I will try to include as many screen shots as possible, to help those that are learning, or are new to installing Active Directory.

This install was performed on a virtual machine running Windows 2003 R2 Standard. The install will be similar to the install on Windows 2000.

We start off with a fresh install. Close the configure your server wizard. We are going to do this manually.

Assign a static IP address to this server, and then for the machines DNS servers primary, type in it’s own IP address. I did this while installing Windows.

Next we need to give this machine a DNS suffix. Choose the same one that you will name the domain. I’m going to use testdomain.home because this is an example setup, and I choose the .home TLD because it is not valid on the internet and will never conflict with a real domain and cause internal network problems like browsing around websites.

If you were to choose say, yahoo.com for your domain name, your clients would not be able to get to the real yahoo.com because your DNS server will resolve it to your Active Directory server and not to the Yahoo servers.

To do this, right click My Computer from the Start Menu, and choose Properties. Select the Computer Name tab at the top, and then click Change. On the Computer Name Changes dialog, click the More button and type in your suffix and click OK.

Restart the server.

Login to the server and start off by making this a DNS server for Active Directory and clients.

Go to Start Menu, Control Panel, Add/Remove Programs. Click on Add/Remove Windows Components on your left. Scroll down to Networking Services and highlight it, don’t check the box next to it, and click Details. Check the box next to Domain Name System (DNS) and then click OK then click Next. Insert the CD if asked, and click OK.

After the files copy, click Finish and close the Add/Remove Programs window.

Go to Start Menu, Administrative Tools, DNS. Right click on Forward Lookup Zones and choose New Zone. Click Next, choose Primary Zone, click Next. When asked for the Zone Name you must type the same one you did for the Computer Name Suffix in the previous steps.

Click Next and then Next again to accept the filename. When asked for the Dynamic Update, choose ‘Allow both nonsecure and secure dynamic updates’. (We will secure this later). Click Next. Then Finish.

Right click on the Reverse Lookup Zones and choose New Zone. Click Next, then Primary zone, then click Next.

Type in the first portions of your networks IP space and click Next, then Next for the filename, and then click ‘Allow both nonsecure and secure updates’. (We will secure this later). Click Next. Then Finish.

Restart the server.

Open a Command Console and type in ‘nslookup’. You should get something similar to the following:

If you get an error, your DNS server is not working correctly yet, and it has to be working to proceed.

Click Start Menu, Run. Type in ‘dcpromo’ and click OK.

Click Next, Next, and Next again for new domain, Next for new forest. When asked for the Full DNS name type in the same you have been for the above steps.

Click Next after typing your DNS name. It will then test your DNS server. You can change the NetBIOS name or leave default and click Next. Default NTDS paths and click Next. Accept defautl SYSVOL and click Next. Click Next again and then Permissions for 2003 and Higher only and click Next. Choose a password for recovery mode, and click Next. Next again and the process starts.

When it’s all done, click Finish, and Restart.

Click Start Menu, Administrative Tools, DNS. Click and then Right click on your domain under Forward Lookup Zones and choose Properties. To the right of Type click Change. Click the check box, Store the zone in Active Directory click OK and then Yes then change the dynamic updates drop down box to Secure Only and then click OK.

Do the same for the Reverse Lookup Zone. Click and then Right click your network subnet, and click Properties. Change the type to Store in Active Directory. And then dynamic updates to Secure only and click OK.

You now have a domain controller to join clients to. Make sure the clients are using the domain controller as their DNS server.