Thursday, March 27, 2008

Installing Active Directory

This is a well-written, concise article on the details to install Active Directory. I used this tutorial for creating a VM with SharePoint...a no-no according to MSFT but necessity for our organization so i would replicate what production like. Full text below:


In this guide, we will begin with a non-existent domain and end with a new Active Directory installation, in its own forest. Along with Active Directory we will also configure DNS (Which is required by Active Directory) on the same machine.

Get a machine that is somewhat powerful, when I say somewhat, it can be a lonely PIII 800MHz if you so wish it. I would have at least 512MB of memory in it, a 10/100 Network card, CD-ROM, and I would give it at least a 30GB hard drive. The more features you add (different walkthroughs) the more space you will need.

Grab your copy of Windows 2003 and boot from the CD, install Windows 2003 like any other version of Windows XP you have installed before. When Windows is installed, load all your necessary drivers (video, LAN, motherboard, and others if needed).

Close the Configure Your Server Wizard. We will be doing this the manual way, so we have more options.

First, assign this server a static IP address. This can be found by going to Start -> Settings -> Control Panel -> Network Connections. Inside ‘Network Connections’ you should (by default) have a connection called ‘Local Area Connection’. Right click on ‘Local Area Connection’ and choose ‘Properties’. In the middle of the dialog box there will be a list of protocols, from here choose ‘Internet Protocol (TCP/IP)’ and click on the ‘Properties’ button.

Choose the radio button labeled; ‘Use the following IP Address’ and in the boxes provided type in the IP Address you wish to assign this server to.

If you are unsure, you can use ‘′ as I am going to refer to as the IP Address used throughout this walkthrough or you can check another computer and find out what IP Address it has (Start -> Run -> cmd (enter)) and type ‘ipconfig’ at the command line.

Most routers will probably give you as an IP Address and as an Default Gateway, so if you have this, I would recommend you use for the IP Address on your server, for the Subnet Mask type in: ‘′ and for Default Gateway type in the IP Address of the router for access to the Internet (If you are unsure of what the Gateway IP Address is, then go to another machine that has Internet access and drop to a console (Start -> Run -> cmd (enter)) and type ‘ipconfig’ at the command line and read the line that says Default Gateway).

Now, choose the radio button labeled; ‘Use the following DNS server addresses’ and in the boxes provided type in the SAME IP Address you choose for the IP Address of this machine (Yes, the DNS Server this machine will use is ITSELF!). You do NOT need to fill in the ‘Alternate DNS Server’ address boxes.

Okay, for this test setup I’m going to use these as my settings (remember that your settings may vary and don’t forget to adjust mine when I make future references to them in this walkthrough).

IP Address =
Subnet Mask =
Default Gateway =
DNS Servers =

Click ‘Ok’ on the Internet Protocol (TCP/IP) dialog window, and another ‘Ok’ on the Local Area Connection dialog window. You can close any other windows you may have open on the server so you are back at a nice clean Desktop.

Reboot the server now, just to make sure everything was saved. When it comes back on, we will continue installing the Windows 2003 DNS Server.

Second, now that your server has rebooted, go to Start -> Settings -> Control Panel -> Add / Remove Programs. Inside Add / Remove Programs click on the button to the left that is labeled ‘Add / Remove Windows Components’ when it’s done loading, you should be presented with a box of components you can remove and add.

Click on ‘Network Services’ (don’t check the box, just select the item) and click the ‘Details’ button. In this new dialog check the box next to the item labeled ‘Domain Name Server (DNS)’ and click ‘Ok’. Back at the Windows Components click ‘Next’ and let it finish its job (you may need the Windows 2003 disc to complete this step).

When it’s all done, click ‘Finish’ close all windows again so you are back at the Desktop.

Go to Start -> Settings -> Control Panel in Control Panel open ‘System’. Click on the ‘Computer name’ tab at the top of this dialog and then click the ‘Change’ button near the bottom. Now click on the ‘More’ button near the middle, in the text box labeled ‘Primary DNS suffix of this computer’ type your DNS suffix here…





It does not matter, but if you choose a ‘Standard Convention’ by that I mean, if you choose .net, .com, .org, or another top level domain suffix then you should make sure It’s not in use, or you may run into problems getting to the website owned by that real domain. Say if I choose as my Zone Name, I would have a slight problem going to the REAL now wouldn’t I? This is why I choose .home or .work and such.

