just go to http://www.microsoft.com

and search for your problem.

or go to this link:

http://www.experts-exchange.com

from this site you can get any thing you want, just try and watch.

Most likely it's throwing an error because you don't have it set up correctly.



AD depends on DNS, and if this is your first domain controller in the AD Domain, the server MUST have DNS running on board. Further, you must point the network adapter to the DNS server running locally and absolutely do NOT have any other DNS entries external to the box.



When you set up AD, you need to tell it it is a new domain (actually first server in a new domain in a new forest based on what you have said). The domain name you give it does not have to actually exist (and usually should not). Give it a name like MyDomain.ad Avoid using .COM, .NET, or any of the other defined TLD extensions).



So once you have the DNS set up locally, point the DNS server entry on the NIC(s) to the local server, and then give it your domain name (myDomain.ad), the system should be able to take it from there and set the whole thing up.



What you are describing is actually a very common problem. It always occurs when your DNS entries are pointed at your ISP instead of at the DNS server that will be associated with your AD domain. And don't worry. It can still look up DNS for stuff on the internet too.

Click Start, point to Run and type "dcpromo.

The wizard windows will appear. Click Next.



In the Operating System Compatibility windows read the requirements for the domain's clients and if you like what you see - press Next.



Choose Domain Controller for a new domain and click Next.



Choose Create a new Domain in a new forest and click Next.



Enter the full DNS name of the new domain, for example - san.com - this must be the same as the DNS zone you've created in step 3, and the same as the computer name suffix you've created in step 1. Click Next

This step might take some time because the computer is searching for the DNS server and checking to see if any naming conflicts exist.



Accept the the down-level NetBIOS domain name, in this case it's san. Click Next



Accept the Database and Log file location dialog box (unless you want to change them of course). The location of the files is by default %systemroot%\NTDS, and you should not change it unless you have performance issues in mind. Click Next

Accept the Sysvol folder location dialog box (unless you want to change it of course). The location of the files is by default %systemroot%\SYSVOL, and you should not change it unless you have performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold all the GPO and scripts you'll create, and will be replicated to all other Domain Controllers. Click Next.



If your DNS server, zone and/or computer name suffix were not configured correctly you will get the following warning:



This means the Dcpromo wizard could not contact the DNS server, or it did contact it but could not find a zone with the name of the future domain. You should check your settings. Go back to steps 1, 2 and 3. Click Ok.



You have an option to let Dcpromo do the configuration for you. If you want, Dcpromo can install the DNS service, create the appropriate zone, configure it to accept dynamic updates, and configure the TCP/IP settings for the DNS server IP address.



To let Dcpromo do the work for you, select "Install and configure the DNS server...".



Click Next.



Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1-3.



If your DNS settings were right, you'll get a confirmation window.

Just click Next



Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings, unless you have legacy apps running on Pre-W2K servers.



Enter the Restore Mode administrator's password. In Windows Server 2003 this password can be later changed via NTDSUTIL. Click Next.



Review your settings and if you like what you see - Click Next.



See the wizard going through the various stages of installing AD. Whatever you do - NEVER click Cancel!!! You'll wreck your computer if you do. If you see you made a mistake and want to undo it, you'd better let the wizard finish and then run it again to undo the AD.



all went well you'll see the final confirmation window. Click Finish

You must reboot in order for the AD to function properly



Checking the AD installation

You should now check to see if the AD installation went well.



First, see that the Administrative Tools folder has all the AD management tools installed.



Run Active Directory Users and Computers (or type "dsa.msc" from the Run command). See that all OUs and Containers are there.



Run Active Directory Sites and Services. See that you have a site named Default-First-Site-Name, and that in it your server is listed



Open the DNS console. See that you have a zone with the same name as your AD domain (the one you've just created, remember? Duh...). See that within it you have the 4 SRV record folders. They must exist.



If they don't (like in the following screenshot), your AD functions will be broken (a good sign of that is the long time it took you to log on. The "Preparing Network Connections" windows will sit on the screen for many moments, and even when you do log on many AD operations will give you errors when trying to perform them).



= Bad



This might happen if you did not manually configure your DNS server and let the DCPROMO process do it for you.



Another reason for the lack of SRV records (and of all other records for that matter) is the fact that you DID configure the DNS server manually, but you made a mistake, either with the computer suffix name or with the IP address of the DNS server (see steps 1 through 3).



To try and fix the problems first see if the zone is configured to accept dynamic updates.



Right-click the zone you created, and then click Properties



On the General tab, under Dynamic Update, click to select "Nonsecure and secure" from the drop-down list, and then click OK to accept the change.



You should now restart the NETLOGON service to force the SRV registration.



You can do it from the Services console in Administrative tools

Or from the command prompt type "net stop netlogon", and after it finishes, type "net start netlogon".

Let it finish, go back to the DNS console, click your zone and refresh it (F5). If all is ok you'll now see the 4 SRV record folders.

If the 4 SRV records are still not present double check the spelling of the zone in the DNS server. It should be exactly the same as the AD Domain name. Also check the computer's suffix (see step 1). You won't be able to change the computer's suffix after the AD is installed, but if you have a spelling mistake you'd be better off by removing the AD now, before you have any users, groups and other objects in place, and then after repairing the mistake - re-running DCPROMO.



Check the NTDS folder for the presence of the required files.

Check the SYSVOL folder for the presence of the required subfolders.

Check to see if you have the SYSVOL and NETLOGON shares, and their location.



all of the above is ok, I think it's safe to say that your AD is properly installed.

Think all it needs is a way to identify all the computers that will be part of the active directory that you are trying to setup. Remember an Active Directory is the equivalent of a Windows NT Domain. So what it wants is a domain suffix only. Something like "acer.com" or "bp.net". Nothing more.



Every computer which is part of the Active Directory will have this name suffixed after its own name. So if you computer on the network is named "PC1", its name on the network becomes "PC1.acer.com".



The link below might help a bit.

the priority is that protection on domicile windows Server 2003 is setup out of the container in a diverse way than previous variations of domicile windows Server OS. With domicile windows Server 2003 almost all protection is settings are enabled on a similar time as previous variations of domicile windows Server installation with protection regularly grew to become off. in the adventure that your server isn't linked to the internet i might say attempt to set it up your self. in case you run into difficulty you may continually hire an authority after the reality. in case you intend to connect your server to the internet then possibly you will desire to hire a representative initially.