*******************************************************

STEP BY STEP GUIDE TO SETUP ACTIVE DIRECTORY SERVER, DNS

SERVER, CA SERVER, NPS SERVER & HOW TO BIND NPS SERVER

TO ACTIVE DIRECTORY & CA SERVER.

*******************************************************

2014

WINDOWS 2008 SERVER ANUJ KUMAR

MAILING ADDRESS | anuj_dev007@live.com

******* STEP BY STEP GUIDE TO SETUP ACTIVE DIRECTORY SERVER *******

This tutorial will explain how to install AD on server 2008. This will valid for windows 2008 R2 as well.

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater

The first step is to assign an IP to the server that you going to deploy the AD. It’s necessary to install it as DNS server

too. So it’s better to have fixed IP. It doesn't mean you cannot install AD without fixed IP address but it will solve lot of

issues if you used fixed IP.

In here the server IP is 10.0.0.14. Since we are going to make it as DNS server too you should use the same IP as the

preferred DNS server.

Next step is to install the Active directory roles. Unlikely the older version of windows servers Microsoft highly

recommend to use server manager option to install roles before you run dcpromo.

Click on start menu, Administrative Tools and select the Server Manager.

Select the roles from the right hand panel and click on add roles option.

Click Next on Page “Before You Begin”

From the roles list select the "Active Directory Domain Services" role and Click "Next".

Review the confirmation and click on "Next".

Review the installation confirmation and click on "Install".

It will take few minutes to complete and when it’s done you will get this confirmation. And then click on "Close". After

that you will need to do a reboot.

After reboot please open up the "server Manager" again. And then click on "Roles" there you will see the "Active Directory

Domain Services" is successfully installed in there. Click on it then you will get a window like below.

In their please pay attention to the message. So please click on that link and it will start the DCPROMO wizard.

So next step to go through the DC promo wizard.

To start the installation click on "Next"

Click on "Next"

Since we going to install New domain Controller in new forest please select the option "Create a new domain in

new forest" option and click on "Next"

Now we have to provide the name for our domain controller. It must be FQDN. In our case I used alcatel.com as

the domain. Please click "Next" after it.

In this window it will ask to select forest function level. If you going to add server 2003 domain controller to your

forest later don't select the function level as server 2008. If you going to use full features of 2008 Ad you must

select forest function level as server 2008. In my case I used server 2008. Click on "Next" after the select.

In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click

on "Next"

If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create

the delegation manually. To continue, click "Yes"

In next window it will show up the database location. It its going to be bigger AD its good if you can keep NTDS

database in different partition. Click on "Next" after changes.

In next window its asking to define a restore mode password. Its more important if you had to do a restore from

backup in a server crash. Click on "Next" after filling it.

Next window is giving you a brief of the installation. Click on "Next"

Then it will start the installation of the AD. It will take some time to complete. After complete of the installation

perform a server reboot.

Click on Finish to complete the wizard.

Once the wizard finished the server will automatically displays a message to restart the system to enable the

services to complete the process.

After the reboot, now you can login to the domain. Please use the login as following example.

User name: your domain\administrator

Password: *********

For example:

User name: alcatel\administrator

Password: **********

Deploy a CA and NPS Certificate Server – Windows 2008 R2 Standard Server

Prerequisites: Windows 2008 R2 Server, Services, Active Directory Domain Web Server (IIS).

******* STEP BY STEP GUIDE TO SETUP INSTALL WEB SERVER (IIS) *******

Open Server Manager and Select the roles from the right hand panel and click on add roles option.

Click Next on Page “Before You Begin”

From the roles list select the "Web Server (IIS)" role and Click "Next".

Click Next on Page “Introduction to Web Server (IIS).

Accept the default web server role services & Click Next.

Confirm installation selections and make sure no errors are present. Click Install.

Confirm installation results have no errors and resolve as necessary. Click Close

*******STEP BY STEP GUIDE TO SETUP ACTIVE DIRECTORY CERTIFICATE SERVICES*******

Click on start menu, Administrative Tools and select the Server Manager.