When you have chosen your Suffix, click ‘Ok’ then ‘Ok’ again, and another ‘Ok’ going through all the dialog boxes. You will then need to reboot!

When your server has come back up…

Click on Start -> Programs -> Administrative Tools -> then click on ‘DNS’.

When the window has loaded you should have some items on the left side in a tree view. The top most items should be DNS and should fall in like a tree.


(server name)
Event Viewer
Forward Lookup Zones
Reverse Lookup Zones

(You many need to expand the (server name))

Left click, then Right click on ‘Forward Lookup Zones’ and choose ‘New Zone…’ when the dialog comes up click the ‘Next’ button, then choose the radio button labeled ‘Primary Zone’ and click ‘Next’. You will now be presented with a Zone Name box, in this box type the name you choose above for the DNS suffix of this computer, and click ‘Next’ The next page will ask you what to name the file, you can just click ‘Next’ here, as the defaults are fine.

Now, you should be on the Dynamic Update page. Choose ‘Allow both nonsecure and secure dynamic updates’ radio button; (This is not secure I KNOW, but we will change this after Active Directory is installed.) and then click ‘Next’, then ‘Finish’.

You should now be back at the DNS Management console screen with the options on your left in a tree view. Left, then Right click on ‘Reverse Lookup Zones’ and choose ‘New Zone…’. Click ‘Next’ make sure ‘Primary Zone’ is selected and then click ‘Next’ again. Now we are presented with a new screen, Network ID. In the boxes type in the first three portions of the servers IP Address. (Remember that from above?) If your server IP Address was then in the boxes put 192.168.100 and click ‘Next’. Next page should be your Zone File, clicking ‘Next’ will be fine, since defaults are good enough. Again, click ‘Allow both nonsecure and secure dynamic updates’ radio button and then ‘Next’ then ‘Finish’.

Now you should be back at the DNS Management console screen. Close this console screen and you should be back at the Desktop.

Let’s reboot the server to make sure everything gets restarted correctly. (Yes, Windows likes reboots during its setup)

Back at the desktop now, let’s test to make sure DNS is working correctly… Go to Start -> Run and type ‘cmd’ and click ‘Ok’. In the black command console type ‘nslookup’ you should be presented with a few lines that resemble…

Default Server: (server name).(dns suffix you choose)
Address: (ip address you choose for server)

If this shows your doing well thus far, if this does not show, you may have skipped the part of adding your DNS suffix in the ‘System’ part of Control Panel. Type ‘exit’ then ‘exit’ again to close nslookup and the command console and return to the Desktop.

Third, now that you have DNS working correctly, we can now install Active Directory and create our domain.

Go to Start -> Run and type ‘dcpromo’ then click ‘Ok’. The Active Directory Wizard will start; click ‘Next’ then ‘Next’ again after you have read some security information for older versions of Windows. Now you will be able to choose what type of Domain Controller. This walkthrough is for a brand-spanking new domain and such, so we will leave it defaulted for ‘Domain controller for a new domain’ and click ‘Next’. Now we see some choices for Forests. Again for this walkthrough we choose the default ‘Domain in a new forest’ and click ‘Next’. We are now asked for our Full DNS name, in this text box type in the suffix that you choose a while back when setting up DNS, the one that was exampled as:





and click ‘Next’. On the next dialog we will choose the default recommended Domain NETBIOS name and click ‘Next’. Here we can choose where to save the database for Active Directory, for our purposes, the defaults are good and we will click ‘Next’. Then ‘Next’ again when we are asked where to save the SYSVOL files. The next page is sort of important if you have any servers running Windows NT 4 and such (Anything below Windows 2000) when it comes to the Server Operating System, Clients are not affected. But within scope of this Walkthrough we will do the default for permissions which is ‘Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems’, and then click ‘Next’.

