This posting comprises the basic steps for setting up a Windows 2000 Server as a Domain Controller, with RAID 1 and Active Directory. They are notes from the actual install of a domain that is currently operational.

I’m sorry that there aren’t any screenshots. This page is being read quite frequently–there are about 25 hits a day as of July 2006 , so if you have anything you’d like to see added or corrected, please post a note. I’m sure everyone would appreciate it.
These directions are meant as a template, or recipe. They may not work in every instance. And, I have, at times, omitted specifics as well as oversimplification, that is to say, if the information is not there, you should be reasonably confident that you can figure it out yourself.

We set up this server in the fall of 2005, while a number of malicious worms were infecting unsecured Windows 2000 machines. In order to protect ourselves, we kept our server offline (i.e. ethernet cable disconnected) until we felt the machine was relatively secure. Only after we’d installed enough patches and our antivirus software did we connect the ethernet cable and go online. Our antivirus software stopped numerous instances of the worms over the next couple of hours.

Total Project Time: Approximately 2 hours

For supplemental reading, please see the bottom of this post.

Setting up the Domain Controller

1. Boot from the Windows 2000 Server CD.

2. Create a partition labeled C: and allocate sufficient space for system and program files. You will likely not require much space. In our demonstration environment, we have a server with 200GB. We allocated 10GB for the C: drive. It’s currently active and is using about half that much.
Important—you must make sure your system drive is the letter you want now, otherwise you’ll have to start over. See Microsoft Knowledge Base Article 223769 (n.b. believe it, we’ve tried.)

3. Leave the remaining space on your drive unformatted and unpartitioned. The process of formatting takes some time and it’s better to do it later, when you know you have things set up like you want them, than to wait for Windows to do it now and then possibly have to do it again.

4. Format with the NTFS filesystem. NTFS more secure and allows for software RAID 1 configurations, which provides data redundancy.

5. Wait for the formatting to complete and then wait for the Set Up to copy files to the Windows 2000 install folders.

6. Allow the computer to restart, leaving the CD in the drive.

7. At the Windows 2000 Setup wizard, click next (Windows will automatically let it go through after a few seconds).

8. Set up your Regional Settings.

9. Personalize your software.

10. Select your licensing mode.

11. Name your computer and set your Administrator password.

12. Add / Remove components
A. Accessories
Unchecked Games
B. Checked Management & Monitoring Tools
Unchecked DHCP
C. Checked Networking Services
D. Checked Other Networking File & Print Services
E. Checked Terminal Services
F. Under
Unchecked World Wide Web Server
Unchecked FTP
Unchecked IIS

13. Set the Date and Time.

14. Choose Terminal Services Mode. Click next. We want access to our server via remote desktop, which is one of the great features of Windows 2000 Server. So we chose to install remote admin. We are not using any applications on the server and this eliminates the need for further Windows Licensing (aka Client Access Licenses, or CALs).

15. Network Settings
Typical or custom
If you choose custom, you must set up your local whether your server is in a workgroup or in a domain. When completed, click ok to return your computer to the installation process.

16. Windows will complete the installed. When prompted, remove the CD and click Finish. After the restart, an error message will appear, telling you that at least one service or driver failed. Use the event log to examine the log for details. Click ok. This error only comes because you’ve not yet connected the computer to the Ethernet cable.

Disk Setup and Mirroring (RAID 1)

17. Right click on my computer and choose manage. For further instructions, see MS KB 302969.

18. Click on Disk Management in the computer management window (located under Storage)

19. Right click on Disk 0 and choose upgrade to Dynamic Disk. Click ok through the verification screens, including, lastly that which tells you the file system will be force dismounted. Windows will reboot. Logon again, again ignoring the notification of the driver failing (see step 16.) A Systems Settings change notification will appear. Click yes to the restart.

20. Go back to the Disk Management (see steps 17 & 18). Right click on unallocated space on Disk 0. Choose Simple Volume. Select the Disks & Disk O should be in the right and left columns. Select the Disk size. On our demonstration server, we chose 180GB, leaving 10GB of unallocated space. Choose the format option, accepting the defaults, and label the volume. We labeled ours Data.

21. Right click on the C: Drive choose Add mirror. Wait for the Drive to Regenerate.
Right click on E: drive . Choose Add Mirror. And wait for the regeneration process to complete.

22. Next, you may want to edit the  Boot.ini file to speed up the default time out. If you’re not interested in this, skip to step 23. Edit the boot.ini, to show both operating systems. See MS KB 311578 (n.b. as the article says, create a backup copy of the Boot.ini first).
As the demo server is mirrored, our Boot.ini file reads:
[boot loader]
timeout=15
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Windows 2000 Server” /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINNT=”Windows 2000 Server – mirror” /fastdetect

Note: we also edited the time out to 15 seconds, making the machine boot into the default Operating System more quickly.

For further clarification, we found this forum to be informative.

24. Install Internet Explorer 6. We installed IE 6 and Service Pack 4 from a CD that we burnt on another machine, in order to ensure that our new Windows 2000 wasn’t vulnerable to the most common worms, etc. This was also done to speed up the process of getting patches from the Windows Update website. [Note: IE 6 comes with an setup file that then downloads the package. If you would like to download the whole entire package of IE 6 for installation later, look at the directions here.]
25. Installed Service Pack 4, you can download it here. Service Pack 4 includes all of the other Service Packs to date.

26. Then, to enhance security on the computer a little further, we shut off the Messenger Service.

27. Connected Ethernet cable. Connected to the Internet. Click cancel on Internet
Connection Wizard. Check off do not show ICW in future. Click Yes.

28. Downloaded and installed Symantec Antivirus Corporate Edition 10.0. The installation requires a reboot. You can use other antivirus programs, such as McAfee VirusScan 8.0, just make sure they are compatible with Windows Server editions before purchasing.

Active Directory Install

29. On the Windows Configure Your Server page, which should be showing on the desktop, (if it isn’t, you can find it by going to Programs -> Administrative Tools -> Configure Your Server), select “This is the only server in my network” and click next.

30. To set up Active Directory, you need to name your domain. Our demonstration domain was going to be a primary domain so we named it [domainname].com. subdomain of a larger domain, you should name it something like subdomainname.domainname.com.

31. Click next again and wait as Windows runs through an install using the Windows component Wizard. Important—do not click next while this is going on.

32. Next, a banner will appear, saying the Active Directory Installation Wizard is running in unauthorized mode.

33. Backed up System State and all data to the Data Drive.

34. Copied the Bkf file to a remote location.

35. Installed the remaining Microsoft Updates from Microsoft Update website.

Supplemental Reading

Managing Windows 2000 Disks Backup and Restore — a 20 page Microsoft document

Planning Fault Tolerance and Avoidance –from Microsoft Technet

How to Recover from a Stop 0x00000058 FTDISK_INTERNAL_ERROR — MS KB 128630.

Advertisements