Installing and configuring Active Directory Domain Services in Windows Server 2016
In today’s article, we are going to learn about the installation and configuration of Active Directory Domain Services in windows server 2016.
Before proceeding with the installation and configuration I would like to put some lights to know about Active Directory Domain Services (AD DS), Domain controllers and Domain.
What is Active Directory Domain Services?
Active Directory Domain Services (AD DS) stores information about objects on the network and makes this information available to users and network administrators. AD DS uses domain controllers to give network users access to permitted resources anywhere on the network through a single logon process.
Active directory uses Ports like LDAP (389 for communication), Kerberos (88) for authentication and DNS (53) for name resolution.
What is Domain Controller?
A Server running Active directory domain services is called as Domain controllers and it will authenticate and authorize all users and computers within a windows domain network.
What is Domain?
In Domain, a logical group of computers connected and which shares a common directory database.
Above is the brief introduction about the Active directory. So now we will proceed further with installation and configuration of Active Directory Domain Services (Domain) in Windows Server 2016.
Follow the below steps to proceed further.
Login to Windows Server 2016.
Open Server manager
In server manager click on manage and select Add roles and features, it looks like in below pic.
After clicking on Add roles and feature you will get the Add roles and features Wizard, click next proceed with installation.
Select Role based or feature based installation and click next to proceed.
In Select destination Server window, select a server from the server pool and click next to continue.
https://lh6.googleusercontent.com/dkRUcvpZDSlDuW7PXq7ytEEQ7f2gk_dCh9rEJItID_DOfYg6942fVOkBCHq9vufCJVpAHkeU7gGpKQeXtVRGeag6ZfnZJ2SxatkfCiM4XLrmshqrrFpakwmbqKd6HkUDkiSs_WmGYAGC2Q1wUQ
in check the box for Active directory domain services and click Add features on pop up window generated to add the required features to continue.
https://lh5.googleusercontent.com/4aOb75KSq5raKFOgIw2giUvmSLgE23AjAui_dAAQwbF13wCoqR-CnRfGgtlOdtNIIuIclzfvH5wXUEePWLDuHQZHalvYMjCxjNXvHFYMCG4U6LNvZgUbp11UdakCAGn5IGmYcHlkTSyqcgYWHw
https://lh6.googleusercontent.com/mFZwzUMD9AG41VrUilAqBlAW2N_QQ1FEESsKVt1OSJJB5H-IrulGh2SzboNG2PFGWuBVWCYZLG_6aJTr2B_SxdJbLGJ4pKxi3EIFpGWFsZVgEWK4XBmS3S6IB--zJg_CCyCxZeu1d9uMApaOhg
In features window click next to continue.
https://lh3.googleusercontent.com/Z3sk0xL-8FcXlK6I1PRoik6LRYtw6S-IhopKTRYx7QJ0D2NB0OmuSHN-QcBoUlul6j560999zb1U4Z_e-096Coc63WGlASOrAqlezFk7xBmZfcb2lDb0wJvAklhLAIc-cThjKYh58tqIJWW-cg
Go through the notes related to AD DS in the below window and click next to continue with the installation.
https://lh6.googleusercontent.com/oqxDqFaGVGYmtQpAckK-0-bxXqHhXsNMbc8eBap4RN2hDf-ti49l8UaMnf8UQ_0bXXU2sBG02S3T6XkFysnUL6N2MS8s4oPW7Xt7PrY4_bGHXaUdb3q6hfscP5LC-wzkLa5cUyCT9HWtcI6QFg
Check the box to restart the destination server automatically if required and click install to proceed with.
https://lh6.googleusercontent.com/_zRxfU6fN1l36r0SteyBRQ92hB95cvGb8MMDeVooHvqQ6KY2FOnjefe1W0YNgWH1gCuHoPi4b-5-Z5hkr-68b5p53jichL63EVbl1pWymmbONYNIe2YbaSMA--ImXQOYxmL4Icsy04CmI9gNGg
https://lh6.googleusercontent.com/0Ca_m5XtwXrNZ4wemMrswRtNqFkoEqPh0bIFiSYvKR8hJLdrlBu3Uqm3PGXdR8_IxegYRs5Ob5AHehl-CYk8uhJwwSSwDKeYsso3KtcRKBZ6jLpegTtvIxDmJaxunb7xjUdirE1Unw1lihqBFg
Post completing the installation you can see yellow escalation mark on the flag in Server manager window. Click on that and you will find the below to promote the server as Domain controller.
