How to Verify an Active Directory Installation in Windows Server 2003 (816106)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
For a Microsoft Windows 2000 version of this article, see 298143.

IN THIS TASK

SUMMARY

This step-by-step article describes how to verify an Active Directory installation.

After you have performed an upgrade, you can verify the promotion of a server to a domain controller by verifying the following items.

  • Default Containers

    These are created automatically when the first domain is created. Open the Active Directory Users and Computers Microsoft Management Console (MMC), and then verify that the following containers appear here:
    • Computers
    • Users
    • ForeignSecurityPrincipals
    Back to the top

  • Default Domain Controllers Organizational Unit

    This holds the first domain controller and also serves as the default container for new Windows Server domain controllers. Open Active Directory Users and Computers, and then verify that this organizational unit appears here.

    Back to the top

  • Default-First-Site-Name

    During the promotion of a server to domain controller, the Dcpromo.exe program determines the site that the domain controller can become a member of. If the domain controller that is being created is the first in a new forest, a default site named "Default-First-Site-Name" is created and the domain controller becomes a member of this site until the appropriate subnets and sites are configured. You can verify this item by using Active Directory Sites and Services.

    Back to the top

  • Active Directory Database

    Your Ntds.dit file is the Active Directory database. Verify that it resides in the %Systemroot%\Ntds folder.

    Back to the top

  • Global Catalog Server

    By default, the first domain controller becomes a global catalog server. To verify this item:
    1. Click Start, click Administrative Tools, and then click Active Directory Sites and Services.
    2. Double-click Sites, expand Servers, and then select your domain controller.
    3. Double-click the domain controller to expand the server contents.
    4. Below the server, an NTDS Settings object is displayed. Right-click the object, and then click Properties.
    5. On the General tab, make sure that the Global Catalog check box is selected (this is the default setting).
    Back to the top

  • Root Domain

    The forest root is created when the first domain controller is installed. Verify your computer network identification in My Computer. The Domain Name System (DNS) suffix of your computer should match the domain name that the domain controller belongs to. Also, make sure that your computer registers the correct computer role. To verify this role, use the net accounts command. The computer role should be "primary" or "backup," depending on whether the computer is the first domain controller in the domain.

    Back to the top

  • Shared System Volume

    A Windows Server 2003 domain controller should have a shared system volume located in the %Systemroot%\Sysvol\Sysvol folder. To verify this item, use the net share command. Active Directory also creates two standard policies during the installation process: The Default Domain policy and the Default Domain Controllers policy (located in the %Systemroot%\Sysvol\Domain\Policies folder). These policies are displayed as the following globally unique identifiers (GUIDs):

    {31B2F340-016D-11D2-945F-00C04FB984F9} -- representing the Default Domain policy
    {6AC1786C-016F-11D2-945F-00C04fB984F9} -- representing the Default Domain Controllers policy


    Back to the top

  • SRV Resource Records

    You must have a DNS server installed and configured for Active Directory and the associated client software to function correctly. Microsoft recommends that you use Microsoft version of DNS Server as your DNS server (this is bundled with Windows Server 2003). However, this version of DNS is not required. The DNS server that you use must support the Service Resource Record (SRV RR) Requests for Comments (RFC) 2052, and the dynamic update protocol (RFC 2136). Use the DNS Manager MMC snap-in to verify that the correct zones and resource records are created for each DNS zone. Active Directory creates its SRV RRs in the following folders:
    • _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
    • _Msdcs/Dc/_Tcp
    In these locations, an SRV RR is displayed for the following services:
    • _kerberos
    • _ldap
    Back to the top
Modification Type:MajorLast Reviewed:3/1/2004
Keywords:kbActiveDirectory kbHOWTOmaster kbinfo KB816106 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.