Sticky: Basic Domain Setup - Technology Forum - Home Theater, Computer, Televisions, Personal Electronics and more!

frontline · 08-10-2006, 02:33 AM

Here I hope to answer a few questions that seem to be popping up more recently about the differences between domains and workgroups, and how to properly setup a Windows based domain.

First off I will be treating every networking device as a seperate entity, even though they are more often than not available as combined products. For example this Linksys WRT54G Wireless router is actually more like four devices in one. It combines the functionlaity of a basic firewall, router, switch, and wireless access point all into one device. There is nothing wrong with this, it makes network setup easier and cheaper for most small networks. It is just a bit easier to explain how everything is working together if we look at each piece all alone.

The most basic level of network is called a WORKGROUP, a loose connection of computers and devices that has no central managment point. This is what you can create when you have all computers running a desktop operating sysem, but still want to be abel to share files and other resources between multiple users and computers. A simple workgroup would look like this:

Each PC connects to the switch. All traffic in the network flows through the switch, and the switch will know which port(s) to send information out of. So if you wanted to send a file across the network only it would just send it to the port on which the destination computer is attached. If it is something destined for the internet it will be sent out the port to which the router is attached. So this means that it is totally possible to have a Gigabit LAN setup without needing a Gigabit router, which is a waste as most residential ISPs will provde less than 10Mbps anyway. Each PC is responsible for keeping track of its own security database. This means that if you want multiple people to be able to use each PC you will need to create the same accounts on all of the PCs. Also you would need to do this if you want to share files between computers as the person would need a local account on the remote PC in order to access the files.

A domain on the other hand has a centralized security control center, the domain controller. This is a server that will hold all of the information about how the domain works. Who has access, who has permission to do what, and what computers are allowed to be a part of the domain. So a domain setup would look more like this:

Notice how this is basically an identical physical setup, with the addition of a server. This is a key point, as in terms of actual hardware one additional computer is really the biggest difference between a small workgroup and a small domain. So what makes this one extra PC so special? It is running a server operating system, Windows 2000 Server or Windows Server 2003. This is what will allow the creation of a domain, and it will hold all of the information about your domain computers and users. Optionally it can also be used to serve files that you want to be accessible by all users, or at least by users at more than one location within the domain. In a domain this is a much easier task as the credentials are all stored on the server, you create a single domain account and it will take care of the rest.

hotshot · 08-10-2006, 02:34 AM

Now on to how to actually create the domain, join computers to it, and create user accounts. As mentioned the key point to a domain is a domain controller running Active Directory (for a modern Windows domain anyway). There are ways to create a domain using Linux or Unix, but that is even more complex than this and beyond what most avergae small scale users would want to do. So we will need to pick out a server that can run Windows Server 2003. There are actually a few different versions of this, which can be looked into on the Microsoft website. I would tend to recommend Small Business Server 20003 for most users that have a need for a dmoain and are not just learning and doing this for the experience of it. It comes bundled with Exchange Server too so it is pretty good for setting up mail and other small business needs. If you are jus interested in doing this as a learning experience then MS actually offers a free 120 day trial for download.

Now that we have the software we need to decide what kind of PC we will be installing it on. Now a true server is a huge thing that is extremely expensive, and I doubt most people would want/need this thing around. Servers are actually built of multiple computers and kept in racks that are 6' or so tall. The racks alone can be in the thousands of dollars. So we will look to an alternative solution, luckily there are plenty of good ones. It might suprise some people but a server doesn't actually need to be all that powerful of a computer. It does however need a lot of RAM and good hard drive speeds. This is why almost every true server you will see will have RAID arrays of SCSI hard drives and plenty of RAM. Unfortunately SCSI and RAID are also very expensive, and complex to setup, and probably also unecessary for most smaller networks. A good solution is basically any fairly modern PC with SATA drives. These would perform more than adequately for a small domain. If you want a true experience then look for used older servers with SCSI and RAID all included. I run a domain of about 10 computers off of an old 500MHz Pentium 3 server with SCSI and RAID, which actually has slower read times than my SATA drives without RAID. Bottom line is that for a smaller network the server doesn't need to be a stellar performer, just make sure it has plenty of RAM and hard drive space.

The next step would be to install the server OS onto the server. I will assume here that most of us have done an install of Windows at some point, and luckily the server editions are not all that different. There are a few more steps, and a few different options, but it is all basically self explanitory and should be easy enough to follow. Notice however that you won't be able to create an actual domain at this point, that is done once the server is up and running.

