Support Portal

8. Prepare existing AD domain (If there is one) for the installation

If you have an existing Active Directory domain which your new domain controller will be joining, you need to prepare the existing Active Directory in advance of the installation. Please note that this article assumes familiarity with managing Microsoft Active Directory and Domain Controllers.

 

All these steps must be performed on the existing Domain Controller

Step 1. Create a new user
Logon to an existing Domain controller - preferably in the same LAN/site in which you are deploying your new server, and preferably one that currently holds all 5 Flexible Single Master Operation (FSMO) roles; it should also be a Global Catalog (GC) Server.

Open Active Directory Users and Computers and Create a domain user account called zcommission. The account needs to be a member of the Domain Admin group.

Keep a note of the zcommission users password, as you will need it during the installation process.

Note: you can identify which Domain Controller currently holds the FSMO roles by running "netdom query fsmo" on a Domain Controller and you can transfer all 5 FSMO roles by following the steps outlined in these three articles: https://technet.microsoft.com/en-us/library/cc816645(v=ws.10).aspx and https://technet.microsoft.com/en-us/library/cc794910(v=ws.10).aspx and https://technet.microsoft.com/en-us/library/cc816944(v=ws.10).aspx

Note: you can confirm if a Domain Controller is a Global Catalog server by following the steps outlined here: https://technet.microsoft.com/en-us/library/cc794880(v=ws.10).aspx and you can add the Global Catalog to an existing Domain Controller by following the steps outlined here: https://technet.microsoft.com/en-us/library/cc755257(v=ws.11).aspx


Step 2. Configure the secondary DNS server
Configure the network card to set the secondary DNS server to be the IP address of ZDC (ZDC will become your new domain controller). You can find out the IP address from the Commissioning Console. If you need help changing the secondary DNS server IP please view the article: How to change the secondary DNS server IP address

 

Step 3. Check the existing Active Directory is healthy

On the existing Domain Controller, Run a DCDIAG on their existing domain controller to verify the existing Active Directory is OK.

Any failures should be investigated and resolved. 

Here is a useful article on using DCDIAG to identify any issues: https://redmondmag.com/articles/2014/08/28/dcdiag-with-windows-server.aspx

Here is a Microsoft Technet article on using DCDIAG: https://technet.microsoft.com/en-gb/library/cc731968.aspx

 If you currently have more than one Domain Controller in your Active Directory, ensure that they are all replicating successfully - run "repadmin /showrepl" and "repadmin /syncall /Aed" and ensure there are no errors. More information on these commands is available in this article: https://technet.microsoft.com/en-us/library/cc770963(v=ws.11).aspx

Any existing errors in Active Directory replication should be resolved first. Any old Domain Controllers that are permanently offline should have server metadata cleanup performed, as outlined here: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

As suggested above, it is recommended to perform the above steps on a Domain Controller that holds the 5 FSMO roles and is a GC. During the automated join of the new Domain Controller on your new server to your current Active Directory that you will carry out in a subsequent step, the 5 FSMO roles will be transferred from the current Domain Controller that holds them to the new one.


Step 4. Check Forest Functional level

On the existing Domain Controller, ensure the Active Directory Forest Functional level is 2003 or higher. If it is not at 2003 you must first raise it.

Here is an article explaining how to check the Forest Functional level: https://www.technipages.com/active-directory-how-to-check-domain-and-forest-functional-level

Here is an artuicle explaining how to raise the Forest Functional level https://support.microsoft.com/en-gb/help/322692/how-to-raise-active-directory-domain-and-forest-functional-levels (you need to raise it to 2003 or higher)

 

If there are any Windows 2000 Domain Controller's, these need to be decommissioned before you can proceed.

 

Once all of the above is complete please read the article QUICK START GUIDE - Perform an Installation

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request