Last updated on September 1st, 2021
Domain Controller stores data for a Windows domain. A Windows domain is a computer network where user accounts and resources are stored.
Windows Domain Controller
Domain Controller stores data for a Windows domain.
A Windows domain is a computer network where user accounts computers and resources are stored.
All those things are defined on one or more servers that are called Domain Controllers.
Users and computers on the domain are authenticated through the domain controllers.
The permissions to the resources are based on user accounts and the groups that contain user accounts.
So with that information in mind, it’s time to set up our Windows server as a domain controller and create our domain.
We are going to be using VMware Workstation in full-screen mode.
At the very top of the Window, you will see the enter full-screen mode button to enter and exit full-screen mode.
Simply move your cursor to the top and click the full-screen mode button. This will help us to be able to see what we’re doing inside the window.
Domain Controller Settings
When we first start up the Windows server and log in we should see the server manager utility.
The server manager utility allows us to get an overview of the different roles and configurations that we’ve set up for our local server.
Also, servers that we’ve added to any groups within the domain once we’ve created it.
If you don’t see the server manager window when you first log into Windows, you can access it through the quick launch toolbar or the Start menu.
There are some preliminary steps that we need to set up to make our domain controller active and working properly.
We can go up to configure this local server to set some of these options.
First, we need to give our server a name.
Now if you click the name you can change it.
It’ll open the system properties menu. You can click Change. And from here you can change your server’s name.
Once you click OK and confirm your changes you will need to restart the server to save the change.
We’ll also want to make sure that Windows updates are turned on.
The Windows update settings will show you what your current settings are.
It’s always a good idea to keep your server up to date with the latest patches. This prevents any vulnerabilities or bugs from occurring that would impact user experience.
We’ll also want to make sure that our time zone and our time are set correctly.
I prefer setting up an internet time server so that Windows can sync with an external source.
There are some built-in options for time servers that you can use or you can use one of your own if you’re familiar with the protocol.
There are some other options on the left-hand side that we’ll want to configure as well.
The defaults for Windows Firewall remote management and a remote desktop will be fine for now.
NIC teaming is an option that allows you to combine different physical network interfaces to one IP address.
You can skip that since that’s a more advanced feature.
Now we do need to configure a static IP address for the server. Since it’s going to be a domain controller its IP address must not change.
If it does, that could cause some problems in the future. So let’s go ahead and configure a static IP address.
Now when we click our current configuration within server manager we will be presented with a list of our current Ethernet adapters.
If you right-click the server adapter and click status and then details, it’ll show you the current IP address and IP settings.
Those have been given by the DHCP server built into VMware.
We need to change this so that this information is static and will not change.
You should make a quick note of your IP address and your gateway as well as the DNS server.
Now go into properties open up IP protocol version 4 and instead of obtaining an IP address automatically use the created IP address and enter that information.
Once you have entered your settings you can click OK.
Now we’ve prepared our server with the basic settings that will allow it to become a domain controller.
Go back to the dashboard on the server manager and click Add roles and features to add the Active Directory domain services role.
The add roles and features wizard will appear and we can click Next.
The Active Directory and domain services role is a role-based and feature-based installation so that the default setting is perfect.
If we have multiple servers in our pool we can select them and install roles to different servers.
But we’re going to install this one locally so we will select Active Directory domain services and then click Next.
We should also install group policy management as well and then we’ll click install.
Once the rolls have been installed we’ll be prompt to perform any additional steps that are necessary for activating that roll’s features.
Here we’re setting up a domain controller and we need to take advantage of the Active Directory domain services.
So this server needs to be promoted to a domain controller.
The Active Directory domain services configuration wizard will open.
Active Directory Configuration
We will first be prompted to select a deployment operation.
You’ll see three options:
1. You can add a domain controller to an existing domain.
2. You can add a new domain to an existing forest
3. You can add a new forest.
Forest is simply a group of domains. A domain is a computer network where the domain controller houses all of the user computer and resource information in a local directory.
And a forest is simply a group of domains.
There are separate groups of domain controllers.