Click on promote this server to a domain controller to configure this server as DC.
In Active Directory Domain Services configuration wizard, select Add a new forest as we don’t have existing domain or a forest and provide Root domain name as per your requirement.
For ex: test.com
In Domain controller options window, select appropriate Forest functional level and domain functional level and specify domain controller capabilities, here I am configuring DNS and global catalog both with domain controller. Provide Directory services restore mode (DSRM) password to proceed with.
Click next to continue, you can ignore the warning as we don’t have delegation configured for the DNS server.
https://lh6.googleusercontent.com/pb-xnOEKFC8kpnxAtKpOeujVpaGbWLUmtudrnjUfZ2CAi1bkkssvTeakMhq32VkOo3xJ4LjVlDanhS2SoqQ1oB2V-Y3NsIwOgT_SVWoChSquI72ORkcaQEgnGwW-qdj4mJLF1G2kmX13aEtV9A
It will automatically configure the NetBIOS name assigned to the domain, if you want you can change only if necessary.
https://lh4.googleusercontent.com/jK7us76X6U4lS39-5WP6iunaUG34uFQZartiXU1tM_--OVwkTtVkSOno5L_r15xLxJW-2BXdcb1AzHx72pAd-d6_Eer2ZBbBph0q7FfdOz4rPxlAvR428HoTQAX-XKtsvbXPDEaVU4D8-pZlwQ
In paths window, leave the paths as it is by default and click next to continue.
Note: Active directory database file name is NTDS.dit
https://lh6.googleusercontent.com/M1yLp5XS6oZ15M3R6tXmnyvYs_t4riybZsDrmE8FLwGCfCsZqCW7qRIQw7eyPxxrOW9NKE2ClxRILs8V7vmxltv7iOOxnmm1AfOXoVk4xDq4k5w5CEkaG46pYnYvNDpwSUliez_isdFA_wbQ2Q
In review options window, review your selections during the configuration.
https://lh4.googleusercontent.com/A3lDSHuV4EyFgNx-nrTz6KgCbvxo7QQbcQ2deu5RsBr8pshoLQPH1XuNlcWJwZ6W-QZfA1wp_E44hBSf1eZEzAHh86C6zf1-CKvLERNWf0jIn4P7-PfhTNkaaK4SLnVdOItBL-V5mQj_A1QEQg
To automate these settings, you have export the settings and you can use this as a PowerShell script to automate the installations. To export click View script in the above window and save the notepad in local system for future use. The script looks like below. Click next to continue with the installation.
It will verify the pre-requisites for domain controller operations, if you see all prerequisites are completed successfully. Click install to begin the installation.
https://lh3.googleusercontent.com/7Us9I4ehYHj-gUQObKRgYSPGGDLdpBq0sVI1XYpZyRQV0sMM10usEr-uJ2BExDKDSkGKfgpRGleQYLVT42Nkc9FTXSQYtofy0HnnDIhY-qjR44HbtfR1OvAmMg60_Gl72n14hhD0ZeWVU6cq-g
Post installation it will restart the server automatically. After restart, log into the server and check the configuration.
go to command prompt and type Net Accounts – result will show you the Computer role as Primary.
https://lh3.googleusercontent.com/Vsqp-EAhewaac2_PD4oXamjRsv_bEMYjZplkiZmGmxOoWQc1Xmxt7by1oicAPwehttmv7SthN2Z2wst5zYPM7aYoCvCqiXCmG_vN30D2DUAT6FQ-CeB9R4DgttfOzan4IEptA7R6bt9cc9ApfQ
And it will hold all the FSMO roles, to find out type Netdom query FSMO in command prompt,
And you will find the below administrative tools to manage the Active Directory Domain Services. To find out to go to Control panel – administrative tools.
https://lh4.googleusercontent.com/8fE503lx5rACr1HZQbyfQlSzd5m7TrFjKiv0BeyM6bamTjI94kQ-FHDR7OyHfM0OB0K_loJT3Sh4R42nD_ca435wuiO548I3W9M6e8d4pe0pDobJKg0-UH4Ffk1rbrmaaHqC3q6dsONgeyCCiA
This concludes the installation and configuration of Active Directory Domain Services in Windows Server 2016.
Please drop in comments if any queries related.
Thank you and happy learning ☺