Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                  Laptop for rent: $35 per day plus $10 for additional day

rental
 

 

How to verify an Active Directory installation

After you have installed a new domain controller or performed an DC upgrade, you may want to verify the correct Active Directory installation or upgrade.


Verifying Default Containers
Default Containers are created automatically when the first domain is created. To verify them, open the Active Directory Users and Computers, and then verify that the following containers appear here:
• Computers
• Users
• ForeignSecurityPrincipals

Verifying Default Domain Controllers Organizational Unit
Domain Controllers holds the first domain controller and also serves as the default container for new Windows Server domain controllers. Open Active Directory Users and Computers, and then verify that this organizational unit appears here.

Verifying Default-First-Site-Name
When installing or prmote a server to domain controller, the Dcpromo.exe program determines the site that the domain controller can become a member of. If the domain controller that is being created is the first in a new forest, a default site named "Default-First-Site-Name" is created and the domain controller becomes a member of this site until the appropriate subnets and sites are configured. You can verify this item by using Active Directory Sites and Services. Or verify them from the DNS Manager.

Verifying Active Directory Database
Your Ntds.dit file is the Active Directory database. Verify that it resides in the %Systemroot%\Ntds folder.

Verifying Global Catalog Server
By default, the first domain controller becomes a global catalog server. To verify this item:
a. Click Start, click Administrative Tools, and then click Active Directory Sites and Services.
b. Double-click Sites, expand Servers, and then select your domain controller.
c. Double-click the domain controller to expand the server contents.
d. Below the server, an NTDS Settings object is displayed. Right-click the object, and then click Properties.
e. On the General tab, make sure that the Global Catalog check box is selected (this is the default setting).
You can also verify DC server using DNS Manager.


Verifying Root Domain
The forest root is created when the first domain controller is installed. Verify your computer network identification in My Computer. The Domain Name System (DNS) suffix of your computer should match the domain name that the domain controller belongs to. Also, make sure that your computer registers the correct computer role. To verify this role, use the net accounts command. The computer role should be "primary" or "backup," depending on whether the computer is the first domain controller in the domain.

Verifying Shared System Volume
A Windows domain controller should have a shared system volume located in the %Systemroot%\Sysvol\Sysvol folder. To verify this item, use the net share command. Active Directory also creates two standard policies during the installation process: The Default Domain policy and the Default Domain Controllers policy (located in the %Systemroot%\Sysvol\Domain\Policies folder). These policies are displayed as the following globally unique identifiers (GUIDs):
{31B2F340-016D-11D2-945F-00C04FB984F9} -- representing the Default Domain policy
{6AC1786C-016F-11D2-945F-00C04fB984F9} -- representing the Default Domain Controllers policy

Verifying SRV Resource Records
You must have a DNS server installed and configured for Active Directory and the associated client software to function correctly. Microsoft recommends that you use Microsoft version of DNS Server as your DNS server (this is bundled with Windows Server). However, this version of DNS is not required. Use the DNS Manager MMC snap-in to verify that the correct zones and resource records are created for each DNS zone. Active Directory creates its SRV RRs in the following folders:
• _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
• _Msdcs/Dc/_Tcp
In these locations, an SRV RR is displayed for the following services:
• _kerberos
• _ldap
Back to the top

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics


 

 


 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.