All of that information is controlled on an individual per domain basis but all belong to the same forest.
You need to create a new forest.
You’ll be prompted to enter a root domain name.
Now when you hear the word domain name you may be thinking of something like google.com or yahoo.com.
In a Windows domain context, a domain name doesn’t refer to an Internet domain name but rather a record that all the computers and all of the user accounts used to lookup resources within the domain.
We could enter something like google.com as our root domain name.
However anytime somebody within the domain tried to access something with the domain name google.com the computer would think of that as a resource within the domain.
We can’t use something that’s on the Internet because then your users would not be able to access that Internet web address.
Instead, we should use a domain name that doesn’t exist on the internet and isn’t used anywhere else within our domain as a web resource or any other type of resource.
A good practice is always using something that does not exist on the Internet.
And the best practice is to use something that ends in dot local because dot local addresses cannot exist on a public domain namespace.
For example, you can use the domain name test.local next we’ll set our forest and domain functional levels
The functional level of a forest or a domain is simply a set of features that are allowed on that domain.
As a whole, this is mainly controlled by what versions of Windows Server are active domain controllers within your domain.
For example, if all of our servers within a domain were Windows Server 2012 r2 then we could easily set our forest and domain functional level to Windows Server 2012 r2.
There are additional considerations to make if you’re using older versions of the Windows server.
Your forest or domain functional level may need to be set lower since this is the only domain controller in your domain.
The default works just fine.
We’re also asked to specify the domain controller’s capabilities.
We want this domain controller to be a DNS server.
DNS server is simply a record of all the computers and devices within the domain network and their IP addresses that are associated with them.
A global catalog is simply a record of all of the resources that exist on the domain controller and is advertised to all the users and computers based on their permissions.
The primary domain controller that we’re setting up now has to be a global catalog.
Because it’s the first domain controller.
You’ll also see that the read-only domain controller is grayed out and you cannot enable it. This is because the first primary domain controller is being set up and needs to be writable.
Later you could set up a domain controller that is read-only for special purposes.
Lastly, we need to set up directory services restore mode password.
D SRM is a tool that’s used to recover directory services and directory information in case of a disaster.
So we’ll set up a password for that. Now make sure you note this down in case you ever need it in the future.
When you first set up a primary domain controller in a basic domain you’ll be warned that delegation for the DNS server cannot be created because of an authoritative parent zone not being able to be found.
This is normal and it can be ignored.
Next, we’ll be asked to set the NetBIOS domain name.
NetBIOS is simply the first part of the root domain name that we set.
We want this to be the same so the default is perfect.
Next, we’ll be asked to specify the location of the ad DS database or the Active Directory domain services database, the log files, and the symbol folder.
The defaults for these folders are fine but you can modify the locations of these to suit your purposes.
We are then given an option to review all of our selections and to make sure that everything looks correct.
When we click Next Windows server will begin checking to make sure that all of the prerequisites for becoming a domain controller are met.
It will give you warnings about security.
There is a setting in Windows 2012 domain controllers by default that is turned on that allows compatibility in cryptography with older Windows Server systems.
This is a potential security risk because older cryptography algorithms are sometimes weaker and subject to vulnerability you can ignore this but is a good thing to read up on the different vulnerabilities that might exist.
We will also see that the warning we got earlier about the DNS server is showing up as well as before this warning can be ignored we’ll see that all of our prerequisite checks have been completed and they have all passed successfully.
We’re ready to upgrade this server and promote it to a domain controller.
Once the server has successfully installed Active Directory domain services and upgraded to a domain controller we’ll be warned that we’re about to be signed out and the computer will restart.
Once our server has restarted it is now a primary domain controller on the test domain.
We can now log in as our administrator account and the server manager window will open.
From here we can configure our domain services and add other roles and features onto our domain controller.
At the very bottom of your server manager, you’ll see that ad DS has been installed as well as DNS and file and storage services.
Here you can read more about domain controllers.
You can activate Windows 10 free.
Here Activate Office 2016 free.
Learn how to Configure Active Directory.