In part two of this series, we will be Installing and Configuring Active Directory on a Domain Controller. The two Sever Roles and Services we will be installing and configuring are:
- Active Directory Domain Services (ADDS)
- Active Directory Domain Controller
A Domain Controller (DC) has five categories of operations master roles (also known as flexible single master operations or FSMO). It’s key to note that in the past it was important to have each role on a dedicated Domain Controller. Active Directory follows a multi-master model now, and isn’t required in standard conventions. In a standard enterprise environment, you would have all your FSMO roles in a centralised location and have the rest setup as Global Catalogue’s (GC’s).
For this demonstration, I will be leveraging off the multi-master FSMO roles. If you find yourself in an Enterprise environment or an environment that does require Single-Master FSMO roles, you can find more information HERE.
Installing Active Directory
Let’s get started!
- Open up Server Manager and Add Roles and Features.
- Click Next
- Select “Role-based or feature-based installation” and select Next
- If you have multiple servers setup, select the appropriate server you want to install the role on. In this case I will be installing it onto the only Domain Controller VM I have. By default you should see the server we created in Part 1. Click Next.
- Select “Active Directory Domain Services” from the list. A pop-up will appear stating all the required features to run AD DS. Make sure “Include management tools (if applicable” is selected and click Add Features.
- Click Next to proceed to Features, and click Next again on the Features page.
- At this point, if you plan on setting up an O365 environment, read over the “Configure Office 365 with Azure Active Directory Connect” documentation on the link and then Click Next.
- You should have no high impact services on this server thus far, tick the box “Restart the destination sever automatically if required”. A pop-up box will advise that the server may automatically restart, click Yes and Install.
- Installation of Active Directory Domain Services will begin to install. This may take several minutes to complete. Once completed, select Close.
At this point you should have successfully Installed Active Directory Domain Services without any errors.
Promote Server to a Domain Controller
As it stands we have AD DS installed, but it’s not really doing anything at the moment. In order to make our server do anything, we first need to establish the server as the Domain Controller. We achieve this by promoting a server to a domain controller.
- Select the notifications Icon and you should see “Post-deployment Configurations”. This indicates that we have some sort of Role or Feature installed, but still has outstanding requirements to be met.
- Select “Promote this server to a domain controller”.
- At this point we don’t have a pre-existing Domain, so let’s create a new Forest.
NOTE: PICKING VALID ROOT DOMAIN NAME
Theirs a massive controversy when it comes to picking root domain names. One of those is what you should and shouldn’t pick for your top-level domain (TLD).
The short answers to all this is that you should avoid Generic TLDs like .local & .corp. The best practice for picking your TLD is to NOT make it the same as your Public Registered Domain (PRD), but to add a sub-domain to your existing public registered domain (if you own one). Example: internal.itstg.tech.
To ready in more detail about Best Practices for TLD’s and PRD’s, you can refer to these articles:
- Enter your Root Domain Name: (I will be using INSIDE.ITSTG.TECH) and Click Next
- In our Domain Controller Options, we need to decide what our Forest Functional Level and Domain Functional Level will be. Before proceeding it is important you understand what these functions do and when and why you should select the correct functional level.Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.You can read in high detail through Microsoft Docs.
- In this guide we will select Windows Sever 2016 for both functional levels.
- We will Install Domain Name Systems (DNS) server on the same server as our Active Directory. If you plan on deploying DNS onto another server or you have Azure DNS , you can skip this step.
- Set the Directory Services Restore Mode (DSRM) password: This is used as a safe mode boot option for Windows Server domain controllers, to repair or recover an Active Directory database. So make sure you keep this in a safe place.
- Click Next
- You won’t be able to create a DNS delegation yet, so Click Next.
- Enter your NetBIOS name of your choice.
The Best Practices for NetBIOS names, is that this should be different from your Internal Domain Name and your Public Domain Name. Most companies will choose an abbreviation of the company name for the NetBIOS name e.g Information Technology, Systems, Tips & Guides would be ITSTG.
Remember that the NetBIOS will show up on a users screen when they login. So make it something short and representative. You can read more under Microsoft Docs.
- In the next section we need to define the locations of where to store our Database folder, Log files folder and SYSVOL folder. Click Next
It’s BEST PRACTICE to have each of these in their own drive in case of Disaster Recovery. It may seem like over-kill and theirs controversy around this, but when it comes to Enterprise level environments and DR scenarios, its best practice.
- Review your configurations and click Next once you are happy with them.
- The wizard will perform a Prerequisites Check. Don’t be alarmed if you get a few warning messages. Read over them and look them up to make sure you have configured everything correctly. You should see at the end a Green “All prerequisites checks passed successfully” tick.
- Click Install
- Installation will begin and can take a while to complete. If you see warnings during the installation process, don’t stress. Look over them and address each one with the provided knowledge base articles. Windows will reboot automatically once the installation has completed.
- When Windows comes back up, you will be presented with the login screen showing your NetBIOS name that we configured prior and an Administrator account. Sign in with your local admin account.
- You should now see AD DS on the right pane and if you open up Active Directory Users and Computers, you should see your domain forest.
Congratulations! You have successfully Installed and Configured Active Directory Role as a Domain Controller.