AD in New 2003

Posted on 2005-02-25
Medium Priority
Last Modified: 2010-03-18
Just installed Windows 2003 server.(will place in test environment before deployment).  Looking for documentation, links, on step by step instructions to setup typical active directory environment on brand new LAN network. Additionally, would like suggestions or recommendations, tips, caveats, etc., regarding AD with the following general network environment: Network is single domain(only one server). Network includes 100 users, 80 local(LAN), 20 via 7 branch offices(WAN) connected site-to-site VPN(behind firewall and NAT, and all on different subnet). All users required to login to main server(DC),for scripts and DNS. Organization has 5-6 different departments. Branch offices(subnetted) will use local device(firewall) for dhcp or manual ip config. All offices access internet via ISP using one IP behind NAT. THANKS.
Question by:mmm5
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 40

Assisted Solution

Fatal_Exception earned 1000 total points
ID: 13404272
Here is a start for you:  ( I keep these bookmarked)

How do I install Active Directory on my Windows Server 2003 server?


How do I install and configure Windows Server 2003 DNS server?


Windows Server 2003 Downloads


and finally:

LVL 16

Accepted Solution

samccarthy earned 1000 total points
ID: 13404919
Build up your 2003 box, make sure you have updated drivers and patches and get Windows fully up to date.  When you are comfortable and have confirmed you have Internet Access, run DCPromo.  You will need the IIS plugin, but it will let you know if you are missing anything.  Do you have a Domain name???  If so, you will probably not want to use that for your internal network.  For example, mine is xyz.com.  My internal domain is orlando.xyz.com.  If you have a web presence you could have issues otherwise.  Anyway, you are creating a single forest and a single domain.  When complete, this DC will reboot and you will log on to the domain.  Now, this DC will have all the FSMO roles and be a Global Catalog Server.  I would also go into Add/Delete Programs, Windows components and add WINS.  If this is the only DC or 1 of 2, and you want this to provide DHCP, then also install that.  WINS is an easy configuration and DHCP is not too hard either.  

OK, now this DC is setup.  I highly recommend a second Domain Controller.   You don't want 1 failure to cripple your network.  Build up the same as the first, but when you DCPromo, it will be an additional Domain Controller in an existing Domain/Forest.   This will also load up DNS.  I would go into AD Sites and Services and make this one a Global Catalog Server too.  Your DC's are now complete.  Using DHCP options, make sure your DNS entries are for your internal DNS servers only.  Those servers should only point to themselves.  The only place your ISP DNS entries should be in your main office is on your firewall or router, whatever device has your public IP address.  Name resolution requests will hit the DNS server and if not resolved, will pass it on to the Internet Root Servers.

You have it right for Site to Site VPN tunnels using Firewalls and NAT and different Subnets..   I am assuming the remote sites will also have Internet access.  To make your connectivity seemless, in your firewall or whatever device is your gateway (Mine is my firewall), the First DNS entry should be your server at the main office.  The second one should be the 1st DNS address provided by your ISP.  

I just connected a few additional remote sites with this exact configuration and it makes the network connection scream, even across the slow, broadband links.   Use DHCP to simplify your life, only static IP what you really need to.

In any network or server setting, remember, use the KISS method.

Author Comment

ID: 13407018
Samccarthy: No domain name yet, and there will be no web(internet server) presence.  I'm thinking of a non-standard domain name such as companyname.north. Will this have any ramifications ? Also, all workstations are running XP Pro. Is WINS really needed, or can I stay with TCP/IP only ? Just curious, at remote sites, is all traffic, internal and internet, going through your main firewall at main office, or is internet access routed through local firewalls. Also, do you have a back-up strategy in place. In other words, do user data files reside on network server or local workstation, or both ? THANKS.

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 16

Expert Comment

ID: 13407243
No, the domin name will work just fine.  You will need WINS if you have any legacy applications or older systems that require it.  If you don't have the applications, go without it.  You can easily add it later if you do.

With the DNS the first setting in the remote firewall, all DNS requests go to the main DNS server for resolution.  That makes the network traffic fly, but their regular Internet activity will go out their local ISP connection.  Of course network traffic will go over the tunnel.

I use folder redirection for my users, so all their files are on a server.  For remote sites, and I have a few, with a DC onsite, the files reside there.  For those that just connect like yours are, the files reside at the remote server.  With Redirection, it keeps a local copy of the files, so should the link go down, my users can still get to the Internet and still work on their files and they will synchronize when the link is restored.  Works pretty darn good!

Author Comment

ID: 13419557
Appreciate both answers. Thanks again !
LVL 40

Expert Comment

ID: 13419562
Very good, and thank you!

LVL 16

Expert Comment

ID: 13420816
Thanks and good luck!

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question