Creating the first Windows Server 2003 Domain

Controller in a domain

Preface:

One of the greatest features of Windows Server 2003 is its ability to be a Domain
Controller (DC). The features of a domain extend further than this tutorial ever could,
but some of its most well known features are its ability to store user names and
passwords on a central computer (the Domain Controller) or computers (several
Domain Controllers). In this tutorial we will cover the "promoting" (or creating) of
the first DC in a domain. This will include DNS installation, because without DNS the
client computers wouldn't know who the DC is. You can host DNS on a different
server, but we'll only deal with the basics.

Method:

Click Start -> Run...

Type "dcpromo" and click "OK"

You will see the first window of the wizard. As it suggests, I suggest reading the help
associated with Active Directory. After this, click "Next"
Click "Next" on the compatibility window, and in the next window keep the default
option of "Domain Controller for a new domain" selected, and click "Next"
In this tutorial we will create a domain in a new forest, because it is the first DC, so
keep that option selected

Now we have to think of a name for our domain. If you own a web domain like
"visualwin.com", you can use it, but it isn't suggested because computers inside of
your domain may not be able to reach the company website. Active Directory
domains don't need to be "real" domains like the one above - they can be anything you
wish. So here I will create "visualwin.testdomain"
Now in order to keep things simple, we will use the first part of our domain
("visualwin"), which is the default selection, as the NetBIOS name of the domain
The next dialog suggests storing the AD database and log on separate hard disks, and
so do I, but for this tutorial I'll just keep the defaults

The SYSVOL folder is a public share, where things like .MSI software packages can
be kept when you will distribute packages (as I said, AD has a lot of different
features). Once again, I will keep the default selection but it can be changed if you
wish to use the space of another drive
Now we will get a message that basically says that you will need a DNS server in
order for everything to work the way we want it (i.e., our "visualwin.testdomain" to
be reachable). As I mentioned earlier, we will install the DNS server on this machine
as well, but it can be installed elsewhere. So keep the default selection of "Install and
configure", and click "Next"
Because, after all, this is a Windows Server 2003 tutorial website, we'll assume there
are no pre-Windows 2000 servers that will be accessing this domain, so keep the
default of "Permissions compatible only with Windows 2000 or Windows Server
2003 operating systems" and click "Next"
The restore mode password is the single password that all administrators hope to
never use, however they should also never forget it because this is the single password
that might save a failed server. Make sure it's easy to remember but difficult to guess

Now we will see a summary of what will happen. Make sure it's all correct because
changing it afterwards can prove to be difficult
After the previous next was clicked, the actual process occurs. This can take several
minutes. It's likely that you will be prompted for your Windows Server 2003 CD (for
DNS) so have it handy

If your computer has a dynamically assigned address (from DHCP) you will be
prompted to give it a static IP address. Click ok, and then in the Local Area
Connection properties, click "Internet Protocol (TCP/IP)" and then "Properties"
In the next window select "Use the following IP address" and select the information
that you will use for your domain (and 127.0.0.1 for the primary DNS, because your
computer will host DNS. I still suggest setting up an alternate as well.) Click "OK"
and then "Close" on the next window
And after a while you will see
And we're finished.

Adding users to Active Directory

Preface:

As you know, if you try to add AD users using lusrmgr.msc you will receive the
following error:

And since I cover creating a local user (lusr) I thought it would only be right to cover
creating an Active Directory user.

Method:

Click Start, highlight "Administrative Tools" and select "Active Directory Users and
Computers"
Now, expand your domain name on the left side, and go to the bottom where it says
"Users". Once you click on that, you will see all of the automatically created users,
you will also see all of the users you made before you ran dcpromo - that's because
they all stay through the promotion to DC. Anyway, to add a user, you can either right
click the "Users" folder on the left side, or the blank area on the right side, and
highlight "New" then click "User"
In the next dialog we can set the user's First name, Last name and various other pieces
of information, including their log-on name, and domain to which we want to add
them
After clicking "Next" you are presented with the password-settings screen. You can
set the user's password and then have them change it on their first log-on by selecting
"User must change password at next logon". But in this tutorial, I will set it as their
password, and not allow them to ever change it without asking me (the administrator)
to change it for them

In the next dialog, we get a summary of the user to be created. Click "Finish" and the
user has been created
And we're finished!

Adding a computer to Active Directory

Preface:

Earlier, I showed you how to add users to your Active Directory domain. This tutorial
will focus on how to add computers. This step is not "really" necessary for
workstation computers - at least, I was able to add a Windows XP machine to my
domain without adding the computer name first. This is section is really for looking at
which computers join, and allow other servers to join as DC's, etc. I will show you
how to add the computer using "Active Directory Users and Computers", then in other
tutorials, I will demonstrate how to add a Windows 2000 computer and Windows XP
computer to this domain.

