A. A. Windows 2000 ships with a utility, DCPROMO.EXE, which is used to promote a stand-alone/member server to a domain controller and vice-versa.
In Windows 2000 domains are DNS names which means you can have a hierarchy of domains leading to parent-child domain relationships. The advantage of these parent-child relationships is that there have a bidirectional transitive trust which means that if domain b is a child of domain a, and domain c is a child of domain b, domain c implicitly trusts domain a. This is very different from the way trusts work in earlier versions of Windows NT.
Since Windows 2000 domains rely on DNS it is vital that DNS is correctly configured to enable the domain to be created (if you are creating a new top level domain). Information on configuring DNS for a domain can be found here.
A final pre-requisite is that an NTFS 5.0 volume is required to house the SYSVOL volume and so ensure you have at least one NTFS 5.0 volume (use CHKNTFS to check the versions of your partitions).
To upgrade a stand-alone/member server to a domain controller perform the following:
- Start the DCPROMO utility (Start - Run - DCPROMO)
- Click Next to the introduction screen
- You will have a choice to "New domain" or "Replica domain controller in existing domain". There is no concept of a BDC in NT 5.0 and all domain controllers are equal (more or less :-) ). Select New Domain and click Next
- A new concept is trees which enable the idea of child domains. If you are starting a new top level domain select "Create new domain tree", to create a child domain select "Create new child domain". Click Next
- If you selected to create a new domain tree you will be asked if you want to "Create a new forest of domain trees" or "put this new domain tree in an existing forest". Forests enable you to "join" a number of separate domain trees and again a transitive trust relationship is created between them. If this is your first NT 5.0 domain tree you should create a new forest. Click Next
- You will then be asked for the DNS name of your domain, e.g. savilltech.com is a valid domain name. It is important this matches information configured on the DNS server. Click Next
- You will then be asked for a NetBIOS domain name which by default will be the left most part of the DNS domain name (up to the first 15 characters), e.g. savilltech, however this can be changed. Click Next to continue.
- You will then have to provide a storage area for the Active Directory and the Active Directory log. Except the defaults and click Next
- Finally you must select an area on an NTFS 5.0 partition for the SYSVOL volume for storage of the servers public files, %systemroot%\SYSVOL by default. Click Next
- An option to weaken security for pre-Windows 2000 services such as a 4.0 RAS server. Select your option and click Next
- You will be asked for an Administrator password to be used in Directory Server restore mode. Click Next
- A summary screen will be displayed and click Next to start the upgrade. It sets security and creates the Directory Server schema container. Information from the default directory service file and the old SAM is then read in if the machine is an upgraded PDC.
- You should then click Finish and reboot the machine.
You now have a Windows 2000 domain controller. Additional domain controllers (old BDC's) can be added by performing the above and selecting "Replica domain controller in existing domain" in step 3. It would then ask you the name of the domain to replica.