Installing Active Directory

A new domain controller holds all three partitions of Active Directory – domain (domain object information), configuration (information about sites and services), and schema (definition of all object and attribute classes). If this is the first domain controller in a forest, it will also be a global catalog server, holding the global catalog partition (all objects in the forest and a subset of attributes) as well.

Note that the first domain controller in the root domain will house all operations master roles:

  • Schema Master
  • Domain Naming Master
  • Infrastructure Master
  • RID Master
  • PDC Emulator

By the same token, the first domain controller in each new domain will hold the following three roles:

  • Infrastructure Master
  • RID Master
  • PDC Emulator

Of course, these roles can be changes to other domain controllers, and often should based on resource usage. As a rule, you should ensure that the Infrastructure Master is not a global catalog server, since this will impact the validity of user-to-group references.

Something else that you should note is that after installing the first domain controller in a domain, the domain will still be in Mixed Mode. Mixed Mode exists for the purpose of backwards compatibility with NT 4 BDCs. However, even if you are installing a new domain from scratch, it will be installed in Mixed Mode. In order to realize many of the benefits of Active Directory, including the ability to nest groups, use universal groups, and have the SID history attribute saved, you will need to be in Native Mode. This change is made on a domain-by-domain basis, not once for the whole forest as many people mistakenly think. To change a domain from Mixed Mode to Native Mode, use Active Directory Users and Computers (or Active Directory Domains and Trusts) by choosing the domain properties.

Note that the change from Mixed Mode to Native Mode is a one-way process and cannot be reversed.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.