Windows Services Index | Overview | Getting Started | How To | Forest Design | Resources | Troubleshooting | Policies | Contact Info

How To: Installing the first Domain Controller in a Child Domain

Prerequisites:

1. You have completed the application process.
2. You have a server that meets Microsoft's minimum requirements.
3. Your have the administrative account and password provided by an ACCESS administrator

Step 1: Patch the Machine and Setup the Machine Name

Patching the Machine

It is extremely important to have an updated machine prior to installing the machine into Active Directory. You can use the Windows® Software Update Service to patch and update the machine, or another method of your choice.

Setting Up the Machine Name:

1. Right-click My Computer and choose Properties.
2. Choose Computer Name.
3. Click <Change>.
4. Ensure that the Computer name text box has the correct machine name and that the machine name is correctly prefix with your organization's designated two- or three-letter prefix.



5. Click <More>.
6. Click the Change primary DNS suffix when domain membership changes check box to disable this option.
7. Enter the DNS suffix of the machine where YourDNSsuffix.psu.edu is the the DNS suffix of the Fully Qualified Domain Name (FQDN) for the machine.



8. Click <OK> for the next four windows.
9. Click <Yes> to restart the computer.
10. After rebooting, right-click My Network Places and choose Properties. Choose the connection used to access the network.
11. Right-click and choose Properties.
12. Double-click Internet Protocol (TCP/IP).
13. Click Advanced.
14. Choose the DNS Tab.
15. Ensure that the DNS servers listed are the DNS servers you generally use to resolve DNS names; you may use the two listed or DNS servers run by your organization.
16. In the Append, these DNS suffixes (in order) text box replace your DNSsuffix.psu.edu with your organization's DNS suffix and be sure to include aset.psu.edu as well.
17. Click the Register the connection's addresses in DNS check box to disable this option.



18. You can also set a WINS server. (optional)
19. Under Advanced TCP/IP Settings, select the WINS tab.
20. Click <Add>.
21. You may use the WINS server provided by us or a WINS server of your choice.
22. Click <Add>.



23. Click <OK>.
24. Click <OK>.
25. Click <OK>.

Step 2: Start the DC Promotion

1. Choose Start –>Run.
2. Enter dcpromo and click <Enter>.
3. Click <Next> and click <Next> again.
4. Click the Domain Controller radio button for a new domain.
5. Click <Next>.



6. The Create New Domain screen appears. Click the radio button for Child domain in an exsisting domain tree to choose this option.
7. Click <Next>.



8. Click <Next>.
9. The Network Credentials screen appears. Enter your administrative account information.



10. Click <Next>.
11. The Child Domain Installation screen appears. Enter the parent domain (access.psu.edu) and the child domain names in the fields provided.



12. Click <Next>. This may take time to process. Please be patient.
13. The next screen appears. Choose the NetBIOS name.



14. Click <Next>
15. Choose the location for the SYSVOL.



16. Click <Next>. This may take time to process. Please be patient.
17. Click the Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS server radio button. Note that this error is expected.



18. Click <Next>. This may take time to process. Please be patient.
19. The Permissions screen appears. Click the Permissions compatible only with Windows® 2000 or Windows® Server 2003 operating systems radio button.



20. Click <Next>.
21. Choose a restore mode password.



22. Click <Next>
23. Review the information you provided and click <Next>. It will take several minutes to install a DNS server.



24. Click <Finish>, and then click <Restart>. Then, continue setting up the DNS server.



25. Click <Next>
26. Enter a Restore Mode Password for the Directory Services Restore Mode Administrator Password in the fields provided. Click <Next>.

Step 3: Configure DNS

1. Log on to the same Domain Controller as in the previous step.
2. Choose Start –>Run.
3. Enter dnsmgmt.msc and click <Enter>.
4. Expand the direectory tree to Forward Lookup Zones.



5. Right-click Forward Lookup Zones.
6. Choose New Zone and click <Next>.
7. Click the Primary Zone radio button and click <Next>.



8. Click <Next>.
9. Click the To all DNS servers in the Active Directory domain radio button.
10. Click <Next>.



11. In the Zone name: field, enter _tcp.yourdomainname.access.psu.edu.
12. Click <Next>.





13. Choose the method you would like to use to allow dynamic updates.



14. Click <Next>.
15. Review your information and click <Finish>.
16. Repeat this process until the following zones are defined:
• _msdcs.yourdomain.access.psu.edu
• _tcp. yourdomain.access.psu.edu
• _udp. yourdomain.access.psu.edu
• _sites.yourdomain.access.psu.edu
• DomainDnsZones. yourdomain.access.psu.edu



17. Next, right-click yourdomain.access.psu.edu.
18. Choose Delete.
19. Choose Yes. (A warning message appears; disregard it).
20. Choose Yes to remove the zone from both Active Directory® and the DNS server.

Setting Up the Registry Entries for the K5 KDCs

1. Visit https://downloads.its.psu.edu/. Upon successful authentication, click "File Transfer". Then, click the "Windows" link for the Registry key for PASS Access. Once it has been downloaded simply run the file and it will handle the addition of information into your registry.
2. Test the configuration by using your Penn State Access Account userid and password to log on. In this case, you will enter (for example) xyz123@dce.psu.edu and the password, where xyz123 represents your Access Account userid.
3. If the message, local policy of this system does not permit you to log on interactively, appears or the machine allows you to log in, then the trust works.