Update:

Brian Desmond (Windows Server MVP) emailed me with the following information
on why someone might want to add a computer to AD manually:
"By default a computer will get dumped in the Computers container, unless a
Windows 2003 Native Mode Domain is inplace, and redircomp has been run to
change this. Precreating computer accounts in OUs will ensure that when the unit is
joined, it is in the correct OU, which guarantees policy consistency, and other
administrative things. One can also specify who can reset the machine’s password.
This will allow an admin to create an account for a computer, and let a normal user
join the machine with their credentials."

Method:

Click Start, highlight "Administrative Tools" and select "Active Directory Users and
Computers"

Expand your domain name, and right-click "Computers", highlight "New" then click
"Computer"
In this dialog we have to type the name of the computer we want to add
In the next dialog just click "Next", then you will see a final report of what will be
added, and you can click "Finish".

And, we're done!

Adding a Windows XP computer to a Windows Server

2003 domain

Preface:

This is basically the same procedure as the Windows 2000 tutorial. Some things to
note about adding a Windows XP computer to a domain are the following:

 You need Windows XP Professional to join a XP computer to a domain.

Home can't be used fully for this
 You will loose the "fancy" log on screen and you will receive the "classic" log
on screen instead. This is for security and cannot be changed, unless you
revert to workgroup mode
 You will loose the "Fast User Switching". This cannot be restored, except by
reverting back to workgroup mode.
Method:

Click Start, right click "My Computer" and click "Properties"

Go to the "Computer Name" tab and click "Change..."

Select the "Domain" radio button then put in your domain name, not including the .
extension (in my example I used the domain "hello.test" but when joining the
computer to a domain, I will only type "hello")
Press "OK". Then you will be presented with a user name and password prompt. Enter
the user name and password of a Domain Administrator

Press "OK" and after a minute or two you will receive a message welcoming you to
the domain. Then you will receive a message telling you that a reboot is required,
click "OK" to that, and the properties window. Then click "Yes" when you are
prompted to reboot.
And we're finished. You have just learnt how to add a Windows XP computer to a
Windows Server 2003 domain

Additive:

After the XP computer boots to Control-Alt-Delete you may need to change it from
logging onto itself (which will use the local info) to logging onto the domain. To do
this, press Ctrl-Alt-Del, then the "Options >>>" button on the log on screen. Then
select the domain from the drop-down box

After that you can log on using domain credentials

IIS

Setting up Perl/CGI to work with Windows Server 2003

The following things are assumed:

1. You are running Windows Server 2003

2. IIS 6.0
3. You installed ActiveState ActivePerl (http://www.activestate.com) to C:\Perl
UPDATE: ActivePerl 5.8.2 Build 808 and higher should add the Web Service
Extensions during install
 4. You are using default (unmodified) ACLs/Permissions

Also, all of my reasoning is explained after the step-by-step is done, at the bottom of
the page.

Load IIS from the Administrative tools in the Control Panel by clicking Start ->
Administrative Tools -> IIS Manager (or loading the Control Panel, entering the
Administrative Tools folder, and double clicking IIS Manager).

Click the name of your computer then click "Web Service Extensions", on the left
side of the main frame you will see a green arrow pointing to a link that says "Add a
new Web service extension...", click that link.
In that window, where it asks for the extension name you can put anything, like "CGI
script" and under the "Required Files" section put the following in (without the
apostrophes) 'C:\Perl\bin\perl.exe "%s" %s' click OK to the notification, click "Set
status to allowed" and press ok.
Now, load up a command prompt (Start->Run... type cmd) and type (without the
quotes) "md c:\inetpub\cgi-bin"

Back in the IIS Manager right click Default Web Site highlight "New" in the pop-up
menu and click "Virtual Directory..." in the new menu
Click next to the first dialog in the wizard, then as a the alias put "cgi-bin" and click
next then as a path for the next dialog put in "c:\inetpub\cgi-bin". On the next dialog
leave everything checked and check execute and click next

Click Finish to end the wizard.

Now right-click cgi-bin and click properties

Click Configuration in the lower right-hand area of the dialog and make sure .pl is
there (if it isn't, add it the way you see it)
 Making your scripts work

To make your scripts work the shebang line (#!/usr/bin/perl) should now be #!C:\Perl\
bin\perl.exe . Any reference to any files should be changed from /home/user etc, to
c:/home/user or c:\\home\\users - note the double back-slashes.

Also, renaming your .cgi scripts to .pl is highly recommended - it's what I do
myself ;-)

Assuming this is all done correctly, you should now be able to run your Perl scripts
successfully using Windows Server 2003, and IIS 6.0

My reasoning

Q: Why do you make cgi-bin in \inetpub and not in \inetpub\wwwroot even though
you're going to be making a Virtual Directory there anyway?
A: The reason I go through these extra few steps are (1) To bring in a Command shell
(open one of those and you immediately look smart, plus it makes things go
wwaaayyy quicker) (2) I got it from the *nix world, what can I say, back when I
hosted on Linux that's the way the directories were set up, so it stayed with me
bottom line is, you don't need it like that, it's just the way I prefer.

Q: Why do you have a cgi-bin folder at all?

A: It is always better to keep your scripts separate from your regular files.

Q: If you know that ActivePerl 5.8.2 Build 808 and higher automagically add the
service extensions, why do you still have this tutorial?

A: Many reasons. First, this tutorial isn't only for Perl, but for anything similar.
Second, just in case :-)

Setting up PHP to work on Windows Server 2003

The following things are pre-assumed:

1. You are running Windows Server 2003

2. IIS 6.0
3. You have installed PHP (http://www.php.net) to C:\PHP (installation issues
are at the bottom of this page)
4. You are using default (unmodified) ACLs/Permissions

Update: Tom McDermid has brought to my attention that in the PHP 5 line, the EXE
name is "php-cgi.exe" instead of "php.exe", so when installing PHP 5, remember to
replace "php.exe" in this tutorial with "php-cgi.exe"

Load IIS from the Administrative tools in the Control Panel by clicking Start ->
Administrative Tools -> IIS Manager (or loading the Control Panel, entering the
Administrative Tools folder, and double clicking IIS Manager).
Click the name of your computer then click "Web Service Extensions", on the left
side of the main frame you will see a green arrow pointing to a link that says "Add a
new Web service extension...", click that link.
For the Extension name put something like "PHP" in and for the Required Files put
"C:\PHP\php.exe", also check to set it to allowed
Now load a command prompt (Start->Run... type cmd) and type "md c:\inetpub\
wwwroot\phpscript"

Back in the IIS Manager double-click "Web Sites", click "Default Web Site", right-
click the directory "phpscript" and click properties
In the new dialog click Create then Configuration (Configuration will only become
enabled after you click Create). If you don't see .php listed then add it by clicking
Add... and setting the following

Click OK and OK and you should be set to run your PHP scripts

Installation issues

Q: I tried installing PHP and got some error about there not being an OCX or
something, either way, now I can't execute my scripts :-(

A: The error you received was stating that an OCX control (ActiveX) that the PHP
installer uses wasn't found, don't worry, that's the reason I wrote this tutorial :-)

My reasoning

Q: Why do you use the Command prompt to make directories when you can just load
Explorer and make it that way?
A: I find it quicker to do by command line, but any method will work.

Setting up PHP-ISAPI on Windows Server 2003

Preface:

I showed you here how to set up PHP using the CGI executable. Since then I've learnt
that the ISAPI DLL may be faster and more secure, so this tutorial will show you how
to set up the ISAPI DLL instead. Credit and thanks goes to Keith W. McCammon for
setting this up on his website, http://mccammon.org/php/iis6_install.php . Made visual
with permission from Keith. Something to note is that these directions had in mind
default (unmodified) ACLs/Permissions.

Method:

Unzip the latest PHP ZIP file to C:\PHP, and copy php.ini-recommended from that
folder to C:\windows\php.ini, then copy php4ts.dll to C:\Windows\System32

Load IIS from the Administrative tools in the Control Panel by clicking Start ->
Administrative Tools -> IIS Manager (or loading the Control Panel, entering the
Administrative Tools folder, and double clicking IIS Manager).
Click the name of your computer then click "Web Service Extensions", on the left
side of the main frame you will see a green arrow pointing to a link that says "Add a
new Web service extension...", click that link.
Set the extension name to anything you'd like, put C:\PHP\sapi\php4isapi.dll as the
Required file, also check "Set status to allowed"
Go to the directory you'd like to configure PHP for in the IIS Manager, right click it,
and select properties

Click the Create button, set the Execute permissions to "Scripts only", then click the
Configuration button
Click Add. For the Executable put - C:\PHP\sapi\php4isapi.dll for the Extension put
".php", set the verbs to all, and make sure the bottom check boxes are checked

Click OK and OK