2. Using Active Directory Tools
Before we go any further, I'd like to discuss the three most common tools
you will find yourself using as an Active Directory administrator. The
first of these tools is Active Directory Users and Computers, the tool
that allows you to create your Active Directory structure within a
domain, add users and groups, adjust account properties, and generally
administer the day-to-day operations of your directory. Figure 13 shows the default screen for Active Directory Users and Computers.
Next, there's Active Directory Domains and Trusts
, a utility you can use to create trusts between domains and to
eventually raise the domain functional level to enable new features for
Active Directory. Figure 14 shows the default screen for Active Directory Domains and Trusts.
Finally, let's briefly glance at Active Directory Sites and Services
, a graphical tool that allows you to design your Active Directory
structure around how your business is geographically dispersed, making
Active Directory replication traffic go across links that cost the least
and are the fastest. You also can delineate how your organization's
computers are addressed via outlining different subnets, thereby
increasing the likelihood that clients will log on to domain controllers
that are the closest distance to them. Figure 15 shows the default screen for Active Directory Sites and Services.
We'll use each tool in time as we proceed through the remainder of this chapter. For now, let's move on.
3. Adding Another Domain Controller to a Domain
Promoting another
machine to domain controller status within an existing domain is even
easier than promoting the first machine in a new domain. You can use the
DCPROMO
Wizard
to do the job for you in this case, as well.
To begin, start DCPROMO
as before, and on the screen asking you what action you want to perform,
select Additional domain controller for an existing domain, and click
Next. The Network Credentials screen will appear, asking you to type in
the username and password for a domain administrator account. Do so, and
then click Next. Enter the full DNS canonical name of the domain for
which you want this machine to become a domain controller, and then
click Next. From there, proceed through the wizard starting from the
Database and Log Files screen as indicated in the previous section. Once
the wizard is finished and your machine has restarted, it is an
official domain controller for your domain.
4. Adding Another Domain
Adding a child domain is
equally simple: you use DCPROMO and you tell it to create a new domain,
but not a new tree. This will add a "subdomain" to the existing domain
tree. Then the Network Credentials screen will appear, asking for a
domain administrator account. After that, the Child Domain Installation
screen will appear, as shown in Figure 16.
Here, you can select to
install a domain controller into a new domain. Click Next, and then you
will be prompted to provide a name for the domain, as shown in Figure 5-18.
Next, you need to tell
Active Directory which domain you want to add on to, and then the name
of the child domain to add on to the parent tree. You can use the Browse
button to scroll around the directory or simply type the name in. In
the second box, enter just the first portion of the new child domain's
name. The box at the bottom will adjust automatically to show the full
name of the new child domain.
Now you can proceed through
the wizard, as shown in the previous section. One note of interest,
though: if the domain has a lot of information to replicate out to its
new domain controller, this promotion process can take a long time. An
option is available on the final screen of this wizard that allows you
to finish replication later, and you might be tempted to take advantage
of this option. Although it does decrease the amount of time it takes to
bring a new domain controller in an existing domain online, I prefer to
let replication happen immediately. The only instance in which I
wouldn't want to do this is if I were bringing up a new domain
controller in a branch office with a very slow connection to the home
office. In that case, it's OK to wait until off hours and let the
replication happen then. In all other cases, I recommend moving ahead
with replication and simply waiting it out.
