Before you add the other infrastructure components, you must build and deploy the first domain controller, AD01.

Before you proceed, make sure that you have reviewed the System Requirements.


  1. Prepare the First Domain Controller
  2. Deploy the First Domain Controller
  3. From Now On, Log On as a Member of the Domain Administrators Group
  4. Check the DNS Zone for the First Domain Controller
  5. Verification Step


  • Windows Server 2003 R2 Media with Service Pack 2

Prepare the First Domain Controller

Perform a default installation of Windows Server 2003 R2 on AD01. This requires that you first install Windows Server 2003 with SP2, and then install Windows Server 2003 R2.

Procedure W03-DWCM.1: To install Windows Server 2003 R2 on AD01

  1. Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 2 integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.

  2. After Setup for Windows Server 2003 with SP2 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and, in the \Cmpnents\R2 folder, run Setup2.exe. Follow the instructions to upgrade to R2.

Prepare this server by enabling Remote Desktop, installing Microsoft .NET Framework 2.0 with SP1, installing the Windows Server 2003 Support Tools, and installing the latest updates from Microsoft.

Procedure W03-DWCM.2: To prepare AD01

  1. Enable Remote Desktop by using Control Panel.

  2. Install the Microsoft .NET Framework 2.0 with SP1.

  3. Install Support Tools from the Support Tools directory on the Windows Server 2003 CD.

  4. Apply any released updates to Windows Server 2003 by using Windows Update.

Deploy the First Domain Controller

Deploy this domain controller by running DCPromo. During this process you will configure your new Active Directory directory service domain, install DNS, and set this server to use the local DNS server for name resolution, and configure permissions to be compatible with only servers running Windows Server 2003. You will be required to restart the server after running DCPromo.

If your domain controllers have more than one hard disk drive, the recommended configuration is to keep the database and the log file on different hard disk drives.

Unless you installed DNS components when installing the server, you will be prompted for the location of the files. Insert your installation CD or enter a location on your local disk or your network.

For more information about promoting domain controllers, see KB Article 324753: How To Create an Active Directory Server in Windows Server 2003.

From Now On, Log On as a Member of the Domain Administrators Group

From this point forward in the deployment, for all the servers that you configure, you need to log on to servers by using an account that is a member of the Domain Administrators group, unless specifically instructed otherwise.

Check the DNS Zone for the First Domain Controller

After logging on to the domain controller as a domain administrator, use the DNS console to check the DNS zone for and ensure that you have four new folders in your zone (_msdcs, _sites, _tcp, and _udp). These new folders reflect the proper registration of your new domain controller in DNS. Without these four folders, your domain controller will not function correctly.

If you do not see all four folders (_msdcs, _sites, _tcp, and _udp), your domain controller is not functioning properly. You can solve this problem by forcing the registration of the domain controller in DNS by using the NETDIAG support tool. To do this, at a command prompt, type NETDIAG /FIX.

After this command is complete, you should see all four folders in your DNS zone. You can also force registration by stopping and restarting the Net Logon service. However, the NETDIAG tool provides lots of additional useful information.

Verification Step

To validate that your domain controller is working as specified, run the DCDiag tool at a command prompt. DCDiag was installed as part of the Windows Server 2003 Support Tools. The most important test you will see is connectivity. This test will tell you if your domain controller is properly registered in DNS. If your tests are successful, you have a healthy domain controller. A typical successful output will start as follows:

  Copy Code
Domain Controller Diagnosis 
Performing initial setup: 
   Done gathering initial info. 
Doing initial required tests 

   Testing server: Default-First-Site-Name\AD01 
	Starting test: Connectivity 
		 ......................... AD01 passed test Connectivity

For questions about Group Policy, see Windows Server 2003 Group Policy.