Step-By-Step : How to install and configure Domain Controller on Windows Server 2019
Updated: Sep 21, 2022
Article :: KB00015
Microsoft Active Directory is a critical service for any domain architecture, and the server which holds these services are called Domain Controllers.
Today, we'll install and configure the first Domain Controller in the single forest single Domain architecture. Follow the below step-by-step process to install and configure the Domain Controller.
Prerequisite Required
1) VM or Physical Server with Windows Server 2019 installed (we are using Server with Desktop Experience installation option)
2) Assign a static IP address to the server that we promote as Domain Controller.
3) As we'll configure Active Directory-integrated DNS, therefore change the DNS settings in the network interface and set the same server IP address as the primary DNS server.
1) VM or Physical Server with Windows Server 2019 installed (we are using Server with Desktop Experience installation option)
2) Assign a static IP address to the server that we promote as Domain Controller.
3) As we'll configure Active Directory-integrated DNS, therefore change the DNS settings in the network interface and set the same server IP address as the primary DNS server.
Step 1: Install Active Directory Domain Services (ADDS)
Log into your Windows Server 2019 with administrative credentials. Open Server Manager → click on Dashboard → click on Add roles and features.
The "Before you begin" tab contains some important informations. Please go through it and click "Next".
In the "Installation Type" tab choose Role-based or Feature-based installation and click on the Next button.
In the Server Selection tab, please select the destination server on which the role will be installed. Please verify the hostname and the IP address points of the selected server. Click Next to continue.
In the Server Roles tab, put a tickmark for "Active Directory Domain Services" (you can select the DNS Server role as well, as we will configure AD integrated DNS server. If not selected, during installation it will automatically select and install the DNS Role).
Then, it will prompt to show you the associated features for the role. Click on Add Features to add those. Then click Next to continue.
In the Features tab, the basic features for this required role are already selected by default. Click Next to install continue.
In the next window, it gives brief information about the "Active Directory Domain Services" service. Click next to proceed.
In the Confirmation tab, verify the selections and click on the Install button. You may or may not select the option "Restart the destination server automatically if required". It is always a best practice to restart the server post-installation.
Once done, it will start the installation process and you can check the same in the Results tab.
Log into your Windows Server 2019 with administrative credentials. Open Server Manager → click on Dashboard → click on Add roles and features.
The "Before you begin" tab contains some important informations. Please go through it and click "Next".
In the "Installation Type" tab choose Role-based or Feature-based installation and click on the Next button.
In the Server Selection tab, please select the destination server on which the role will be installed. Please verify the hostname and the IP address points of the selected server. Click Next to continue.
In the Server Roles tab, put a tickmark for "Active Directory Domain Services" (you can select the DNS Server role as well, as we will configure AD integrated DNS server. If not selected, during installation it will automatically select and install the DNS Role).
Then, it will prompt to show you the associated features for the role. Click on Add Features to add those. Then click Next to continue.
In the Features tab, the basic features for this required role are already selected by default. Click Next to install continue.
In the next window, it gives brief information about the "Active Directory Domain Services" service. Click next to proceed.
In the Confirmation tab, verify the selections and click on the Install button. You may or may not select the option "Restart the destination server automatically if required". It is always a best practice to restart the server post-installation.
Once done, it will start the installation process and you can check the same in the Results tab.
Step 2: Promote the server into a Domain Controller
Once the ADDS role installation completes, click on the option "Promote this server to a Domain Controller" (highlighted in the below image). Alternately, you will see a notification flag next to the Manage menu. From there also you can select "Promote this server into a domain controller", this will start the configuration process.
It will open the "Active Directory Configuration Wizard". Now, from the Deployment Configuration tab, select "Add a new forest" (as I am configuring a new Forest and it is my first domain controller). Provide a Root Domain name, mine is "VirtualGyanis.Com" (you have to put your domain name here). Then, click on Next to continue.
Note: If you are adding this domain controller into an existing domain/forest you can choose the relevant option accordingly.
In the Domain Controller Option tab, select a Forest functional level and a Domain functional level as per your environment.
Since this is the first domain controller in the forest, please select the DNS Server (as we are configuring AD integrated DNS) and the Global Catalog (GC) checkboxes.
Then, enter the Active Directory Restore Mode (DSRM) password, this is used to retrieve/restore Active Directory data. Then, click Next to continue
Since we have configured an AD-integrated DNS server, you can ignore the DNS Delegation warning as shown in the below screen. Then, click Next to continue.
In the Additional Options tab, enter a NetBIOS name for your domain. It is suggested to keep the NetBIOS name the same as the root domain name (by default, it will fetch the domain name only). Then, click Next to continue.
In the Path tab, you have to mention the Database (NTDS Database), LOG files and SYSVOL folders path. You can change the default path as per your organization security policies. I have kept them default. Now, click Next to continue.
In the Review Options tab, you will review the configuration. If everything is as per your need, you can click Next to proceed or otherwise you can go back and change the required setting as per your need and then proceed further.
You can also view the powershell script for future deployment. The below-mentioned script is from my environment.
