virtual Server 2005 are designed to

increase operational efficiency in software test and development, legacy application migration, and server consolidation scenarios. The Windows Server 2003 Deployment step-by-step guides assume that all configurations will occur within a physical lab environment although most configurations can be applied to a virtual environment without modification. Applying the concepts provided in these step-by-step guides to a virtual environment based is beyond the scope of this document.

Important Notes
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred. This common infrastructure is designed for use on a private network. The fictitious company name and Domain Name System (DNS) name used in the common infrastructure are not registered for use on the Internet. You should not use this name on a public network or Internet. The Active Directory service structure for this common infrastructure is designed to show how Windows Server 2003 Change and Configuration Management works and functions with Active Directory. It was not designed as a model for configuring Active Directory for any organization.
Top of page

Overview
This guide explains how to build a common network infrastructure beginning with the installation and configuration of the Microsoft Windows Server 2003 operating system as a domain controller. This common infrastructure allows you to learn about and evaluate Windows Server 2003. As you implement this guide, think about how you will use them in your organization. This guide, which is the first in a two-part series, shows how to install a server as a domain controller and populate a sample Active Directory service structure. Part two describes steps to install a Windows XP Professional client and connect that client to the domain controller. First, complete the procedures in this guide, then use "Part II: Installing a Windows XP Professional Workstation and Connecting It to a Domain" to complete your common network infrastructure.

Prerequisites

None

Guide Requirements
These are the hardware requirements for the common infrastructure.

Item

Server(s) Workstation(s) Network Hub(s) Remote Access Hardware Network Interface Cards UPS Printer Notes:

Quantity Comments

1 Capable of running Windows Server 2003 As Needed Capable of running Windows XP Professional As Needed A private network is recommended As Needed For testing slow-link and remote connections As Needed 100 MB Card Optional Optional To protect the servers To print configuration information and other tests

An Intel processorbased server running Windows Server 2003 must have at least 128 megabytes (MB) of RAM. Microsoft also recommends that the server have several gigabytes of disk storage. In addition, servers should be equipped with high-speed network interface cards. Use a sufficient number of workstations to simulate a variety of workstation environments, including your organizations typical desktop, roaming user, mobile user, and any other configurations that may be appropriate. These computers must be capable of running Windows XP Professional. Microsoft recommends a minimum of 64 MB of RAM for Intel processorbased workstations. When creating the physical infrastructure, a private network is recommended; therefore, you need sufficient network hubs and other networking hardware to connect all of the workstations and servers to a single network. The most current information about hardware requirements and compatibility for servers is available at the Windows Server 2003 Product Compatibility Web site.

Additional Server Parameters

convention.

If you add additional servers to the common infrastructure, use the following server naming

Parameter

Value
HQ-CON-SRV-nn

Computer Name(s) HQ-CON-SRV-01

Server Configuration
Overview
Figure 1 shows the basic server configuration.

Figure 1. The Server Configuration

Server Disk Configuration

To use a single server for the infrastructure in this guide, you will need a server with either two disk drives or a single disk drive with two partitions. Note: Subsequent step-by-step guides in this series may require additional servers or other equipment; those additions are addressed in the specific guide. The first disk or partition holds Windows Server 2003 and other files for the common infrastructure, such as the Windows Installer packages and application source files. The second disk or partition is reserved for Active Directory log files and procedures required by other step-by-step guides. Each disk or partition must hold several gigabytes of information, and each disk or partition must be formatted for the NT file system (NTFS). The steps for creating and formatting partitions are contained in this guide.

Top of page

Server Installation
To begin the installation procedure, boot directly from the Windows Server 2003 CD. Your CD-ROM must support bootable CDs. Note: When you configure partitions and format drives, all data on the server hard drive is destroyed.