Once Windows server is installed you will need to make a few different steps than a typical Windows install. You will want to make sure to use a static IP address, as a server that changes its IP is pretty worthless. Right click on My Network Places and choose properties, and from the list of available connections choose your LAN connection. Again right click and choose properites, and then TCP/IP, and click the properties button. Here is where you will need to enter the IP information that is specific to your network. The default gateway should be the IP of your router, and the DNS serevr the IP of the server you are setting up.

Now you can do Windows Update, and will probably need to reboot at least once. Now you can start configuring your server to act as a server.

frontline · 08-10-2006, 02:34 AM

The first step in properly setting up the domain and using the server is to turn DHCP off at your router. You will want to use the DHCP server feature on the new server as it is more robust and offers more features. More importantly it will allow you to set custom settings that make everything work together seemlesly.

After a reboot you should be greeted by a nice screen giving you various options to setup your server. The first thing you will want to do is run the Active Directory setup wizard (dcpromo). This will create the role of Domain Controller on the server. It will also promopt you to do an install of DNS server, do this as it is a necessary step for a working domain. The instructions are pretty clear and simple for a small and simple domain. Basically you just chose a name to call your domain and enter that. As long as it won't be publically accessible, ie a webserver, it doesn't really matter what you use. Other than that you can pretty much just read over everything, and if you don't really understand what is being asked use the default.

At this point you should have AD and DNS up and running. Now we need to install DHCP server so that other PCs will be able to get IPs and join to the domain. Again just run the wizard and it will walk you through the steps of setting up a basic DHCP server. A few things to keep in mind though. It is always good to have some IPs set aside for static use, so don't put your whole IP address range in as the scope. Also create a scope slightly larger than what you think you will need as you will always add computers later on easily this way. Give the address of your router as the router option (actually becomes the default gateway). Then go to the DHCP server from the Administrative Tools menu, and on the Actions menu choose to activate the server. You are now at a place where you can start bringing up the client PCs and join them to the domain.

hotshot · 08-10-2006, 02:35 AM

Joining PCs to a domain is a simple process really. You will need to have an account with the ability to join computers to the domain (if you have been following use the default administrator account at this point). You can either do this as you install Windows on the PC, it will ask if you want to join a Workgroup or Domain, or after it has been running already. To change membership to the newly created domain just right click on My Computer and choose properties. Then from there the Computer Name tab, and click the change button. From there just select the Domain radio button, enter the domain name and click OK. You will be prompted for the account name and password, enter them. You should soon see a Welcome to the domain pop up. You will now need to reboot the PC. When it comes back up you will be greeted with a Domain login box, and need to hit Ctrl-Alt-Del.

frontline · 08-10-2006, 02:36 AM

Excellent thread Erik,
I have been considering doing this with my "spare" pc.. but the thought of having to spend out on server software just for a learning experience put me off a bit ..

Didn't know that MS gives that 120 day freebie!!..might just give this a go and see what happens.. at the very least I might just find out how thick I really am!!..

hotshot · 08-10-2006, 02:36 AM

If I plugged all pc`s stright into a router instead of a switch do I follow these instructions in the same way ?

frontline · 08-10-2006, 02:37 AM

In a peer to peer situation (no domain server), yes.

Home routers combine several functions as Erik already pointed out in his initial post. They combine the router function with a switch.
The router can assign client addresses, making it easier to add PCs to the LAN.

If you are connecting a switch without a router, the LAN addresses will have to be manually assigned to each client PC, since no device on the LAN is performing that function.

hotshot · 08-10-2006, 02:37 AM

So that means I can plug all direct into a router and have a domain server on my LAN network ?

frontline · 08-10-2006, 02:38 AM

You can have a router with DHCP turned off and a domain server providing the DHCP services.

hotshot · 08-10-2006, 02:39 AM

Does any one actually have the need to have a domain for their home network? I would argue that a workgroup is more than sufficient in most home environments.

Great thread, Erik. I would agree with just about verything you said, except the part where you said that RAID is complex to setup. Our new IBM Blades come with a tool that make setting up the RAID a piece of cake. You just choose the drives, tell which RAID level you want, and whalaahhh - your RAID is configured. Makes it easy - even for me...:>)