How to verify an Active Directory installation (298143)

MORE INFORMATION

It is important to verify a successful installation of Active Directory. After you have performed an upgrade, you can verify the promotion of a server to a domain controller by verifying the following items:

1. Default containers: These are created automatically when the first domain is created. Open Active Directory Users and Computers, and then verify that the following containers are present: Computers, Users, and ForeignSecurityPrincipals.
2. Default domain controllers organizational unit: This holds the first domain controller, and additionally serves as the default container for new Windows 2000 domain controllers. Open Active Directory Users and Computers, and then verify this organizational unit.
3. Default-First-Site-Name: During the promotion of a server to domain controller, the Dcpromo.exe program determines the site of which the domain controller can become a member. If the domain controller that is being created is the first in a new forest, a default site named "Default-First-Site-Name" is created and the domain controller becomes a member of this site until the appropriate subnets and sites are configured. You can verify this item by using Active Directory Sites and Services.
4. Active Directory database: The Active Directory database is your Ntds.dit file. Verify its existence in the %Systemroot%\Ntds folder.
5. Global catalog server: The first domain controller becomes a global catalog server, by default. To verify this item:
   1. Click Start, point to Programs, click Administrative Tools, and then click Active Directory Sites and Services.
   2. Double-click Sites to expand it, expand Servers, and then select your domain controller.
   3. Double-click the domain controller to expand the server contents.
   4. Below the server, an NTDS Settings object is displayed. Right-click the object, and then click Properties.
   5. On the General tab, you can observe a global catalog check box, which should be selected, by default.
6. Root domain: The forest root is created when the first domain controller is installed. Verify your computer network identification in My Computer. The Domain Name System (DNS) suffix of your computer should match the domain name that the domain controller belongs to. Also, ensure that your computer registers the proper computer role. To verify this role, use the net accounts command. The computer role should say "primary" or "backup" depending on whether it is the first domain controller in the domain.
7. Shared system volume: A Windows 2000 domain controller should have a shared system volume located in the %Systemroot%\Sysvol\Sysvol folder. To verify this item, use the net share command. The Active Directory also creates two standard policies during the installation process: The Default Domain policy and the Default Domain Controllers policy (located in the %Systemroot%\Sysvol\Domain\Policies folder). These policies are displayed as the following globally unique identifiers (GUIDs):

   {31B2F340-016D-11D2-945F-00C04FB984F9} representing the Default Domain policy
   {6AC1786C-016F-11D2-945F-00C04fB984F9} representing the Default Domain Controllers policy

8. SRV resource records: You must have a DNS server installed and configured for Active Directory and the associated client software to function correctly. Microsoft recommends that you use Microsoft DNS server, which is supplied with Windows 2000 Server as your DNS server. However, Microsoft DNS server is not required. The DNS server that you use must support the Service Resource Record (SRV RR) Requests for Comments (RFC) 2052, and the dynamic update protocol (RFC 2136). Use the DNS Manager Microsoft Management Console (MMC) snap-in to verify that the appropriate zones and resource records are created for each DNS zone. Active Directory creates its SRV RRs in the following folders:
   • _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
   • _Msdcs/Dc/_Tcp
   In these locations, an SRV RR is displayed for the following services:
   • _kerberos
   • _ldap