
Saturday, January 23, 2010

New Active Directory Domain Services Checklist

  1. Install Server 2008 R2 on servers to become DCs, all applicable drivers, and Windows updates.
  2. Assign static IP address (disable IPv6 if you don’t plan to use it).
  3. Enable Active Directory Domain Services role.
  4. Run DCPROMO to begin AD installation. Separate the AD database and logs on different disks (RAID 1 ideally), keep SYSVOL with the database.
  5. Install DNS, ensure that Dynamic Updates are set to Secure Only. Set the domain controller to point to it’s own production IP address for DNS resolution.
  6. Configure sites, add subnets, configure replication (rename default links).
  7. Distribute FSMO roles according to best practices.
  8. Configure NTP on DC holding the PDCe FSMO role. (see time services refresher posted earlier)
  9. Build OU structure.
  10. Make copies of default GPOs, rename the copies, and unlink the originals.
  11. Install DHCP role, configure scopes. (2008 R2 includes a nifty split scope wizard)
  12. Enable AD recycle bin.
  13. Set up ADMX central store.
  14. Create starter GPOs in GPMC (optional).
  15. Run dcdiag and repadmin, correct any errors or failures.
  16. Check event logs on all DCs, correct any errors or misconfigurations.
  17. Backup system state on each DC, using Windows Server Backup or a 3rd party solution.

1 comment: