This post will first walk you through the deployment of a new Active Directory forest and then it will take you through adding systems to this newly created domain.
- System is running Windows Server 2016
- System has a statically assigned IP address
Log into the server with a member of the local administrator’s group.
From Server Manager click Manage from the top menu and select Add Roles and Features. (Figure 1.1)
Click the Next button. Leave the Role-based or feature-based installation radio button selected and click the Next button. (Figure 1.2)
The selected destination server should be the future domain controller. Verify this is true and click the Next button. (Figure 1.3)
For roles, check the Active Directory Domain Services box. (Figure 1.4)
Leave the Include management tools box checked and click the Add Features button. (Figure 1.5)
Click the Next button.
No features are needed. Click the Next button.
Click the Next button.
Check the Restart the destination server automatically if required box. Confirm the decision by clicking the Yes button and click the Install button. (Figure 1.6)
Click the Promote this server to a domain controller hyperlink. (Figure 1.7)
Select the Add a new forest radio button, enter the name of the root domain, and click the Next button. (Figure 1.8)
Provide a password and confirm the password that has been selected. Click the Next button. (Figure 1.9)
Ignore the delegation warning. This error is simply saying that (for my domain selection) I have a “test.lab.” domain but no “lab.”. Click the Next button. (Figure 1.10)
Verify the NetBIOS domain name and click the Next button. (Figure 1.11)
This is not required but I always change these location to something other than the system drive. The second partition created on this VM is E: so I will change the locations from C:\Windows\NTDS and C:\Windows\SYSVOL to E:\Windows\NTDS and E:\Windows\SYSVOL. Click the Next button. (Figure 1.12)
Review all settings and if you are satisfied click the Next button. (Figure 1.13) Note: If you click the View script button a powershell script staged with all of the parameters just created has been generated for future use.
Allow the prerequisite checks to run and if you receive a green check saying All prerequisite checks passed successfully, click the Install button. The warnings can be ignored. (Figure 1.14)
Click the Close button or wait for the system to restart. (Figure 1.15) The installation only took about about six (6) minutes to complete.
When you arrive at the logon, you will notice that your local account is not a domain account. Domain controllers do not have local accounts and groups. Once they are promoted all of these local objects are turned into active directory objects. (Figure 1.16)
Join Member Server to the Domain
Log into a member server (Server is not a Domain Controller) with a local administrative account and open Server Manager if it does not open automatically. Select Local Server from the left side menu and click the WORKGROUP hyperlink below the server name (Figure 1.17)
On the Computer Name tab, click the Change button. (Figure 1.18)
Select the Domain radio button and enter the name of the domain in the field provided. Click the Ok button. (Figure 1.19)
Figure 1.20: If you receive an error stating the domain could not be contacted check the following:
- The domain is spelled correctly
- The IP Address is correct
- The subnet mask is correct
- The DNS information is correct (Note: the default gateway is only a factor if the system is on a different network than the domain controller)
- Validate that you can Ping the domain controller (Note: the firewall may prevent pings but not a domain join)
- Once you can ping the domain controller try pinging the domain name
Enter domain credentials with permissions to add systems to the domain and click the Ok button. (Figure 1.21)
Click the Ok button. (Figure 1.23)
Click the Ok button. (Figure 1.24)
Click the Close button and then click the Restart Now button. (Figure 1.25)