Setting up Windows Server 2003 as a Domain Controller, dhcp server, dns server, wins server, and share an internet connection through a wireless router.

Since I am a system admin, every so often, I am required to perform a new server installation that won't screw up my existing network.  Since I thought others might benefit from knowing how to do this, I might as well blog about it.  I am going to also make this able to share a local connection to the internet via a usb verizon modem (already installed and connected).

I am assuming that we have a brand new server 2003 installation with symantec antivirus corporate installed and fully updated to service pack 2.  Also, we are going to have the server connected to a new network, so perhaps pick up an old router and plug the server into its lan port.  Make sure the router has ip 192.168.0.2 and has dhcp turned off.

Now on the server, goto control panel > network connections> local area network (the one that the router is on), goto properties of tcp/ip.  Set ip to: 192.168.0.1 and subnet to 255.255.255.0, gateway should be 192.168.0.1, and the dns server should be 127.0.0.1.  Click ok to any messages and get back to the desktop.  The network setup is now complete.

Goto start>all programs>administrative tools>manage your server.  Click on Add or remove a role.  At this point, your windows server cd should be in the cd drive.  click next to the screen and wait on the wizard.  Click custom configuration since a typical config will mess up your ip / remote access settings.   Select Domain Controller (Active Directory), and click next.  Click next to run the wizard.  Click next in the wizard (gotta love Microsoft), click next again to the information, then select domain controller for a new domain, and click next again.  We want a domain in a new forest so click next.  the full dns domain name should be one that you want.  It can be an internet domain or a local domain.  For this, I recommend using a local domain, so I put in buffalo.matthouse.local.

Click next, then you should see the netbios name.  For this, I am going to enter MATTHOUSE, but use this as your domain identifier for windows 98 machines, etc.  The folder locations are fine, so continue by clicking next.  click next to system volume and the next screen.

At this point, we want to install and configure dns now, so leave that selected, and click next.  Now you can make your server compatible with windows 95/98, I highly suggest you select only 2000/2003 domains (the default) because it still seems to work fine on windows 98 for file sharing (I have never verified actual domain logins).  Now you can enter a password for Active Directory Restore Mode.  This is the password that will let you back up / uninstall the active directory controller.  enter this password and hit next and next again to the confirmation.  Then wait a few minutes then click finish, then click restart now, it should restart the server.

When the server restarts, you will notice it takes forever to prepare network connections.  This is normal since active directory is built to handle high traffic and sets up your network card each time to perform at its maximum throughput.  Once it gets to the login screen, hit ctrl alt del and login. 

Click finish to the wizard.  Now go back to the manage your server screen unless it automatically comes up.  Now click add or remove a role again.  click next, and select wins server.  click next again.  Now click finish.

In the manage your server box, click add or remove role and click next.  This time select: DHCP server and click next.  In the wizard that pops up shortly after, click next, give your network address range a name, like Matthouse Addressing, and description like IP Address Range for Matthouse.  Click next.  Start IP can be between 192.168.0.3 and 192.168.0.254 (the total addresses given out).  Typical routers have a default range of 192.168.0.100 to 192.168.0.200, and since i intend on less than 100 clients, i will make this compatible and select start ip at 192.168.0.150 and end at 192.168.0.254, which will ensure enough addresses for my network and not conflict with a router if one is accidently added.

now it will ask you for any exclusion ranges, since we planned ahead, there are none so click next.  Select a duration for computers to have addresses for, I kept it at 8 days, but you can go anywhere from 1 minute to 999 days.  If a computer has an address and it expires, it will simply renew that address with the server, so a low expiration time won't hurt your network.  Click next, and say you want to configure options now.  The router used by clients is going to be your gateway to the internet, and since its this computer, type in 192.168.0.1 and click add, then click next.

now for dns servers.  Since this computer will be your primary dns server, type in 192.168.0.1 and click add, then click next again.  Net bios will be up now, this is your wins server, since this is your wins server, enter 192.168.0.1, click add, then click next.  Click I want to activate the scope now, click next then click finish.  Then click finish again.

Now we need to configure some stuff.  First, lets configure dhcp to work so network computers can be connected to our router and get a valid address from the server.  in the manage your server screen, click manage this dhcp server.  expand your server by clicking the +.  Notice how the red is there.  Right click your server, and click authorize.  Now exit the screen, and reclick manage dhcp server and expand it again.  Now it should be green.  We can exit the window.

Now click on manage dns server.  expand, then right click the server, click properties.  Now goto forwarders.  Add the following ip addresses (from opendns, a great dns service), 208.67.222.222 and 208.67.220.220.  After you add both, click ok then get out of the dns panel.  You can also exit manage your server at this time. 

Now we want to goto start>all programs>adminstrative tools>domain security policy.  goto account policies, and password policies.  change enroce history, max age, min age all to 0, min length to 4, and change complexity to disabled.  you can also change lockout policies also.  This way in active directory, you can enter a password like fish (my first password ever lol).  Now when you add a windows computer or share, your login is now controlled through active directory, meaning you log into a domain and access data on the domain.  From this remote profiles and desktops are possible, along with simple windows desktops that appear the same on every computer in your network.

Now to share your internet connection.  This is perhaps the easiest step.  We simply want to goto the control panel > network connections and select your internet connection (like verizon's celluar modem connection in this case), goto the properties tab and share this connection.  It will change your ip settings around for your local network. 

Connect the verizon internet connection and try plugging in a computer into your router and it should have internet access, and in the address bar of my computer: \servername should ask for a login (use your admin login for now until you set up one in active directory), and you will see your server's administrative shares.

Now you can do other administrative tasks, stay tuned as I consider writing an addon for setting up file and printer sharing with active directory security groups.  I will also be writing about how to set up Internet Information Services 7 for applications sometime in the near future.