Now Windows will ask for a Directory Services Restore Mode Administrator Password, you can choose any password you wish, this password is needed incase you have some sort of disaster and need to do a recovery of the Active Directory. When you have your password entered twice for verification, click ‘Next’. A brief summary of what you have done thus far is shown on this dialog, and you can click ‘Next’ to start the installation of Active Directory.

When the installation has completed, you will be asked to restart the computer, so go ahead and reboot now.

Let’s go back and secure DNS shall we…

Click on Start -> Programs -> Administrative Tools -> DNS

Inside the DNS Management Console left then right click on the + next to Forward Lookup Zones to expand it and then right click on (dns suffix you choose) and choose ‘Properties’ . There should be a button labeled ‘Change’ next to Type: Primary. Click ‘Change’ check the box labeled ‘Store the zone in Active Directory (available only if DNS server is a domain controller)’ and click ‘Ok’. When it warns you, Click ‘Ok’ again.

Now back at the suffix properties click on the drop down list labeled; ‘Dynamic Updates’ and choose ‘Secure Only’. Then click ‘Ok’.

Inside the DNS Management Console left then right click on the + next to Reverse Lookup Zones to expand it and then right click on ((IP Address) (Subnet)) and choose ‘Properties’. There should be a button labeled ‘Change’ next to Type: Primary. Click ‘Change’ check the box labeled ‘Store the zone in Active Directory (available only if DNS server is a domain controller)’ and click ‘Ok’. When it warns you, Click ‘Ok’ again.

Now back at the suffix properties click on the drop down list labeled; ‘Dynamic Updates’ and choose ‘Secure Only’. Then click ‘Ok’.

Active Directory is now installed and DNS is working and secured. You can manage your users in Start -> Programs -> Administrative Tools -> Active Directory Users and Computers

You should have a tree on the left that resembles…

Active Directory Users and Computers
Saved Queries
(dns suffix you choose)
Domain Controllers

I recommend that you create an new Organizational Unit under your (dns suffix you choose) just right click on (dns suffix you choose) and click on ‘New’ then ‘Organizational Unit’ and name it. I usually choose a company name, or workgroup name here. Like ‘Archaic Binary’ :-)

You can then add new users to that OU or create more OUs below that and add users to different OUs and create a more refined structure.

Hope this helps some people install and slightly configure Active Directory on Windows 2003.

Thursday, March 20, 2008

3/20/2008 Websites I am currently evaluating

So I am stuck in Phoenix, AZ overnight on business so i thought I would update my blog with the sites I am looking over.
10 JavaScript Effects to Boost Your Website’s Fanciness Factor

prototype Javascript Framework
FancyForms - form styling using mooTools - a javascript framework.

phatfusion image menus - a great looking menu system using mooTools as well.

This is LightBox on to display not only images, but other media as well.
SharePoint 2007
Add subsites and provide navigation functionality in MOSS 2007 - a code approach!

MOSS - Common Issue - events 5325, 4958, 6398 listed in the Event log and/or IIS MMC not responding

So I ran into an interesting problem in my MOSS development environment

Windows Server 2008 Resource Center for SharePoint Products and Technologies

Time-based Optimization

SQL Server Management Studio Standard Reports – Tasks
CodeProject Articles
Dynamically adjusting the size of a drop-down list and adding color to the back-ground and fore-ground of the list items

Access Form based SharePoint Site's Web Service

Exploring Lambda Expression in C#

Tuesday, March 11, 2008

Sample event handler to set a field as a primary key (enforce no duplicates)

This is an interesting workaround to the SharePoint issue of lists not having primary keys.

Read the article here.

Avoiding CSS caching issues

Great article and code that will help SharePoint developers avoid servers caching CSS.

Check it out

Top 10 SQL 2008 Features for SharePoint IT Pros

Joel does a nice job reviewing his top 10 Sql 2008 features that will benefit SharePoint professionals.

Check it out here

Integrate SharePoint Designer Workflows with Web Services

Paul does a nice job working with SPD Workflow Extensions or Custom Actions.

SPWebConfigModification Class

The is a very good article describing how to utilize the SPWebConfigModification class to make modifications to the web.config files for SharePoint sites. This is definitely worthy of some learning time...our developers have anasty habit of opening the web.config themselves and modifying it...big no no!

