Windows 2003 and AD
© 2009 Dennis Leeuw
Many thanks go to Rene Dokter for his help in setting up Active Directory and anything related to Microsoft windows.
First install Windows 2003. Give the machine an IP address, set the DNS settings to forest.example.com and NetBIOS to disabled.
Start the command line tool (cmd) and start dcpromo. Create a domain in a new forest with the full DNS name forest.example.com. Don't do the automatic update of DNS, but select the "correct manually" option.
Reboot the server and make sure the server Domain is set to a 2003 functional level! This is crucial otherwise you will not be able to get it working. This is needed to get the SPN settings right later on.
Copy \Windows\System32\Config\netlogon.dns to the DNS server and add the entries to your DNS
Make sure that your name server entries are pointing to IP addresses and do not use CNAME records, because that will make your AD think that the zone is non-authorative:
Wrong:
ns1 CNAME ns1.example.comRight:
ns1 IN A 192.168.1.1
Error 9501: No records found for given DNS queryMeans that the hostname of the AD server is not available in DNS. Restart Netlogon and run:
ipconfig /registerdnsto create or update A host record for your Active Directory server.
Install the Support Tools
On the command line go to C:\Program Files\Support Tools\ and start:
dcdiag /test:registerInDNS /dnsdomain:forest.example.com
Test should pass
Add a user to AD, make a Windows XP workstation member of the domain and log in. This should work.
Create a share and give access to the share for only domain users. Make sure you can access the share from the workstation.
Install on AD:
Create a group in OpenLDAP and in AD:
dn: cn=group1,ou=group,dc=example,dc=com objectclass: posixGroup cn: group1 gidNumber: 501