Active Directory installation task would be quite easy for everyone who had installed it at least once in his/her lifetime. For those new, there is nothing to be afraid for. You’ll see that this is quite straightforward task. Why do we need Active Directory, you might ask?
Well, Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. It is a special-purpose database — it is not a registry replacement. Active Directory data is hierarchical, replicated, and extensible. Typical examples of data stored in the directory include printer queue data, user contact data, and network/computer configuration data. The Active Directory database consists of objects and attributes. Objects and attribute definitions are stored in the Active Directory schema.
An Active Directory domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.
You can install Active Directory by using GUI (Graphical User Interface), or PowerShell. We will use GUI, but I will write down a PowerShell command which executes AD installation.
To be able to install Active Directory, you will need Windows Server 2012 R2 server of course. For this purpose, I have one created Virtual Machine on which I have installed Windows Server 2012 R2. You can check my previous article, Creating a Virtual Machine in VMware Workstation 10, which will show you how to create a VM on which you will load OS.
More info you can find on Microsoft’s MSDN site: So What Is AD?
When you have installed Windows Server 2012 R2, and when you login with your local admin account, in Server Manager, click ‘Local Server’ on your left side to select the local server:
You will most probably have automatically generated Computer Name. You can change it by clicking on actual computer name and change it to whatever you like.
You will have to restart OS afterwards.
When you log back in, make sure that you change the IP address from automatic assigned, to manually assigned, because Microsoft recommends that we should use static IP address for our servers.
Alright, when you are done with this, you can click on ‘Manage’ in upper right corner and choose ‘Add Roles and Features’.
on ‘Before you Begin’ page, read the text if you want, and after you are done, click Next button:
You can read through both options, but leave the default ‘Role-Based or feature-based installation’ and click Next. The second option is to install required role services for Virtual Desktop Infrastructure (VDI).
on ‘Server Selection’ page, you should have your server listed. highlight it, and click Next.
On ‘Server Roles’ page, choose ‘Active Directory Domain Services’ (it will tell you that you need to install some features as Active Directory can’t work without them). Also, make sure you have selected checkbox for ‘include management tools’ – ’cause you’ll most probably need it in future.
Next, check the DNS box and also accept all the management tools and features.
Go through ‘Features’ section and click Next, as everything that is required has already been checked.
On ‘AD DS’ page, read through to get know better what Active Directory DS is, what it does etc. Click Next after you finish with the education.
On ‘DNS Server’ page, read through to get know better what Active Directory DS is, what it does etc. Click Next after you finish with the education.
OK, we have come to the last and very important part.
First, you see what will be installed.
Second, you can choose to export this current configuration settings for later use on other servers (in case you install more than one domain controller in the same forest or domain).
Alright, that is it. Click the install button and enjoy.
When the installation is finished, you’ll need to do few more things, and that is to promote the server to a Domain Controller:
After you click on ‘Promote this server to a DC’ link, another window will open where you’ll have a couple of options:
- Add a domain controller to an existing domain – if you choose this option, you will add this server as a domain controller into an existing domain by specifying the domain name bellow.
- Add a new domain to an existing forest – if you choose this option, you will add this server as a domain controller into an existing forest by specifying either child domain or tree domain, parent domain name and new domain name.
- add a new forest – if you choose this option, you will create a new forest, and with that, a new domain within.
Lets choose the third option, as we don’t have a forest/domain yet. I have named our new domain ‘contoso.com’ (how original, I know) 🙂
Every level brings some features, higher level – more features. Have in mind that if you choose, for example, Windows Server 2012 R2 level, you will be able to add Windows Server 2012 R2 domain controllers ONLY (you will of course be able to add any type of MEMBER server, just not any type of domain controllers).
This is the same situation with Domain Functional Level.
As you may see, this server will be DNS and Global Catalog and you can’t change it because it is mandatory. First DC has to be DNS and GC, and that is a fact. Live with it.
Also, you are required to provide a password for Directory Services Restore Mode (DSRM) – (more on this in some other article).
After you have chosen and provided all the info, click next.
Hit Next couple of times as you go thru the additional options on left side, accepting all the default stuff (NETBIOS name leave as default, database, log files, and sysvol folder leave as defaults).
On ‘Review Options’ page, you can review all the stuff that it will be installed, and also, you can view the script and save it if you want (I highly recommend).
Next page is a prerequisites check. Wait until it is verified that you can start the installation. I have had few warnings, but all in all, server passed the check.
And that is it. Second part of our work has been done. We are ready to hit the ‘Install’ button. Well, go on. It won’t hurt, trust me 🙂
If you have got this message, it means that the Active Directory has been installed on your server:
After reboot, you will see the logon screen with domain\username
Remember, all the users in the local admin group on this server are now promoted into domain admins. So, you should use username/password of your EX local admin account to login to the domain.
as you may see on the following screenshot, on left side you have Active Directory DS tab, and DNS tab as well. Also, you can see that hostname with the name of Active Directory is now in domain of contoso.com:
We will talk about DNS configuration and Active Directory DS configuration in another article.