Note: Always test your PowerShell scripts in a test environment, before running in a production environment.
##############################################
# Windows PowerShell script for AD DS Deployment #
##############################################
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "VirtualGyanis.Com" `
-DomainNetbiosName "VIRTUALGYANIS" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
############### End of Script ####################
In the Prerequisites Check tab, it will do prerequisite check.
Once prerequisite checks completed successfully, it will enable/highlight the Install option. Then, click on Install button to start the installation process.
Once installation completed successfully, you will get the below confirmation message. Close this window and restart the Server.
Once server rebooted, you have to login with your domain Admin credentials. By default, the local admin account will promoted as a Domain Admin account. Login and verify the health of the Domain controller. You can run DCDIAG command to check the health.
You can also verify the settings/configurations from the Active Directory tools like Active Directory Users and Computers or Active Directory Domains and Trusts etc. You will get all the Active Directory tools in the folder named Administrative Tools on the Start menu. Go and explore the tools.
If you liked this article, do share the same. You can also Buy me a Coffee using Paypal at "paypal.me/duttaavijit", This is purely a volunteer effort. THANK YOU !!!
You can also refer to the below books for further knowledge enhancement.
Once the ADDS role installation completes, click on the option "Promote this server to a Domain Controller" (highlighted in the below image). Alternately, you will see a notification flag next to the Manage menu. From there also you can select "Promote this server into a domain controller", this will start the configuration process.
It will open the "Active Directory Configuration Wizard". Now, from the Deployment Configuration tab, select "Add a new forest" (as I am configuring a new Forest and it is my first domain controller). Provide a Root Domain name, mine is "VirtualGyanis.Com" (you have to put your domain name here). Then, click on Next to continue.
Note: If you are adding this domain controller into an existing domain/forest you can choose the relevant option accordingly.
In the Domain Controller Option tab, select a Forest functional level and a Domain functional level as per your environment. Since this is the first domain controller in the forest, please select the DNS Server (as we are configuring AD integrated DNS) and the Global Catalog (GC) checkboxes. Then, enter the Active Directory Restore Mode (DSRM) password, this is used to retrieve/restore Active Directory data. Then, click Next to continue
Since we have configured an AD-integrated DNS server, you can ignore the DNS Delegation warning as shown in the below screen. Then, click Next to continue.
In the Additional Options tab, enter a NetBIOS name for your domain. It is suggested to keep the NetBIOS name the same as the root domain name (by default, it will fetch the domain name only). Then, click Next to continue.
In the Path tab, you have to mention the Database (NTDS Database), LOG files and SYSVOL folders path. You can change the default path as per your organization security policies. I have kept them default. Now, click Next to continue.
In the Review Options tab, you will review the configuration. If everything is as per your need, you can click Next to proceed or otherwise you can go back and change the required setting as per your need and then proceed further.
You can also view the powershell script for future deployment. The below-mentioned script is from my environment.
Note: Always test your PowerShell scripts in a test environment, before running in a production environment.
##############################################
# Windows PowerShell script for AD DS Deployment #
##############################################
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "VirtualGyanis.Com" `
-DomainNetbiosName "VIRTUALGYANIS" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
############### End of Script ####################
In the Prerequisites Check tab, it will do prerequisite check.
Once prerequisite checks completed successfully, it will enable/highlight the Install option. Then, click on Install button to start the installation process.
Once installation completed successfully, you will get the below confirmation message. Close this window and restart the Server.
Once server rebooted, you have to login with your domain Admin credentials. By default, the local admin account will promoted as a Domain Admin account. Login and verify the health of the Domain controller. You can run DCDIAG command to check the health.
You can also verify the settings/configurations from the Active Directory tools like Active Directory Users and Computers or Active Directory Domains and Trusts etc. You will get all the Active Directory tools in the folder named Administrative Tools on the Start menu. Go and explore the tools.
If you liked this article, do share the same. You can also Buy me a Coffee using Paypal at "paypal.me/duttaavijit", This is purely a volunteer effort. THANK YOU !!!
You can also refer to the below books for further knowledge enhancement.
===========================
How to Setup a Domain Controller on Windows Server
How to Setup a Domain Controller on Windows Server 2016 , 2019, 2022. The steps are the same for all versions of Active Directory from Windows Server 2016.
What is Domain controller
A Domain Controller (DC) is a computer server that handles user authentication. It takes part in the duplication and contains a full copy of all of the directory information and other files of the domain. The domain controller is the box containing the means to access Active Directory and AD reporting. While attackers utilize a variety of methods to get elevated access to networks, including assaulting the domain controller itself, you may use your domain controllers for cyber attacks and security but also to identify the attacks in process.
Setting up a safe and stable domain controller, on the other hand, does not guarantee that you will remain secure indefinitely. Attackers will continue to attempt to hack into your domain controller in order to get elevated privileges or allow lateral movement across your network.
Active directory is a Microsoft directory service domain networks, while a domain controller is a server that answers authentication security requirements for the Windows domain, such as validating permissions, user log in and so on.
Microsoft Active Directory is one of the greatest features that makes Windows Server shine in the Enterprise sector. This Single Sign On (SSO)software, which connects flawlessly and readily with most Microsoft programs, makes user administration and other tasks simple and enjoyable.
Active Directory is an useful tool for network managers for monitoring and reporting, particularly when a business becomes bigger and adds more users and resources to its networks. It’s also quite useful for proving industry conformity.
This article will show you how to Setup a Domain Controller on Windows Server by providing you with a detailed guide, highlighting all steps needed, to allow for a smooth installation.
How to Setup a Domain Controller on Windows Server 2019, 2016, 2022
Step 1) Open Server Manager
Using your administrative credentials log into your windows server and open server manager. Click on dashboard in the server manager and then click on the Add roles and features option as depicted by the screenshot below:
You will then be presensented with the “Before you begin” tab which contains crucial information. After perusing it deeply you can click “Next” as shown below:
Active Directory in Azure
Active Directory in AWS
Active Directory in GCP
Step 2) Installation Type
Next step in how to setup a Domain Controller on Windows Server we will be presented with the Installation Type tab from which we will select the Role based or Feature based installation option then we will click on Next to proceed, as show below:
Step 3 ) Server Selection
Next in the Server Selection tab, we will now select our destination server on which our roles will be installed. The hostname and the IP address of the selected server will now need to be verified. After this click on Next to proceed:
Step 4) Server Roles
Next we will be directed to the Server Roles tab, where we will check the “Active Directory Domain Services” box as show below:
Step 5 ) Add Features
Next in how to Setup a Domain Controller on Windows Server we will next be prompted to view the associated features for the role. We must then Click on Add Features options to add features and then on Next button:
Step 6) Select Features
As we are directed to the Features tab next the default features that have already been selected as required for our role should be left untouched. We will just click on Next to proceed to installation:
Step 7) AD DS
After selecting the AD DS tab brief information about “Active Directory Domain Services” will be displayed. We will then click on Next:
Step 8 ) Confirm Your Selections
Next we will be presented with the confirmation tab. Here we can go over and verify our selections and then click on the Install button:
We can then track our installation progress in the Results tab as shown below:
Step 9 ) Promote the server into a Domain Controller
After our AD DS installation is complete we will proceed to promoting our domain controller by clicking on the option “Promote this server to a Domain Controller” as show below:
Step 10 ) Add a new Forest
Now the Active Directory Configuration Wizard will be opened. From the Deployment Configuration tab we will select the Add a new forest option and we will provide a Root Domain name which can be anything you want and then click on Next to proceed.
Step 11) Domain Controller Options
Select a functional level for your forest and domain based on your environment in the Domain Controller Option tab. Please tick the DNS Server and the Global Catalog check boxes because this is the first domain controller inside the forest. Then, for retrieval/restoration of Active Directory data, input the DSRM password. Then, to proceed, click Next:
Since AD integrated DNS Server has been configured, we can ignore the DNS Delegation warning and to proceed we can press Next.
Step 12 ) Domain Name
After opening the tab titled Additional Options next, we will enter a NetBIOS name for our domain which is suggested to be the same as our root domain name entered in Step 11. Click Next to proceed.
Step 13 ) Paths
We must now provide the path to the Database (NTDS Database), LOG files, and SYSVOL directories in the Path tab. To continue, click Next as shown below:
Step 14 ) Review Options
The setup will be reviewed on the Review Options tab. If everything meets your needs, click Next to continue; if not, return to the previous screen and make any necessary changes before continuing.The powershell script for future deployment can also be viewed.
Step 15) Prerequisites Check
In this section we will click on the Prerequisites Check tab ad a check will be performed and once it is done we will be presented with the Install button which we should click to initialize the installation:
Step 16) Installation Successful
- When the installation is complete, you will see the confirmation message shown below.
- Restart the Server after closing this window. You must connect using your domain username and password after the server has restarted. The local admin account will be elevated to Domain Admin by default.
- Log in and check the Domain Controller’s health.
- To check the health, use the DCDIAG command. You may also check the configurations using the Active Directory tools found in the Administrative Tools folder on the Start menu.
How to Setup a Domain Controller on Windows Server Conclusion
The data that decides and verifies network access, including any group policies and all machine names, is stored on domain controllers. The DC has everything an attacker may need to cause enormous harm to your data and network, making it a top target in a cyber attack.
In Windows Server 2000, Microsoft introduced Active Directory for centralized domain administration. However, subsequent versions of Windows Server 2008 included features like Directory Federation Services for Single Sign On, security certificates for public key cryptography, rights management and the Lightweight Directory Access Protocol (LDAP).
In essence, an Active Directory is a framework for managing several Windows Server domains, with a domain controller serving as a vital component. It’s the server that manages Active Directory and authenticates users using the information contained in the directory.
Thanks to this tutorial you have Setup a Domain Controller on Windows Server. We really hope this article was informative and easy to follow. Thank you for going through the entirety of this article.
Tidak ada komentar:
Posting Komentar