Installing a new Windows Server Active Directory

Installing Active Directory hasn’t really changed much since its introduction with Server 2000.  It used a tool called DCPromo to guide users through setting up the new style Windows Domain.  Since the introduction of Server 2012, the DCPromo tool no longer exists and its replacement is a new Wizard or Powershell commands.

Despite having a new way of doing things, much of the information that you will require is pretty much the same as a Server 2003 Active Directory installation.  Since most people will only ever commission a Domain in a network once, we’ll be using the GUI method.

Before we begin the installation you will have needed to complete the installation of a Windows Server 2012 R2 server.  This can be either virtual or physical, if you use a virtual environment you can experiment and practice as many times as you like. See Building a Windows Server 2012 and Configure your Server 2012 R2 Server for details on preparing to add the Active Directory Domain Services role.  You should ensure that your new server is configured with sufficient disk space, it’s also a Microsoft recommendation that the Active Directory databases and related files are stored on their own volume rather than with the OS.

You will need to gather the information below to assist with the installation of the Domain Services Role:

  • Fixed IPv4 Address for the Domain Server
  • IP Address details of your network
  • Name of the new domain (i.e. schooltech.local
  • Short NetBIOS domain name (i.e. schooltech)
  • Password for your Administrator Account

First Assign a Static IP address to the Server.  This is a requirement since addition roles such as DNS will be installed.  Active Directory relies heavily on DNS for its service records. See Setting an IP Address if you don’t know how to do this.

Start the Add Roles and Features Wizard by using the links from System Manager.  You can Skip the first page of the Wizard although you should read this at least once.

Select the option for “Role-based or feature-based installation”, then click Next.

image

The Wizard will then list all of the computers that have been registered against Server Manager.  Choose your the server that you want to install the Active Directory Domain Services role onto, then click Next.

image

Select the Active Directory Domain Services role from the list.

image

Immediately as you click select the new role, you will be prompted to acknowledge the additional servers that are required.  Click the “Add Features” button to continue, then click Next.

image

At the “Features” page, simply click Next as there is no need for additional features for our Domain Controller.  You will then see a confirmation page which shows the other roles that are going to be installed.

image

A confirmation screen will then be displayed with the option to “Restart the destination server automatically”, Click Install at this point. Installation of the Active Directory Domain Services role will now begin.

Once the components have been installed, a message will be displayed in the Wizard dialog box, with a like to “Promote this server to a Domain Controller” – Click this link to begin setting up the new Domain.  If you clicked close on the dialog without clicking the link, you can find the “Promote” option in Server Manager Notifications.

image

Active Directory Domain Services Configuration Wizard

The Domain Services Wizard is very similar to the older Server 2003/2008 wizard and will start off by asking what you want to do.  There are 3 choices – choose the “Add New Forest”.

image

  • Add a domain controller to an existing domain
    Choose this option if you are adding a new Server 2012 R2 Server into an existing network with the intention of providing additional authentication capacity, upgrading from Server 2003/Server 2008.  You will need to have an existing domain in order to use this option.
  • Add a new domain to an existing forest
    This option allows you to segment your network into logical branches.  This could be really useful for Multi-Academy trusts who operate as a single unit, but each school with its own local network. If you’ve already got networks in place then you might want to look at federating logins instead.
  • Add a new forest
    A new forest is effective used for a brand new network.  For Example if we are creating the schooltech.local domain we would choose this option.

In the Root Domain Name, enter the domain name that you planned earlier.  You should avoid using schoolname.authority.sch.uk domains as it is unlikely that the school will administer the DNS.  Using schoolname.local or even schoolname.academy is a wise choice.

image

The Wizard will quickly check the network and DNS to ensure that the domain name isn’t already in use.  If there the domain name doesn’t already exist, then you will see the next stage in the Wizard.  This is where you control the features that are available in the Domain Services role.

image

Leave the defaults unless you have a requirement to alter them.  Enter in a “Directory Services Restore Mode” password – this is effectively the Windows Safe Mode password.  It should be a complex password which is not used for any other purpose.  You should record this password and store it in the schools safe, just in case it is ever needed.  This password can be altered at any time after installation, but seldom is.

image

If you see this message, this means that there is no DNS record associated with the domain.  The Domain will be created and a DNS record inserted into the DNS during the installation.

Specify the NetBIOS name – This is a legacy option and is still widely used within Windows networking.

image

The next part of the Wizard will prompt you to specify the location for the Active Directory databases and related files.  If you’ve got a large C: drive then you can leave the default locations, however it is recommended that the locations are changed to a separate volume, this is essential if you will be having thousands of users as the AD Database can grow quite large.  Active Directory Databases can only be stored on an NTFS volume.

image

Finally the Wizard will allow you to review what is going to be installed.  If you are happy with this, you can click Next.  This screen also presents the option to view a PowerShell script to automate deployment of the domain – this will be useful if you are adding further Member servers to an existing Domain (or are learning some PowerShell).

The Wizard will then run through some prerequisite checks and display any errors or warnings.  Read them carefully and follow any links if you are not sure what the implications may be.  Click Install when ready.

image

The installation will take a few minutes to complete and at the end, the Server will be rebooted to complete the setup of the necessary security and Domain Services.

image

Logon using the same password that was assigned to the servers Administrator account (not the Domain Services Restore Mode password).

Server Manager will show that your server is now joined to a Domain and that the Domain Services and DNS roles have been installed and configured.

image

You can access the Active Directory tools by using the Tools menu in Server Manager.

image

Open Active Directory Users and Computers to verify that the basic Domain structure has been created.

image

Posted in Windows Server and tagged , .