0

I'm looking to create a domain called "developer.domain.com" to join computers to. I need to make a domain controller for this domain in Windows Server 2012, this is my first time. What are the steps? So far I have researched and pulled together steps from different sources but I don't know if I'm missing any steps or if some steps don't apply to me. Please review:

  1. Register "domain.com"

  2. Configured server IP to be static (say 192.168.1.3). ----Should I set the preferred DNS servers in this configuration to the same thing they were before? Im guessing that's my ISP's DNS servers and I should leave it the same as before?

  3. Installed ADDS and DNS roles.

  4. Add domain to Forward Look Up Zones: DNS Manager -> Forward LookUp Zones -> New Zone for "domain.com" (primary)

  5. Create A record for subdomain: Refresh -> Forward Look Up Zones -> domain.com -> create New Host(A or AAAA) record for "developer.domain.com" ----- Is this supposed to point to the static IP I just made in step 1?

  6. Create A records for nameservers: -----What IPs should the name server A records point to? Same server IP as "developer.domain.com"?

  7. Create NS records for nameservers: Refresh -> Forward Look Up Zones - > domain.com -> Properties -> NameServers tab -> Add ns1.domain.com -> Resolve -> Add ns2.domain.com -> Resolve

  8. Add nameservers in Internet Registrar settings

After all this can I join computers to domain?

Vazgen
  • 359
  • 2
  • 9
  • 18

1 Answers1

2

You should own the domain you're using, so in your example, you need to own domain.com. You do not, however, need to create any DNS entries for it, either on your internal LAN or externally.

If you're installing AD from scratch then you can just go ahead and install the AD Domain Services role on your server. You just supply the domain name developer.domain.com as the AD domain name.

You'll be prompted to install DNS as part of the AD installation process, say yes to this offer and it should install DNS and create the appropriate entries for you. DO NOT try and use the ISP's DNS for your domain controller or your clients. You can have your local DNS forward requests to the ISP DNS but the sever and its clients need to use the AD server's own DNS server to find each other for your local network to work properly.

While its possible to do the DNS configuration by hand, if you've never installed AD before then I'd strongly suggest letting the AD install process do this for you then looking at what its done afterwards.

This is all you need to do to create a domain that you can join computers to in a network. There's a lot of "best practice" stuff you should really be doing as well (you really should have more than one DC for a start) but this is the basic 'get you started' level.

You might find this question useful for AD background too.

Community
  • 1
Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • Thank you for the reply. I already tried letting the AD wizard to do everything for me but I got a warning that I didn't feel comfortable ignoring as I didn't know if it applied or not. The warning was "The delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or does not run Windows DNS Server." – Vazgen Oct 29 '12 at 17:42
  • If I understand correctly, I can ignore this warning because I do not care if domain.com resolves to my server, I'm only concerned about developer.domain.com to resolve. Am I understanding correctly? – Vazgen Oct 29 '12 at 18:21
  • Yes you are right @vazgen This is the server giving you a warning so you can check things are behaving as expected, rather than an error as such. See http://blogs.technet.com/b/activedirectoryua/archive/2011/07/07/a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent-zone-cannot-be-found-or-it-does-not-run-windows-dns-server.aspx – Rob Moir Oct 29 '12 at 18:54
  • Thank you but I'm not able to join a different computer to my "developer.domain.com" domain name it says the domain controller cannot be contacted. What am I still missing? – Vazgen Oct 29 '12 at 19:03
  • The domain controller is running on a VM on my client computer. Perhaps this is a misconfiguration of the virtual switch? I have the "preferred dns server" on the network adapter properties on the domain controller VM set to itself (192.168.1.3). However ping developer.domain.com resolves to an IP address that is not 192.168.1.3. If I set these same configurations for the virtual switch network adapter on the client, ping developer.domain.com does not resolve to anything. please help? – Vazgen Oct 29 '12 at 20:08
  • Vazgen, that's really a different question (in all seriousness, post it as another question if you're struggling, because details of the virtual server are important) but I will say this - virtual or not you need to ensure every device you want to have talking to each other has both a physical route of some kind and a IP route of some kind. The exact terminology (and right settings) for this vary between different virtualisation software, but essentially you need to bridge the VM's network adapter to your LAN through your host pc's network card. Does that make sense? – Rob Moir Oct 29 '12 at 20:22
  • Yes that bridge is the virtual switch. But shouldn't my pc's network card dns server be set my ISP's dns servers so I can access the internet? Leaving the virtual switch at default, I can still configure the "virtual" network card properties on the VM to a static IP and the preferred DNS server to that static IP but pinging to my develop.domain.com from my PC does not resolve to that static IP. I'm sorry this is just all really confusing for me. I'll eventually mark you as answer if nobody else can clarify. Thank you for the help – Vazgen Oct 29 '12 at 20:38
  • I feel like I should be doing some kind of forwarding in the control panel of my domain registrar for domain.com.. but the default settings created by the AD DS wizard created one nameserver record for "domcontrollerpc.developer.domain.com" whereas the settings in the internet registrar control panel requires 2 nameservers =\ – Vazgen Oct 29 '12 at 20:42
  • Hold on.. you're not trying to get your host PC to join a domain that's in a guest virtual machine running on the host are you? That will not work reliably at all... – Rob Moir Oct 29 '12 at 22:07
  • No, that's not the case. But other virtual machines running on the same host will need to join the domain. Thanks – Vazgen Nov 02 '12 at 01:04