Active Directory Installation & Configuration Interview Questions Tutorials

Many Interviewers ask this question: Explain how you installed & configured your Active Directory Service so its better I share the answers with you. Please read the above post for the first segment.This is a continuation of the explanation from the above post.

5.The next screen will ask you to specify the full DNS domain name for your new domain.You do not have to use your company's registered public (Internet) domain name here,but you can if you would like. For this lab, type in MYCOMPANY.com and click Next.

6. The next screen will ask you to specify the NetBIOS name for the domain. This is the domain name that legacy systems (anything before Windows 2000) and applications that only support NetBIOS will use. The main difference is that the NetBIOS domain name can only contain up to 15 characters with no periods. By default the wizard will suggest a name for you, based on the domain name you entered earlier, only now it will use the NetBIOS name rules. In this case, it should come up as MYCOMPANY. You can modify this name if you would like, but it would most likely lead to confusion down the road, as your domain will effectively have two names. Leave the default name, MYCOMPANY. Click on Next.

7. The next screen will ask where you want to place the Active Directory database and log. It's recommended in a production environment, that you place the log file on a separate physical hard drive to increase the performance of Active Directory. This is optional for the lab, if you do not have two physical hard drives you can leave it at the default setting which will be the %systemroot%\WINNT\NTDS for both the database and the log, or c:\WINNT\NTDS. Click Next.
 
8. The next screen will ask you for the location of the SYSVOL folder. This system folder stores any user configurations, default profiles, and logon scripts that you may have on the network. The folder is automatically shared and replicates to other domain controllers throughout Active Directory. The default location of the folder is %systemroot%\WINNT\SYSVOL but you may still change the location of the folder.
You always want to try to keep things as simple as possible so leave the default location for the folder and click Next.

9. A dialog box will appear and tell you the wizard was unable to find the DNS server that handles the name benandbrady.com and then ask you to confirm that the DNS configuration is working properly, or install and configure a DNS server on this computer. Active Directory was designed to work with DNS and will not function without a DNS server that handles name resolution for the domain. Click OK.

10. Within the wizard, you will see a screen asking if you would like to install and configure DNS on this computer now or if you would like to install and configure DNS yourself. If you select yes, the wizard will install DNS for you but if you select no it will end the wizard and tell you that it cannot continue and the Active Directory installation will fail. Let the wizard install and configure the DNS server for you. Select Yes, install, and configure DNS on this Computer and click Next.
 
11. The next screen will ask you what the default permissions should be for users and groups. The first option is for permissions compatible with pre-Windows 2000 servers.This setting will loosen up security a little, but it will allow NT 4.0 RAS servers and other programs to be able to authenticate users. The second option is for permissions compatible only with Windows 2000 servers. This will give you tighter security but will not work with any NT 4.0 RAS servers and can cause problems within NT 4.0 domains. There are no NT 4.0 servers of any kind in the network, nor do you ever plan on having any on the network, so you may choose the second option of Permissions compatible only with Windows 2000 servers and click Next.

12. The next screen will ask you for a directory services restore mode administrator password. This password is used to protect against anyone other than an administrator from rebuilding the Active Directory database from the directory services restore mode. This password is different from any logon password and should be a different from the administrator's logon password in case the administrators' account gets compromised. Type in pass as the password and click Next.


13. The next screen will give you a summary of all the information you entered in the wizard. Review and confirm that everything is correct and click Next to start the Active Directory installation. You may be asked for the i386 folder during the installation of DNS, so you should have the Windows 2000 Server CD-Rom handy. The installation should take about 15-30 minutes.

14. You will eventually get a screen letting you know the installation is done. Click on Finish and you will see a dialog box appear telling you that the server must be restarted
before the changes made by the Active Directory installation wizard take effect. Click Restart Now for the computer to restart.

Configuring DNS to work with Active Directory
1. When the server restarts, log on as administrator and open the DNS management console. Go to Start > Programs > Administrative Tools > DNS. In the left pane open srv-1, then open Forward Lookup Zones folder and find the zone for mycompany.com. Check to make sure there is a host entry for srv-1.

2. Right click on the mycompany.com and select Properties. Here you can see that when DNS is installed automatically through the Active Directory installation wizard, the zone type is set to Active Directory-integrated and dynamic updates are set for Only secure updates by default. Click OK.

3. Now you will need to create a reverse lookup zone for the mycompany.com network. The reverse lookup zone is needed in order to use the NSLOOKUP utility to test that DNS is working properly and troubleshoot any problems that may arise. Right click on the Reverse Lookup Zones folder, select New Zone and the Reverse lookup zone wizard will start.

4. The first screen is the welcome screen, just click on Next. The next screen will ask you to specify the type of zone you want to create. Choose the same type of zone that the forward lookup zone is set to. Select Active Directory integrated, by selecting an Active Directory integrated zone, dynamic updates will automatically be set to allow Only secure updates, click Next. The next screen will ask you to specify the Network ID for the reverse lookup zone. Type in the network ID 192.168.1 and click Next. The last screen will show a summary of all the information you entered on the wizard, confirm that it’s all correct and click Finish to create the reverse lookup zone.

5. On the DNS console, open the Reverse Lookup Zones folder and you should find the zone, 192.168.1.x Subnet. Open the Properties of the zone to confirm that the zone type is set to Active Directory integrated and dynamic updates are set to allow only secure updates. Close the Properties.

6. The next step is to create a pointer record for Server-1, this should be the only pointer record you will have to create manually because any other clients that support dynamic updates will automatically update and create their own host and pointer records. Server-1 did not update or create a pointer record automatically because there was no reverse lookup zone available when the host record was originally created. Right click on 192.168.1.x Subnet and select New Pointer.

7. A dialog box will appear asking you for the Host IP address and Host name of the Pointer record. Type in 201 for the host IP number and Server-1.mycompany.com for the host name then click OK.

8. On the DNS console, you should now have a pointer record for 192.168.1.201. Close the DNS Console.

9. From the desktop, open the command prompt; go to Start > Run, type in CMD and click OK. On the command prompt type in NSLOOKUP and press Enter.

10. The NSLOOKUP utility will look for the DNS server on the network and return the host name and IP address of the server. You should have the default server Server-1.mycompany.com and an IP address of 192.168.1.201 appear. You may now type in any host name and NSLOOKUP will query the preferred DNS server to resolve it to an IP address. Try resolving the host name for Server-1. Type in srv-1 and press Enter. You should get the full DNS name and IP address of the DNS server and underneath it will appear the full DNS name and IP address of the queried host. Type in Exit and press
Enter to exit NSLOOKUP. Then type Exit and press Enter again to close the command prompt.