none
Recommended order for setting up Active Directory, DNS and DHCP services

    Question

  • Hi all,

    I was wondering whether anybody could advise me on which order Active Directory and DNS services should be setup as part of a Domain Controller, I have seen a majority of sources on the Internet including Microsoft help pages suggesting to install Active Directory and DNS services before setting up the IP configurations of the server, however I have seen a minority of sources on the Internet where some people suggest to setup the IP configurations of the server before installing Active Directory and DNS services. Would there be any consequences encountered at later date if the IP configurations were made on the server before installing Active Directory and DNS? If so, what problems would I most likely to come across and can they be easily rectified? Does this vary depending on which version of Windows Server you use as well as order of setup? Also what order would you setup DHCP? Are there are any right and wrong answers with achieving these tasks? Reason why I am asking is that I am trying to get into good practices of setting up Windows servers and cannot find any accurate information to clarify this. Your help would be much appreciated.

    Kind regards,

    RocknRollTim

    P.S. I forgot to mention I have been reading up in books particularly the studying guides for Windows Server 2000, 2003 and 2008 as well as watching videos on YouTube for Windows Server 2008, 2008 R2, 2012, 2012 R2 and 2016.

    • Edited by RocknRollTim Tuesday, December 27, 2016 11:26 AM
    Tuesday, December 27, 2016 11:22 AM

Answers

  • Hi RocknRollTim,

    I would suggest that you set the IP address on the server that is going to be DC as all the records of the DC will register against that IP address.

    Follow the usual process of DC Configuration and DNS will be prompted to be configured. 

    Setup DHCP post AD and DNS configuration as the DNS entries and suffix will be added in the Scope config.

    Your Order will be:

    IP Address of the server

    Patch the Server

    Setup AD and DNS

    Setup DHCP and Configure Scope

    Run baseline analyzer from the server manager and check recommendations.

    Hope this helps.

    Regards

    J


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:02 AM
    Tuesday, December 27, 2016 12:41 PM
  • I second JimmySal

    Additionally if you are looking for some check list.. pls find below

    OS Installation Post Check List:
    Install Windows server XX Operating System
    Configure the IP interface on the server
    Configure Windows Firewall
    Remove indexing from all drives
    Disable recycle bin
    Set Page file size
    Configuration of System start-up (5 sec)
    Complete installation of MS patches
    Install Windows Backup feature
    Install SNMP service
    WINS configuration
    Configure Teaming

    Promoting as Domain Controller:
    Join this server to Domain
    Promote Server to Domain Controller

    Post Check List:
    Point primary DNS Server IP same as DC IP
    Disable IPv6
    Remove :.  entry from IP6 DNS properties
    Configure DNS Forwards if any
    Configure DNS scavenging - [Domain Zone and on DNS server]
    Check name resolution works fine 
    Install approved hotfix
    Verify net logon and SYSVOL shared on the DC
    Run the Dcdiag command and confirm no erros
    Check event logs for any errors

    Ensure IIS is not installed and running on the DC 



    Regards, Nidhin.CK

    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:02 AM
    Tuesday, December 27, 2016 1:44 PM
  • Hello,

    You have couple of good answers with reference information above. Answering your question about the "right or wrong" answers, the right order is the one that works. And that really depends by what you mean by setup Active Directory and DNS services. I will assume that you mean you are trying to install the Active Directory Domain Services and DNS Server roles on your machine. Then here is what you should know:

    • Although you can add DNS server role without IP configuration on the server, clients wan't be able to access it.
    • AD DS Domain Controller cannot be promoted while the server has a dynamic IP address. 
    • Additionally if it is not the first AD DS Domain Controller, it will have to be able to access your existing AD Environment during promotion, meaning that even if you don't setup it with correct IP configuration initially, it has to be a functional IP configuration anyways, which really makes little sense (why not setup correct config, if you anyway have to setup some?)

    Given that, I would say, that the recommended order is to first configure IP Configuration of the server and then add AD DS, DNS or DHCP roles on it.

    As for what happens if you change the IP configuration after the role is setup - it is a normal scenario. The impact may depend on the exact circumstances though - for example if the server is a DC and DNS and clients are configured to use it for name resolution, you may have to ensure that they are repainted to it's new IP address after the change. However, most of the thing will happen automatically. Again, for example if the server is a DC, but is not used by clients for DNS queries, it will update it's DNS registration after IP configuration change automatically, thus ensuring that clients can still use it for Authentication without any manual interaction necessary.

