Installing a Domain Controller is easy compared to Managing an Active Directory. Let’s just quickly Clarify the Terminology: A Domain Controller is THE SERVER that responds to Authentication Requests Normally a Physical or a Virtual Machine. The Active Directory is THE ROLE that actually does the work on a Domain controller.
Before adding Active Directory
Making sure some configuration is done before adding the active directory role will make configuration easier down the line.
- Ensure you assigned the correct IP addresses
- Server Name was changed
- Windows Update Completed
- Remote Desktop Enabled
- NIC Teaming (If you intend to use it)
- IPv6 Disabled of not being used
Although the above mentioned is not a Prerequisite to installing an Active Directory I found making the changes beforehand does allow the configuration to go much smoother.
Using the Local Server Properties to check all of the above is complete is a good guideline.
Adding the AD role
When all the above has been done proceed to the server manager click on Manage and then Add Roles and Features. Following the below screenshots and you should be fine.
Click Next until you get to the Server Selection Screen and make sure the Server Name you select is the correct Server.
On the Select Server Roles tick Active Directory Domain Services you will be prompted to Add Feature, Click Add Features and move to the next Screen
You can click next through all the remaining screens until you get to the Confirmation screen. Once you checked everything is correct. Click Install no need to restart, as the restart will happen after the Configuration.
When the installation is complete the Flag Icon on the server manager will have the yellow exclamation. Click the Flag and choose Post-deployment Configuration to Promote this server to a Domain Controller.
Promoting to Domain Controller
On the Configuration screen, you will have three option on how you can promote the server. For this purpose, we will concentrate on creating a New Domain only. We will concentrate on the Secondary Domain Controller and different forest in a new post.
Tick Add a new forest and enter the Root Domain Name.
The Root Domain Name needs to be well thought through as you might want to sync to Office 365 Azure later. If the Root Domain name is different to the Azure Tenant domain you will need to make additional changes at a later stage.
As this is the Primary Domain controller you want to make sure to Tick the Domain name System (DNS) Server and enter a password for the DSRM (Directory Services Restore Mode). It is very important to remember this password, I suggest using a Password Manager to save this password in.
On the DNS, Additional Options and Paths click next no Changes Required unless you know exactly what these changes will affect. You will get the Review Options and again if you are happy the config is correct click next.
The Option to View Script, if you are interested in Power Shell it will give you the exact commands that will be run. These commands can be used on a server without the Desktop Experience.
This can take a few minutes but it will check if everything is in order to do the necessary upgrade. Unless there is an error you need to attend to click install. Now be patient, depending on your server this can take very long to finish. The Server will Reboot and on the new Logon screen, you will see your newly created “Domain Name \ user Name“.
Managing AD Users and Computers
We are not going into Managing the Users and Computers as yet but to see if everything installed and configured Successfully you can open the server Manager the under tools you will find Active Directory Users and Computers
Microsoft has set up this already so that a Single organization can work with it from the word go no additional changes required. But like all things, this is not necessarily the best setup for your organization especially when you start working with Group Policies and Departemental Permissions.