- Install Server 2008 R2 on servers to become DCs, all applicable drivers, and Windows updates.
- Assign static IP address (disable IPv6 if you don’t plan to use it).
- Enable Active Directory Domain Services role.
- Run DCPROMO to begin AD installation. Separate the AD database and logs on different disks (RAID 1 ideally), keep SYSVOL with the database.
- Install DNS, ensure that Dynamic Updates are set to Secure Only. Set the domain controller to point to it’s own production IP address for DNS resolution.
- Configure sites, add subnets, configure replication (rename default links).
- Distribute FSMO roles according to best practices.
- Configure NTP on DC holding the PDCe FSMO role. (see time services refresher posted earlier)
- Build OU structure.
- Make copies of default GPOs, rename the copies, and unlink the originals.
- Install DHCP role, configure scopes. (2008 R2 includes a nifty split scope wizard)
- Enable AD recycle bin.
- Set up ADMX central store.
- Create starter GPOs in GPMC (optional).
- Run dcdiag and repadmin, correct any errors or failures.
- Check event logs on all DCs, correct any errors or misconfigurations.
- Backup system state on each DC, using Windows Server Backup or a 3rd party solution.
thanks, very helpful and nice layout.