    So, the best way is to configure IP settings before setting up the roles. The IP configuration can be changed afterwards, but the exact steps depend on the set of roles the server holds.

    /Regards


    • Edited by Avendil Tuesday, December 27, 2016 4:38 PM
    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:03 AM
    Tuesday, December 27, 2016 4:38 PM

All replies

  • Hi RocknRollTim,

    I would suggest that you set the IP address on the server that is going to be DC as all the records of the DC will register against that IP address.

    Follow the usual process of DC Configuration and DNS will be prompted to be configured. 

    Setup DHCP post AD and DNS configuration as the DNS entries and suffix will be added in the Scope config.

    Your Order will be:

    IP Address of the server

    Patch the Server

    Setup AD and DNS

    Setup DHCP and Configure Scope

    Run baseline analyzer from the server manager and check recommendations.

    Hope this helps.

    Regards

    J


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:02 AM
    Tuesday, December 27, 2016 12:41 PM
  • I second JimmySal

    Additionally if you are looking for some check list.. pls find below

    OS Installation Post Check List:
    Install Windows server XX Operating System
    Configure the IP interface on the server
    Configure Windows Firewall
    Remove indexing from all drives
    Disable recycle bin
    Set Page file size
    Configuration of System start-up (5 sec)
    Complete installation of MS patches
    Install Windows Backup feature
    Install SNMP service
    WINS configuration
    Configure Teaming

    Promoting as Domain Controller:
    Join this server to Domain
    Promote Server to Domain Controller

    Post Check List:
    Point primary DNS Server IP same as DC IP
    Disable IPv6
    Remove :.  entry from IP6 DNS properties
    Configure DNS Forwards if any
    Configure DNS scavenging - [Domain Zone and on DNS server]
    Check name resolution works fine 
    Install approved hotfix
    Verify net logon and SYSVOL shared on the DC
    Run the Dcdiag command and confirm no erros
    Check event logs for any errors

    Ensure IIS is not installed and running on the DC 



    Regards, Nidhin.CK

    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:02 AM
    Tuesday, December 27, 2016 1:44 PM
  • Hello,

    You have couple of good answers with reference information above. Answering your question about the "right or wrong" answers, the right order is the one that works. And that really depends by what you mean by setup Active Directory and DNS services. I will assume that you mean you are trying to install the Active Directory Domain Services and DNS Server roles on your machine. Then here is what you should know:

    • Although you can add DNS server role without IP configuration on the server, clients wan't be able to access it.
    • AD DS Domain Controller cannot be promoted while the server has a dynamic IP address. 
    • Additionally if it is not the first AD DS Domain Controller, it will have to be able to access your existing AD Environment during promotion, meaning that even if you don't setup it with correct IP configuration initially, it has to be a functional IP configuration anyways, which really makes little sense (why not setup correct config, if you anyway have to setup some?)

    Given that, I would say, that the recommended order is to first configure IP Configuration of the server and then add AD DS, DNS or DHCP roles on it.

    As for what happens if you change the IP configuration after the role is setup - it is a normal scenario. The impact may depend on the exact circumstances though - for example if the server is a DC and DNS and clients are configured to use it for name resolution, you may have to ensure that they are repainted to it's new IP address after the change. However, most of the thing will happen automatically. Again, for example if the server is a DC, but is not used by clients for DNS queries, it will update it's DNS registration after IP configuration change automatically, thus ensuring that clients can still use it for Authentication without any manual interaction necessary.

    So, the best way is to configure IP settings before setting up the roles. The IP configuration can be changed afterwards, but the exact steps depend on the set of roles the server holds.

    /Regards


    • Edited by Avendil Tuesday, December 27, 2016 4:38 PM
    • Marked as answer by RocknRollTim Thursday, December 29, 2016 11:03 AM
    Tuesday, December 27, 2016 4:38 PM
  • Hi JimmySal,

    Sorry for the delay in getting back to you and thank you for the information. Will consider your suggestions in your post.

    Many thanks,

    RocknRollTim
    Thursday, December 29, 2016 10:59 AM
  • Hi Nidhin.CK,

    Sorry for the delay in getting back to you and thank you for the information. Will consider your suggestions in your post.

    Many thanks,

    RocknRollTim
    Thursday, December 29, 2016 10:59 AM
  • Hi Avendil,

    Sorry for the delay in getting back to you and thank you for the information. Will consider your suggestions in your post and yes I did mean to install the Active Directory Domain Services and DNS Server roles on my machine.

    Many thanks,

    RocknRollTim
    Thursday, December 29, 2016 11:02 AM