This is the 6th post in this series and today I am working on resolving a warning which appears when you are trying to create a new forest in a new network.

Let us walk through the above error first and then the steps to resolve it:

Step 1: Installing Active Directory Domain Services

• I created a new VM and installed Windows Server 2012
• In Server Manager –> click on Manage –> click Add Roles and Features Wizard –> click Next
• Under Select installation type, select Role-based or feature-based installation –> click Next
  
  
  
  
  
• Under Select destination server –> click Next
  
  
  
  
  
• Under Select server roles –> click Active Directory Domain Services
• Under Add features that are required for AD DS –> click Add Features –> click Next
  
  
  
  
  
• Under Select features –> click Next –> click Next –> click Install
  
  
  
  
  
• Finally the Installation progress window shows, installation completed successfully but Configuration required
  
  
  
  
  
• Click Promote this server to a domain controller, this starts Active Directory Domain Services Configuration Wizard
• Under Deployment Configuration –> click Add a new forest, type Root domain name: dotnetscraps.com –> click Next
  
  
  
  
  
• Under Domain Controller Options, enter Directory Services Restore Mode (DSRM) password –> click Next
  
  
  
  
  
• Here you are prompted with the warning..
  
  
  
  
  
• If you continue further on the wizard, you will get the prerequisites check failure messages
  
  
  
  
  

Step 2: Installing DNS Server

• In Server Manager –> click on Manage –> click Add Roles and Features Wizard –> click Next
• Under Select installation type, select Role-based or feature-based installation –> click Next
  
  
  
  
  
• Under Select destination server –> click Next
  
  
  
  
  
• Under Select server roles –> click DNS Server
• Under Add features that are required for DNS Server –> click Add Features –> click Next
  
  
  
  
  
• Click Next –> click Next –> Install
  
  
  
  
  
• Once the install the completed, let us configure DNS Server
  
  

Step 3: Configuring DNS Server

• In Server Manager –> DNS
• Under Servers –> right click WIN-DC –> click DNS Manager
  
  
  
  
  
• Under DNS Manager –> right click WIN-DC –> click Configure DNS Server…
  
  
  
  
  
• Under Configure a DNS Server Wizard –> click Next
• Under Select Configuration Action –> click Create a forward lookup zone (recommended for small networks) –> click Next
  
  
  
  
  
• Under Primary Server Location –> click This server maintains the zone –> click Next
  
  NOTE: Since this is my Private Network, I selected This server maintains the zone else you could have selected ISP maintains the zone and followed the steps further
  
  
  
  
• Under Zone Name, type dotnetscraps.com –> click Next
  
  
  
  
  
• Under Zone File –> click Next
  
  
  
  
  
• Under Dynamic Update, I am going with the default Do not allow dynamic updates –> click Next
  
  
  
  
  
• Under Forwarders, I have selected No, it should not forward queries but you can select the first option as well –> click Next
  
  
  
  
  
• The wizard will search for Root Hints and return back –> click Finish
  
  
  
  
  
• This will give you the below error “Configure a DNS Server Wizard could not configure root hints” –> click OK
  
  
  
  
  
• In Server Manager –> DNS –> right click WIN-DC –> DNS Manager
  
  
  
  
  
• Expand WIN-DC –> Forward Lookup Zones, we can see dotnetscraps.com is now added in the Forward Lookup Zones
  
  
  
  
  
• Right click dotnetscraps.com –> click Properties
  
  
  
  
  
• Under General –> Dynamic update: select Nonsecure and secure –> click Apply
  
  
  
  
  

Step 4: Configure DNSSEC (Optional, but you should configure DNSSEC in your domain)

• In DNS Manager –> WIN-DC –> click Forward Lookup Zones –> right click dotnetscraps.com –> DNSSEC –> Sign the Zone
  
  
  
  
  
• I am going to use the default settings –> click Next
  
  
  
  
  
  Click Next
  
  
  
  
  
  Click Next
  
  
  
  
  
  Click Finish
  
  
  

Step 5: Promote the server to a domain controller

• In Server Manager –> Notification –> click Promote this server to a domain controller
• Under Deployment Configuration –> click Add a new forest –> type dotnetscraps.com –> click Next
  
  
  
  
  
• Under Domain Controller Options, type Directory Services Restore Mode *DSRM) password
  
  
  
  
  
• Under DNS Options –> click Change… –> click Next
  
  
  
  
  
• Under Additional Options –> type NetBIOS domain name: <I am leaving the default> –> click Next
  
  
  
  
  
• Under Paths –> change the Database, Log and SYSVOL folder paths –> click Next
  
  
  
  
  
• Under Review Options –> click Next
• Under Prerequisites Check –> click Install
  
  
  
  
  
• The server is now configured as a domain controller
  
  
  
  

Success !!

Hope this helps,
Vivek Kumbhar