2. Installing and Configuring DNS on the First Domain Controller

Check TCP/IP configuration
  • Configure the DNS servers in the TCP/IP configuration pages to use the central DNS servers.
  • Ensure that the server name and IP address are registered as usual in the central DNS servers.
Install Active Directory
  • Use dcpromo to install Active Directory onto the first server in a domain. With Server 2008 you can also use the Server manager to add the Active Directory Domain Services role; make sure you select [Use advanced mode installation] when the Active Directory Domain Services Installation Wizard (dcpromo) starts up.
  • When prompted about DNS (2000, 2003) or on the Additional Domain Controller Options page (2008), make sure that DNS will be installed and configured automatically as part of the Active Directory installation. On 2008 Server Core, use InstallDNS=Yes in an answer file, or /InstallDNS:Yes as a command-line switch to dcpromo.
Check DNS Zone Configuration
  • Once Active Directory and the DNS service are both installed, open the DNS management program ([Administrative Tools]). Open the Forward Lookup Zones folder and check that the correct zones have been created. You should see one entry with the same name as your Active Directory domain, and if this is the first domain in a forest (the forest root) you should also see a zone called _msdcs.YourADDomainName. (The latter is not created in Windows 2000-only domains.)
  • If by any chance the zones have not been created for you, you need to create them as follows.
    • In the Forward Lookup Zones folder create two Active Directory-integrated zones allowing secure dynamic updates. One should have the same name as the Active Directory domain. The other is only needed if this is the first domain in a forest (the forest root) but this is normally the case. It should be called _msdcs.ForestRootDomainName.This process is explained in more detail in the Appendix: How to Create and Configure a Zone.
    • Again, only do this in the forest root domain. Select the zone that has the same name as your Active Directory domain, right-click on it and choose [New Delegation...], then enter _msdcs as the name of the delegation.
    • Finally, again only in the forest root domain, select the _msdcs.ForestRootDomainName, right-click and choose [Properties]. On the [General] tab, change replication for the zone to the first option ([To all DNS servers in the Active Directory forest]).
Update TCP/IP configuration
  • Change the TCP/IP configuration of your server and remove the Oxford DNS server and replace with the address of your new DNS server (i.e. its own address). On 2008 server this should already have been done for you.
Register and check records
  • Reboot the server, or restart the NetLogon service, or wait a few hours to trigger the registration of records in the DNS.
  • Take a look in the file C:\Windows\System32\Config\netlogon.dns and compare the entries with the entries in the DNS management tool. You may need to refresh or even restart the latter before you can see them.
Configure forwarders
  • Configure your DNS servers to send all requests for information that they do not hold themselves to the DNS Caching Resolvers. This is recommended for security reasons and also speeds up queries for information in the ox.ac.uk domain. Configure this via the Forwarders tab in the [Properties] of the server object in the DNS management tool. Make sure there is an entry for All other DNS domains and add the addresses for each of the DNS Caching Resolvers to the forwarders list for this entry.
Run tests to check for errors
  • Check the event logs for errors.
  • Run netdiag /v /test:dns and dcdiag /v /test:dns using the Support tools included on the Windows server CD (the latter won't work on 2000) or installed by default on 2008. to check that everything looks good.
Configure Firewalls and Clients
  • Refer to the other sections in this document for details on updating the configuration of perimeter firewalls and clients.

Up: Contents Previous: 1. Before you Begin Next: 3. Configuring the Second and Subsequent Domain Controllers