Creating your realm

First, log into the machine that will become the new domain controller with an account that has local Administrator privileges. Start by executing the dcpromo command from the command line. This command starts the Active Directory Wizard. If the machine isn’t already a domain controller, you’ll see the window shown in Figure 4-1.

Active Directory Wizard welcome screen
Figure 4-1. Active Directory Wizard welcome screen

When you click Next, it will continue to the next step of the wizard, shown in Figure 4-2.

Active Directory Controller Type dialog
Figure 4-2. Active Directory Controller Type dialog

You’ll want to create a new domain. Continue with the defaults until you get to the domain name dialog, shown in Figure 4-3.

Selecting the domain name for the new Active Directory domain
Figure 4-3. Selecting the domain name for the new Active Directory domain

The answer to this dialog box will become the name for the new Active Directory domain, and should be the same as your organization’s DNS name. Note that the resulting Kerberos realm created by the wizard will be this name, converted to uppercase. So if your domain name is example.com, the Kerberos realm that the Active Directory wizard creates for you will be named EXAMPLE.COM.

The NetBIOS name that you choose in the next dialog does not affect your Kerberos ...

Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial