Creating a New Active Directory Forest

To create a new forest you need to create a forest root domain. To do this, you need to use the dcpromo executable to promote a Windows 2000 or Windows Server 2003 server to be a domain controller for the new forest root domain. The dcpromo program has a wizard interface that requires you to answer several questions about the forest and domain you want to promote the server into. After dcpromo finishes, you will be asked to reboot the computer to complete the promotion process.

The two options dcpromo offers to create a new domain are adding the domain to an existing domain tree or starting a new domain tree. If you want to create a new domain that is a subdomain (contained within the same namespace) of a parent domain, you are creating a domain in an existing domain tree. If you are creating the first domain in a forest or a domain outside the namespace of the forest root, you are creating a domain in a new domain tree.

Each domain increases the support costs of Active Directory due to the need for maintaining additional domain controllers and time spent configuring and maintaining the domain. When designing an Active Directory forest, your goal should be to keep the number of domains to a minimum.

A good test to use before running dcpromo is the dcdiag command with the /test:dcpromo option. This command will examine the existing DNS infrastructure to see if any changes are required to accommodate the new domain controller (DC). With the /test option you must also specify /DnsDomain: where is the domain name that the DC will be promoted into. Then you need to include an option that specifics the type of operation you plan to perform, which can be one of /NewForest, /Newtree, /ChildDomain, or /ReplicaDC. See the dcdiag help information (run dcdiag /?) for more information.

The /test:dcpromo option is available only with the Windows Server 2003 version of dcdiag.

Using a graphical user interface

Run dcpromo from a command line or Start > Run.

On a Windows 2000:

  1. Select Domain controller for a new domain and click Next.
  2. Select Create a new domain tree and click Next.
  3. Select Create a new forest of domain trees and click Next.
  4. Follow the rest of the configuration steps to complete the wizard.

On a Windows Server 2003:

  1. Select Domain controller for a new domain and click Next.
  2. Select Domain in a new forest and click Next.
  3. Follow the rest of the configuration steps to complete the wizard.