Select the roles from the right hand panel and click on add roles option.

Click Next on Page “Before You Begin”

From the roles list select the "Active Directory Certificate Services" role and Click "Next".

Click Next on Page “Introduction to Active Directory Certificate Services.

Check Certification Authority (default) & Check Certification Authority Web Enrollment. Click Add Required Role

Services if prompted. Click Next.

Select Enterprise. Click Next.

Select Root CA. Click Next.

Select option “Create a new private key”. Click Next.

Accept default encryption types, bit length, and hash algorithm. Click Next.

Leave default Common name and Distinguished name suffix. Click Next.

Modify validity period if desired. Click Next.

Accept certificate database defaults. Click Next.

IIS Introduction. Click Next.

Accept default web server roles services. Click Next.

Confirm installation selections and correct errors if necessary. Note: you cannot change the name of your server after a

Certificate Authority installation. Click Install.

Confirm installation results have no errors and resolve as necessary. Click Close.

******* STEP BY STEP GUIDE TO SETUP INSTALL NPS SERVER *******

Click on start menu, Administrative Tools and select the Server Manager.

Select the roles from the right hand panel and click on add roles option.

Click Next on Page “Before You Begin”

From the roles list select the "Network Policy and Access Services" role and Click "Next".

Review Introduction if desired. Click Next.

Check Network Policy Server. Click Next.

Review installation selections and correct errors as necessary. Click Install.

Review installation results and correct errors if necessary. Click Close.

***** STEP BY STEP GUIDE TO SETUP NPS CERTIFICATE TEMPLATE AND AUTO ENROLLMENT *****

Click on start menu, Administrative Tools and select the Server Manager.

Expand Roles > Active Directory Certificate Services

o > Certificate Templates.

Select RAS and IAS Server.

Right Click and choose Duplicate Template.

Select to Duplicate Template using your Domain Functional Level (from AD Directory Services Install). If uncertain, choose

default Windows Server 2003 Enterprise. Click OK.

Type a Template Display Name that you will recognize for NPS. Adjust validity period to desired duration. Check Publish

certificate in Active Directory.

Click the Security tab. In Group or user names, click RAS and IAS Servers. In Permissions for RAS and IAS servers,

under Allow, select the Enroll and Autoenroll permission check boxes. Click OK.

From Server Manager. Select Roles > Active Directory Certificate Services > Your CA > Certificate Templates. Right Click in

Certificate Templates task pane. Select New > Certificate Template to Issue.

Choose the name of the Certificate Template created previously. Click OK.

Open Group Policy Editor. Click Start > Administrative Tools > Group Policy Management. Expand Forest > Domains >

$yourdomain > Group Policy Objects. Right Click Default Domain Policy. Click Edit.

Open Computer Configuration, Policies, Windows Settings, Security Settings, and then select Public Key Policies. In the

details pane, double-click Certificate Services Client - Auto-Enrollment. The Certificate Services Client - Auto-Enrollment

Properties dialog box opens.

Change Configuration Model to Enabled. Select Renew expired certificates, update pending certificates, and remove

revoked certificates. Select Update certificates that use certificate templates. Click OK

.

Register NPS in Active Directory. In Server Manager. Navigate to Roles > Network Policy and Access Services > NPS

(Local). Right Click NPS (Local) and choose Register server in Active Directory. Review authorization notification. Click OK.

Computer now Authorized. Click OK.

Update the Group policy. Click Start > Run. Type gpupdate /force. Allow update to finish.

Review Issued Certificates. Navigate to Roles > Active Directory Certificates Services > Your CA > Issued Certificates. We

can now see the NPS Certificate has been issued to our machine RCDNCALO\W2K8-STATIC$. This was auto-enrolled after

registering NPS with Active Directory and forcing a Group Policy Update. This will be the Server side certificate used for

applicable EAP Authentication Methods.