AD Setup Checklist: Request for Comments

From: bonehead (sendmenospam_at_here.net)
Date: 03/19/05

• Next message: Don 'Bear' Wilkinson: "New server, old client(s)"
• Previous message: Kevin D. Goodknecht Sr. [MVP]: "Re: Desperate: Windows XP SP2 intermittent slow logins to Windows 2K AD Domain"
• Next in thread: Al Mulnick: "Re: AD Setup Checklist: Request for Comments"
• Reply: Al Mulnick: "Re: AD Setup Checklist: Request for Comments"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 19 Mar 2005 14:10:47 -0800

Greetings,

I am an Active Directory novice. I am planning to set up a very small
test domain. One purpose is to start to learn something about Active
Directory domain administration. The other purpose is to have a
workstation/server environment which I can use to start learning .NET
development.

This post is a follow up to a previous post which included general
questions regarding AD configuration. What follows is a draft of a
step-by-step checklist I've created for setting up and configuring my
first AD. The main purpose for the checklist is preparation. If the
checklist is adequately complete, I should be able to just follow the
steps without any surprises, and without having to stop in the middle of
the process and say, "Hey, wait a minute, what about X?"

I recognize that I could probably create a suitable learning environment
solely for development, by merely installing IIS, SQL, and Studio.NET on
the workstation, but I would prefer, if possible, to set up a genuine
Active Directory workstation/server combination, so that I have the
opportunity to learn something about AD administration as well.

I also recognize that I could probably accomplish what I want by just
bypassing AD altogether and creating a workgroup, but that would also
not serve the secondary purpose of learning something about AD setup and
administration, and being able to continue to learn more about it in the
future.

The following details may be relevant and helpful.

I currently have two PCs connected together through a router. One PC is
running Server2K3 and SQL Server2K, and the other is running XP Pro.
Eventually this may grow to include two additional workstations.

I have elected to not use DHCP on the server at this time because the
router receives a dynamic IP from my ISP, and is configured to hand out
static internal IPs to each of the two currently existing machines. I
would prefer to keep it this way for the time being.

My goal is to have the Server2K3/SQLServer2K machine running AD, IIS,
and file services, acting as a domain controller/application
server/database server/file server. Then, I would install Studio.NET on
the XP Pro workstation. As I work my way through various tutorial books,
I would be using the workstation to build applications, and then
uploading the project files to the server for testing via various web
browsers.

Here is the first draft of my checklist. I will welcome constructive
comments from experienced users regarding steps which are wrong,
missing, or not ordered properly.

--------------------------------

AD SETUP AND CONFIGURATION CHECKLIST

I. PROMOTE THE WIN2K3 SERVER TO A DOMAIN CONTROLLER:
1.Have the Setup CD available
2.Select Start | Settings | Control Panel | Administrative Tools |
Configure Your Server Wizard
3.Run the Active Directory Setup Wizard
4.Select Typical Configuration for a First Server
5.Select DNS but not DHCP (the router will hand out static internal IPs)
6.Enter the full DNS name of the Domain (i.e., mydomain.local)
7.Enable DNS query forwarding: supply the IP of the ISP's DNS server
8.Reboot
9.Finish

II. CHECK THAT THE DEFAULT ADMIN ACCOUNT ON THE SERVER IS A MEMBER OF
THE DOMAIN ADMINS GROUP:
1.Start | Settings | Control Panel | Administrative Tools | Active
Directory Users and Groups
2.Expand the Domain Node | Select the Users folder
3.Right click on the default admin account and select Properties

III. INSTALL IIS AND FILE SERVICES ON THE SERVER:
1.Have the Setup CD available
2.Start | Settings | Control Panel | Add or Remove Programs
3.Select Add/Remove Windows Components
4.Select Application Server
5.Next
6.Deselect FrontPage server extensions (we won't be using FrontPage to
develop web pages; all apps will be developed in ASP.NET or VB.NET)
7.Enable ASP.NET, IIS, and file services
8.Insert the CD when prompted
9.Next
10.Finish

IV. CHECK THE IIS SERVER'S MASTER WEB SITE SETTINGS:
1.Open the IIS Manager: Start | Settings | Control Panel |
Administrative Tools | IIS Manager
2.Right click on the Web Sites folder and select Properties
3.Inspect all the tabs. It may not be necessary to change any of the
defaults, at least for a test environment

V. ENABLE WEB SERVICE EXTENSIONS FOR ASP WEB SITES:
1.In the IIS manager, select the Web Service extensions node
2.Select services from the list as appropriate

VI. CREATE A DOMAIN USER ACCOUNT:
1.Start | Settings | Control Panel | Administrative Tools | Active
Directory Users and Groups
2.Expand the Domain Node | Select Users folder
3.Current Container | Create a New User
4.Enter the First, Middle and Last Name of the user
5.Enter the username
6.Next
7.Enter the password for the account and select "User cannot change
password" and "Password never expires"
8.Finish
9.Set properties for the account: right click on the account object
10.Check that the account is a member of the Domain Users
11.OK

VII. ADD THE XP PRO WORKSTATION TO THE DOMAIN:
1.Start | Settings | Control Panel | Administrative Tools | Active
Directory Users and Computers
2.Select the Computers node
3.In the Details pane, right click and select New | Computer...
4.Provide the DNS name of the workstation
5.Set the domain user or domain group that can log on to the computer

VIII. CONFIGURE THE DOMAIN CLIENT ON THE XP PRO WORKSTATION:
1.Log on to the XP Pro workstation as a local Admin
2.Select Start | Settings | Control Panel | System
3.Select the Computer Name tab and select the Change button
4.Select Member of Domain and provide the domain name (i.e.,
'mydomain.local')
5.Provide a username and password for a domain account that has
permission to log onto this computer within the domain then click OK
6.Reboot
7.Log on again as a local Admin
8.Add a domain user account to the local machine so these users can log
onto the domain from this machine, using the domain account: open
Computer Management (shortcut is already placed on the desktop of the
Admin account)
9.Right click in the Details pane and select New User...
10.Provide the username and domain name | Next
11.Select Standard User | Finish
12.Test the account by logging off and logging on using the domain user
account

IX. COPY THE WORKSTATION'S LOCAL USER ACCOUNT PROFILE TO THE DOMAIN ACCOUNT:
1.Log off the workstation's domain account and log on as a local Admin
2.Start | Control Panel | System | Advanced | User Profiles | Settings
3.Select the local user account with the desired profile, and select
Copy To | Browse
4.Select the domain account on the local machine | OK | OK | OK
5.Test the account: log off as local Admin, log on as domain user

---

• Next message: Don 'Bear' Wilkinson: "New server, old client(s)"
• Previous message: Kevin D. Goodknecht Sr. [MVP]: "Re: Desperate: Windows XP SP2 intermittent slow logins to Windows 2K AD Domain"
• Next in thread: Al Mulnick: "Re: AD Setup Checklist: Request for Comments"
• Reply: Al Mulnick: "Re: AD Setup Checklist: Request for Comments"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)