Beginning the Installation

Setup creates the disk partitions on the computer running Windows Server 2003, formats the drive, and then copies installation files from the CD to the server. Note: These instructions assume that you are installing Windows Server 2003 on a computer that is not already running Windows. If you are upgrading from an older version of Windows, some of the installation steps may differ. To begin the installation 1. 2. 3. 4. Insert the Windows Server 2003 CD in the CD-ROM drive. Restart the computer. If prompted, press any key to boot from the CD. The Windows Server 2003 installation begins. On the Welcome to Setup screen, press Enter. Review and, if acceptable, agree to the license agreement by pressing F8. Note: If you had a previous version of Windows Server 2003 installed on this server, you might get a message asking if you want to repair the drive. Press Esc to continue and not repair 5. the drive. Follow the instructions to delete all existing disk partitions. The exact steps will differ based on the number and type of partitions already on the computer. Continue to delete partitions until 6. 7. all disk space is labeled as Unpartitioned space. When all disk space is labeled as Unpartitioned space, press C to create a partition in the unpartitioned space on the first disk drive (as applicable). If your server has a single disk drive, split the available disk space in half to create two equalsized partitions. Delete the total space default value. Type the value of half your total disk space at the Create partition of size (in MB) prompt, and the press Enter. (If your server has two disk drives, type the total size of the first drive at this prompt.) 8. After the New <Raw> partition is created, press Enter. 9. Select Format the partition using the NTFS file system <Quick>, and then press Enter. Windows Server 2003 Setup formats the partition and then copies the files from the Windows Server 2003 Server CD to the hard drive. The computer restarts and the Windows Server 2003 Installation Program continues.

Completing the Installation

1. 2. 3. 4. 5. 6.

To continue the installation with the Windows Server 2003 Setup Wizard The Windows Server 2003 Setup Wizard detects and installs devices. This can take several minutes, and during the process your screen may flicker. In the Regional and Language Options dialog box, make changes required for your locale (typically, none are required for the United States), and then click Next. In the Personalize Your Software dialog, type Mike Nash in the Name box and type Reskit in the Organization box. Click Next. Type the Product Key (found on the back of your Windows Server 2003 CD case) in the text boxes provided, and then click Next. In the Licensing Modes dialog box, select the appropriate licensing mode for your organization, and then click Next. In the Computer Name and Administrator Password dialog box, type the new computer

name HQ-CON-DC-01 in the computer name box, and then click Next. Best Practice: To facilitate the steps in these guides, the Administrator password is left blank and there is no password. This is not an acceptable security practice. When installing a server for your production network, a password should always be set. Windows Server 2003 requires 7. 8. 9. 10. complex passwords by default. When prompted by Windows Setup, click Yes to confirm a blank Administrator password. In the Date and Time Settings dialog box, correct the current date and time if necessary, and then click Next. In the Networking Settings dialog box, make sure Typical Settings is selected, and then click Next. In the Workgroups or Computer Domain dialog box (No is selected by default), click Next. Note: A domain name could be specified at this point, but this guide uses the Configure Your Server Wizard to create the domain name at a later time. The Windows Server 2003 Installation continues and configures the necessary components. 11. This may take a few minutes. The server restarts and the operating system loads from the hard drive.

Preparing a Secondary Partition or Secondary Disk Drive

The unpartitioned space from the installation of Windows Server 2003 requires formatting before it can be accessed by the operating system. Management of disks and partitions occurs through the Computer Management snap-in for Microsoft Management Console. The following steps assume a second disk drive is in use; modify procedures accordingly for a second partition. To prepare a secondary partition or disk drive Warning: Formatting a partition destroys all data on that partition. Make sure that you select the correct partition. 1. 2. 3. 4. 5. 6. 7. 8. 9. Press Ctrl+Alt+Del and log on to the server as administrator. Leave the password blank. Click the Start button, point to Administrative Tools, and then click Computer Management. To define and format the unpartitioned space, click Disk Management. Right-click Unallocated on Disk 1. To define a partition, click New Partition, and then click Next to continue. Select Primary Partition (default), and then click Next to continue. Click Next leaving the Partition size in MB set to the default. For Assign the following drive letter, select L, and then click Next to continue. Under Format this partition with the following settings, click Perform a quick format. Click Next, and then Finish to complete the configuration of the secondary disk drive. Once you have finished, your disk allocation should look similar to Figure 2.

Figure 2. Disk Management

Close the Computer Management console. 10.

Configuring Your Server as a DHCP Server

Dynamic Host Configuration Protocol (DHCP) can be installed manually or by using the Windows Server 2003 Manage Your Server wizard. This section uses the wizard to complete the installation. To install DHCP using the Windows Server 2003 Manage Your Server wizard Warning: The following section will configure your server as a DHCP server. If this server resides on a production network, the server may distribute IP address information that might not be valid on the network. Microsoft recommends that these exercises be completed on an isolated network. 1. Within the Manager Your Server page, click Add or remove a role. Note: If you closed the Manage Your Server page you can start the Configure Your Server wizard from Administrative Tools. If you select this option the following steps may 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. differ slightly. After the Configure Your Server wizard appears, click Next. Click Custom configuration, and then click Next. Under Server Role, click DHCP server, and then click Next. Review the Summary of Selections, and then click Next to begin the installation. When the New Scope Wizard appears, click Next to define a DHCP scope. For Name, type Contoso HQ. Leave the description blank, and then click Next. Enter a Start IP address of 10.0.0.10 and enter 10.0.0.254 for the End IP address. Click Next. Exclusions will not be defined at this time. Click Next to continue the installation. To accept the default Lease Duration, click Next. To set DHCP Options, click Next. On the Router (Default Gateway) screen, type 10.0.0.1 for IP address, click Add, and then click Next. For Parent Domain on the Domain Name and DNS Server screen, type contoso.com. For IP address, type 10.0.0.2, click Add, and then click Next. Click Next as WINS Servers will not be utilized in this environment.

15. 16. 17.

Click Next to Activate Scope. Click Finish twice. Close the Manage Your Server screen.

Configuring Your Server as a Domain Controller

Domain Name Service (DNS) and DCPromo (the command-line tool that creates DNS and Active Directory) can be installed manually or by using the Windows Server 2003 Manager Your Server Wizard. This section uses the manual tools to complete the installation. To install DNS and Active Directory using the manual tools 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Click the Start button, click Run, type DCPROMO, and then click OK. When the Active Directory Installation Wizard appears, click Next to begin the installation. After reviewing the Operating System Compatibility information, click Next. Select Domain controller for a new domain (default), and then click Next. Select Domain in a new forest (default), and then click Next. For Full DNS name, type contoso.com, and then click Next. (This represents a Fully Qualified name.) Click Next to accept the default Domain NetBIOS name of CONTOSO. (NetBIOS names provides for down-level compatibility.) On the Database and Log Folders screen, point the Active Directory Log Folder to L:\Windows\NTDS, and then click Next to continue. Leave the default folder location for Shared System Volume, and then click Next. On the DNS Registration Diagnostics screen, click Install and configure the DNS server on this computer. Click Next to continue. Select Permissions compatible only with Windows 2000 or Windows Server 2003 (default), and then click Next. Type password for Restore Mode Password and Confirm password, and then click Next to continue. Note: Production environments should employ complex passwords for Directory Services Restore passwords.

Figure 3. Summary of the Active Directory Installation Options

Figure 3 represents a summary of the Active Directory installation options. Click Next to 13. start the installation of Active Directory. If prompted, insert the Windows Server 2003 installation CD.

14. 15. 16. 17.

Click OK to acknowledge the warning of having a dynamically assigned IP address for a DNS server. If you have more than one network interface, select the 10.0.0.0 network interface from the Choose Connection drop-down list, and then click Properties. Under the This connection uses the following items section, click Internet Protocol (TCP/IP), and then click Properties. Select Use the following IP address, and then type 10.0.0.2 for the IP address. Press the Tab key twice, and then type 10.0.0.1 for the Default gateway. Type 127.0.0.1 for the

Preferred DNS server, and then click OK. Click Close to continue. 18. Click Finish once the Active Directory Installation Wizard is finished. 19. Click Restart Now to reboot the computer. To authorize the DHCP server 1. 2. 3. 4. After the computer reboots, press Ctrl+Alt+Del and log on to the server as [email protected]. Leave the password blank. Click the Start menu, select Administrative Tools, and then click DHCP Click hq-con-dc-01.contoso.com. Right click hq-con-dc-01.contoso.com and then click Authorize Close the DHCP management console

Active Directory Sample Infrastructure

The common infrastructure is based on the fictitious organization Contoso. Contoso owns the DNS name contoso.com, which was configured with the Active Directory Installation Wizard in the preceding section. Figure 4 illustrates the sample Active Directory structure.