Take some time to add this to your developers skills - I am.

IE 8 Beta 1 Available

Well, looks like the IE team has finally released IE 8 Beta it here.

Sunday, March 02, 2008

Understanding how Web Parts are rendered, why to never use Render() and a bit on accessibility

Great post by Andrew Connell...

When building custom Web Parts, you always hear people say "don't use Render(), only use RenderContents() or use the more OO approach and implement CreateChildControls()." Personally I favor the latter approach of using CreateChildControls(). So why should you not use Render()? Because unbeknownst to you, you are actually breaking something quite powerful.

Check out the full post here.

SharePoint 2007 Security Accounts

Great summary on SPS 2007 service accounts:

I’ve been working on a number of MOSS implementations lately, and I always get a lot of questions about what service accounts are needed to get the implementation rolling. Microsoft has a really nice, but very long article on the accounts (, but most of my clients do not have the time or want to read that article. So I put together some basic guidelines on MOSS service accounts…

The following covers the most common service accounts that need to be setup and their typical permissions in order for MOSS to function properly. Note that each deployment is different, so these accounts may differ based upon individual requirements. There are some additional accounts that you may need for other optional services, but they are not mentioned here.

Running MOSS Setup

On every server where MOSS is to be installed, the account you run setup with must belong to the local administrators group. In addition, this account must be a Domain User and be a member of the following SQL server security roles: Logins, Securityadmin & Dbcreator. This account is going to be doing a lot – creating new databases, and also creating new IIS sites – so make sure you have enough permissions! Typically, an account such as the domain administrator is used to run the installation, which addresses all of the security requirements.

SQL Server (SQL_Service)

This account is specified when a new SQL server is being brought online or a new instance installed. It typically is used for running both the SQL Server & SQL Server Agent, however, each can have their own account. For our purposes, we will utilize one account for both SQL Server & the Agent. The account only needs to be a basic Domain Account with no specific permissions set. When SQL Server is installed, all of the other appropriate permissions will be granted to the account.

Database Access Account / Farm Account (Farm_Service)

This account serves a few roles. The first is that it is used by MOSS to access the databases… it acts as the account by which the server(s) MOSS is installed on communicates back and forth to SQL with (read/write). Additionally, it is used as the identity for the Central Administration application pool & the WSS Timer service. This account needs to be a Domain Account - but note that it is believed to have to be a local admin on every MOSS box - this is not true, as Spence points out very eloquently.

Shared Service Provider (SSP#_Service)

Each shared service provider can run under its own account, therefore, it is desirable to name the account using a number. This way, if your MOSS farm ends up having a large number of SSPs, you can map the SSPs back to their specific service accounts easily. This account is used for the SSP web services & the SSP timer jobs. The account only needs to be a basic Domain Account with no specific permissions set.

Office SharePoint Server Search (Search_Service)

This account is utilized by all of the Shared Service Provider to crawl local & remote content. This account should be a Domain Account & have local administrator permissions on each MOSS server.

Default Content Access Account (SSP#ContentAccess_Service)

When a shared service provider crawls content, this is the default account used if a specific account (see below) is not specified for the content source being crawled. This account is specific for each individual SSP. This account should be a Domain Account & have read access to the content sources it needs to crawl.

Content Access Account (XXXXContent_Service)

If you have specific content sources that need to be crawled, and you do not want to allow the default content access account to crawl them, then you specify an individual content access account (specified at the time a Crawl Rule is setup). This account is a Domain Account with read permissions specifically on the content source it crawls.

Windows SharePoint Services Search Account (WSSSearch_Service)

The WSS Services Search is used only to provide search capabilities within the Help content. If this search feature is desired, then this account should be configured as a Domain Account with no specific permissions.

Application Pool Process Account (XXXXPool_Service)

When each application pool is setup, you must specify an account that will be used for that specific application pool’s identity. This account will be used to access the content databases associated with the web application. It is recommended that a new service account is created for each application pool. This should be a Domain Account with no specific permissions. When the account is specified & SharePoint creates the application pool, it automatically grants the account additional needed permissions.

by cregan: