Log in as an administrator to the Windows 2000 or 2003 server
host.
From the Start menu, go to Administrative Tools > Manage
Your Server.On the Manage Your Server wizard, choose Adding Roles
to Your Sever.In the Server Role window, choose Domain Controller
(Active Directory).Accept the default values by clicking
Next.Continue to accept the default values and clicking Next until
the Report DNS Issue window is displayed.This window is displayed
when no properly configured DNS exists for Active Directory. Choose
“Install and Configure DNS” to proceed to the next window.Continue
to accept the default values and clicking Next until the Summary
window is displayed, then click Next.The Active Directory
Installation wizard is invoked.
Install the Active Directory Domain Controller.
Install Windows Support Tools.Windows Support Tools contains
the ktpass Kerberos tool you need to map a service principal with
an Active Directory account. For information about ktpass, see the
Ktpass Overview.
Create a new user account.From the Start menu, go to Programs
> Administration Tools.Choose “Active Directory Users and
Computers.”Enter a user name and password for the new user, and
create the user.
Verify that the Kerberos ticket is returned by the Kerberos
Authentication Server properly.
Log into the new domain account from any Windows XP workstation
belonging to the domain. You can use the Windows Support Tools to
verify that the Kerberos ticket is returned by the Kerberos
Authentication Server and cached into the ticket cache.
Create a user account to map to the Kerberos service.From the
Start menu, go to Programs > Administration Tools.Choose “Active
Directory Users and Computers.”. Create a new user with a name that
is meaningful to you.Use the ktpass command to associate this user
account with a service principal.