Figure 4. Sample Active Directory Structure

The most interesting aspects of this structure are the Domain (contoso.com); the Accounts, Headquarters, Production, Marketing, Groups, Resources, Desktops, Laptops, and Servers organizational units (OUs). These are represented by folders (book) in Figure 4. OUs exist for the delegation of administration and for the application of Group Policynot simply to mirror a business organization. For an in-depth discussion on designing an OU structure, see "Designing and Deploying Directory and Security Services".

Populating Active Directory

This section describes how to manually create the OUs, Users, and Security Groups outlined in Appendix A.

Creating Organizational Units and Groups

To create OUs and Security Groups 1. 2. 3. 4. 5. 6. 7. 8. 9. Click the Start button, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers. Click the + next to contoso.com to expand it. Click contoso.com itself to show its contents in the right pane. In the left pane, right-click contoso.com, point to New, and then click Organizational Unit. Type Accounts in the name box, and then click OK. Repeat steps 3 and 4 to create the Groups and Resources OUs. Click Accounts in the left pane. Its contents now display in the right pane. (It is empty at the beginning of this procedure.) Right-click Accounts, point to New, and then click Organizational Unit. Type Headquarters, and then click OK. Repeat steps 7 and 8 to create the Production and Marketing OUs in Accounts. When you have finished, the OU structure should look like Figure 5.

Figure 5. Creating Organizational Units See full-sized image

In the same way, create Desktops, Laptops, and Servers in the Resources OU. 10. 11. Create the two security groups by right-clicking Groups, pointing to New, and then clicking Group. The two groups to add are Management and Non-management. The settings for each group should be Global and Security. Click OK to create each group. When all steps are completed, the final OU structure should look like Figure 6.

Figure 6. Final OU Structure See full-sized image

Creating User Accounts

To create a user account 1. 2. 3. 4. In the left-hand pane, click Headquarters (in Accounts).. Its contents now display in the right pane. (It is empty at the beginning of this procedure.) Right-click Headquarters, point to New, and then click User. Type Christine for the first name and Koch for the last name. (Note that the full name automatically appears in the Full name box.) Type Christine for the User logon name. The window should look like Figure 7.

Figure 7. Adding a User

Click Next. 5. 6. Type pass#word1 for Password and Confirm password, and then click Next to continue. Note: By default, Windows Server 2003 requires complex passwords for all newly created 7. users. Password complexity requirements may be disabled through Group Policy. Click Finish. Christine Koch now displays in the right-hand pane as a user under

8.

Reskit.com/Accounts/Headquarters. Repeat steps 2 through 7, adding the names listed in Appendix A for the Headquarters OU. When you are finished, the Headquarters OU screen should look like Figure 8.

Figure 8. User listing in the Headquarters OU See full-sized image

Repeat steps 1 through 8 to create the users in the Production and Marketing OUs. 9.

Adding Users to Security Groups

To add a user to a security group 1. 2. 3. 4. 5. In the left pane, click Groups. In the right pane, double-click the Management group. Click the Members tab, and then click Add. Click Advanced, and then click Find Now. Select all appropriate users from the lower section by holding down the Ctrl key while clicking each name. Click OK while all members are highlighted. (The users who should be members of this security group are listed in Appendix A.) Click OK again to add these members to the Management Security Group. Click OK to close the Management Security Group Properties sheet.

Figure 9. The Members of the Management Security Group Are Drawn from Three OUs

Repeat steps 2 through 5 to add members to the Non-management group. 6. 7. Close the Active Directory Users and Computers snap-in