Creating a Domain Tree

156 Chapter 4  Installing and Managing Trees and Forests

Using the Active Directory Installation Wizard, you can quickly and easily create new

domains by promoting a Windows Server 2008 stand-alone server or a member server to a

domain controller. When you install a new domain controller, you can choose to make it part

of an existing domain, or you can choose to make it the first domain controller in a new

domain. In the following sections and exercises, you’ll become familiar with the exact steps

you need to take to create a domain tree and a domain forest when you promote a server to

a domain controller.

Creating a Domain Tree

In the previous chapter (Chapter 3), you saw how to promote the first domain controller in the

first domain in a forest, also known as the root. If you don’t promote any other domain

con-trollers, then that domain controller simply controls that one domain and only one tree is

cre-ated. To create a new domain tree, you need to promote a Windows Server 2008 computer to

a domain controller. In the Active Directory Installation Wizard, you select the option that

makes this domain controller the first machine in a new domain that is a child of an existing

domain. As a result, you will have a domain tree that contains two domains—a parent and a

child.

Before you can create a new child domain, you need the following information:



The name of the parent domain (for the exercises, you’ll use the one you created in the

pre-vious chapter)



_{The name of the child domain (the one you are planning to install)}



_{The filesystem locations for the Active Directory database, logs, and shared system}

volume



_{DNS configuration information}

The NetBIOS name for the new server



_{A domain administrator username and password}

Exercise 4.1 walks you through the process of creating a new child domain using the Active

Directory Installation Wizard. This exercise assumes that you have already created the parent

domain and that you are using a server in the domain that is not a domain controller.

E X E R C I S E 4 . 1

Creating a New Subdomain

1. Log on to the computer as a member of the Administrators group and open the Active

Directory Installation Wizard by clicking Start  Run, and typing dcpromo. After the

2. The Choose A Deployment Configuration screen appears. Click Existing Forest and then click Create A New Domain In An Existing Forest. Click Next.

3. A warning box may appear stating that the local administrator account becomes the

domain administrator account for the new domain. If it appears, Click Yes to continue.

4. On the Network Credentials page, specify the full name of the domain that you installed

5. Click the OK button on the Alternate Credentials screen. The domain administrator account that you used in the previous chapter should now be listed. A warning may appear stating that the current user credentials cannot be selected because they are local to this computer. The warning appears because our local account is the same as our domain administrator’s account. This warning will not affect the exercise. Click Next.

6. If the information you entered was correct, you will see the Name The New Domain page.

7. If the Select A Site screen appears, choose any site and click Next. (You may not have any sites created on your other domain. This server will then be added to the DefaultFirstSite.)

8. On the Additional Domain Controller Options page, uncheck any options and click Next.

10. On the Location for Database, Log Files, and SYSVOL page, you’ll need to specify the database and log locations. These settings specify where the Active Directory database resides on the local machine. As mentioned previously, it is good practice to place the log files on a separate physical hard disk because this increases performance. Enter the path for a local directory (you can also leave the defaults for these exercises), and click Next.

11. In order to be able to recover this server in the event of a loss of Active Directory

12. On the Summary page, you will be given a brief listing of all the choices you made in the previous steps. It’s a good idea to copy this information and paste it into a text document for future reference. Click Next to continue.

A forest is one or more trees that do not share a contiguous namespace. For example, you

could join the organization1.com and organization2.com domains together to create a

single Active Directory environment.

Any two trees can be joined together to create a forest, as long as the second tree is installed

after the first and the trees have noncontiguous namespaces. (If the namespaces were

contig-uous, you would actually need to create a new domain for an existing tree.) The process of

creating a new tree to form or add to a forest is as simple as promoting a server to a domain

controller for a new domain that does not share a namespace with an existing Active Directory

domain.

The command-line tool adprep.exe is used to prepare a Microsoft Windows 2003 forest or a Windows 2003 domain for the installation of Windows Server 2008 domain controllers.

Before you promote a Windows Server 2008 domain controller into a Windows 2003 forest, an administrator should successfully run adprep /forestprep on the schema operations master and run adprep /domainprep on the infrastructure master in the Windows 2003 forest. The forestprep and domainprep processes prepare the Windows 2000 or 2003 network to accept the installation of the Windows Server 2008 servers.