|
How to verify an Active
Directory installation
After you have installed a new domain controller or performed an DC upgrade,
you may want to verify the correct Active Directory installation or upgrade.
Verifying Default Containers
Default Containers are created automatically when the first domain is
created. To verify them, open the Active Directory Users and Computers, and
then verify that the following containers appear here:
• Computers
• Users
• ForeignSecurityPrincipals
Verifying Default Domain Controllers
Organizational Unit
Domain Controllers holds the first domain controller and also serves as the
default container for new Windows Server domain controllers. Open Active
Directory Users and Computers, and then verify that this organizational unit
appears here.
Verifying Default-First-Site-Name
When installing or prmote a server to domain controller, the Dcpromo.exe
program determines the site that the domain controller can become a member
of. If the domain controller that is being created is the first in a new
forest, a default site named "Default-First-Site-Name" is created and the
domain controller becomes a member of this site until the appropriate
subnets and sites are configured. You can verify this item by using Active
Directory Sites and Services. Or verify them from the DNS Manager.
Verifying Active Directory Database
Your Ntds.dit file is the Active Directory database. Verify that it resides
in the %Systemroot%\Ntds folder.
Verifying Global Catalog Server
By default, the first domain controller becomes a global catalog server. To
verify this item:
a. Click Start, click Administrative Tools, and then click Active Directory
Sites and Services.
b. Double-click Sites, expand Servers, and then select your domain
controller.
c. Double-click the domain controller to expand the server contents.
d. Below the server, an NTDS Settings object is displayed. Right-click the
object, and then click Properties.
e. On the General tab, make sure that the Global Catalog check box is
selected (this is the default setting).
You can also verify DC server using DNS Manager.
Verifying Root Domain
The forest root is created when the first domain controller is installed.
Verify your computer network identification in My Computer. The Domain Name
System (DNS) suffix of your computer should match the domain name that the
domain controller belongs to. Also, make sure that your computer registers
the correct computer role. To verify this role, use the net accounts
command. The computer role should be "primary" or "backup," depending on
whether the computer is the first domain controller in the domain.
Verifying Shared System Volume
A Windows domain controller should have a shared system volume located in
the %Systemroot%\Sysvol\Sysvol folder. To verify this item, use the net
share command. Active Directory also creates two standard policies during
the installation process: The Default Domain policy and the Default Domain
Controllers policy (located in the %Systemroot%\Sysvol\Domain\Policies
folder). These policies are displayed as the following globally unique
identifiers (GUIDs):
{31B2F340-016D-11D2-945F-00C04FB984F9} -- representing the Default Domain
policy
{6AC1786C-016F-11D2-945F-00C04fB984F9} -- representing the Default Domain
Controllers policy
Verifying SRV Resource Records
You must have a DNS server installed and configured for Active Directory and
the associated client software to function correctly. Microsoft recommends
that you use Microsoft version of DNS Server as your DNS server (this is
bundled with Windows Server). However, this version of DNS is not required.
Use the DNS Manager MMC snap-in to verify that the correct zones and
resource records are created for each DNS zone. Active Directory creates its
SRV RRs in the following folders:
• _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
• _Msdcs/Dc/_Tcp
In these locations, an SRV RR is displayed for the following services:
• _kerberos
• _ldap
Back to the top
Post your questions, comments, feedbacks and suggestions
Contact a consultant
Related Topics
|
|
