Active Directory (AD) installation begins with planning. A well-thought-out plan considers the forests, domains, and domain trees and ensures that an architecture is selected that will support the needs of today and the demands of the future. The actual installation process for your first domain controller (DC) involves the proper installation and configuration of DNS, the addition of the Active Directory Domain Services (AD DS) Server role, and the configuration of AD DS through the DCPROMO Wizard. Before you configure DNS, be sure to have a clear plan for the domain names you will deploy in your environment. Carefully select the forest root domain, because it cannot be changed later. When installation is complete, you will be able to log on as an administrator of the AD domain. In this chapter, you installed the training.local AD domain.
- Download Virtual PC 2007 (Windows XP or Vista) or Windows Virtual PC (Windows 7) and install it on a machine with 3 GB of RAM or more.
- Download the Windows Server 2008 R2 trial VHD for use as a virtual Windows server and add it to Virtual PC 2007 or Windows Virtual PC.
- Install AD from start to finish, using the instructions in this chapter. Use the training.local domain so that you can perform the procedures in later chapters based on this domain.
Answers for Exercises
- The download links were provided earlier in the chapter. Use these links to download and install the appropriate virtualization solution.
- To add the downloaded and extracted VHD to a virtual machine (VM), simply follow these steps:
- 1. Create a new VM in either Virtual PC 2007 or Windows Virtual PC.
- 2. When asked for the hard drive, specify an existing virtual hard drive (VHD) and use the downloaded VHD from Microsoft.
- 3. Assign at least 1 GB of memory (preferably 2 GB or more) to the VM.
- 4. Power on the VM.
- If you prefer to use the free VMware Player from WMware, you can import the VHD files into that virtualization solution.
- Simply follow the instructions throughout this chapter to perform the installation.
- 1. Install DNS first and configure it.
- 2. Install the AD DS role and configure it.
- 1. What is the first step in planning an AD deployment according to Microsoft?
- A. Determining the number of domains required
- B. Determining the number of DCs required
- C. Determining the number of forests required
- D. Determining the location of the DCs
- 2. True or false: You can have multiple schemas in a single AD forest.
- 3. Which one of the following is not a valid reason for creating a separate domain?
- A. Reducing replication traffic
- B. Preserving legacy AD installations
- C. You have more than 1,200 users
- D. Improving control over replication traffic
- 4. What domain will be the forest root domain in a multiple-domain installation with a single forest?
- 5. What are the two primary reasons for creating an OU? (Choose two.)
- A. Reducing replication traffic
- B. Administrative delegationns
- C. Group Policy application
- D. Creating a trust boundary
- 6. Define a forest trust.
- 7. Define a resource forest.
- 8. How many domain controllers should a domain have at a minimum, regardless of the size of the domain?
- A. 1
- B. 2
- C. 3
- D. 4
- 9. What are the two placement locations that Microsoft defines for domain controllers (DCs)? (Choose two.)
- A. Edge
- B. Hub
- C. Internal
- D. Satellite
- 10. True or false: The Global Catalog contains an entire replica of the domain databases for every domain in the forest.
Answers for Review Questions
- 1. C The first of the high-level planning steps is to determine the number of forests required. AD installations support a single forest and they support multiple forests.
- 2. False Only one schema can be shared across a forest. It is possible that two or more applications could conflict with each other when they attempt to modify the same schema. You can create application forests so that they can have a dedicated schema and eliminate such conflicts.
- 3. C An AD domain can handle many thousands of users. Having more than 1,200 users is not, by itself, a valid reason to create a separate domain.
- 4. The first domain installed. When you install the first domain controller for the first domain in the forest, you are creating the forest root domain.
- 5. B, C You can delegate administrative permissions to a user for an OU. You can link or apply different Group Policies to each OU.
- 6. A trust relationship between forests. A forest trust may be a one-way or two-way transitive trust. A two-way trust is required for both forests to fully trust the other forest’s domains.
- 7. An Active Directory forest used to store and share centralized resources needed by all or many users on the network.
- 8. B As a best practice, always start with two DCs and add additional DCs as needed. Two DCs are considered the minimum number for fault-tolerant purposes. If you have only one DC and that DC fails, users will be unable to log on.
- 9. B, D Microsoft defines DC locations as hub locations and satellite locations. Hub locations are the centralized locations where DCs are located, and these DCs serve many users within the organization while often acting as replication partners to satellite locations. Satellite locations are those DC locations serving fewer users (typically, a branch office location) and are connected to a hub DC.
- 10. False The GC contains a partial replica of all objects in all of the forest domains. This subset of data is used to provide faster searches of the directory. The GC also contains the Universal Groups and their full memberships.