Skip to main content

Installing and configuring Active Directory Domain Services in Windows Server 2016

In today’s topic, we are going to learn about the installation and configuration of Active Directory Domain Services in windows server 2016.
Before proceeding with the installation and configuration I would like to put some lights to know about Active Directory Domain Services (AD DS), Domain controllers and Domain.
What is Active Directory Domain Services?
Active Directory Domain Services (AD DS) stores information about objects on the network and makes this information available to users and network administrators. AD DS uses domain controllers to give network users access to permitted resources anywhere on the network through a single logon process.
Active directory uses Ports like LDAP (389 for communication), Kerberos (88) for authentication and DNS (53) for name resolution.
What is Domain Controller?
A Server running Active directory domain services is called as Domain controllers and it will authenticate and authorize all users and computers within a windows domain network.
What is Domain?
In Domain, a logical group of computers connected and which shares a common directory database.
Above is the brief introduction about the Active directory. So now we will proceed further with installation and configuration of Active Directory Domain Services (Domain) in Windows Server 2016.
Follow the below steps to proceed further.
Login to Windows Server 2016.
Open Server manager
In server manager click on manage and select Add roles and features, it looks like in below pic.
After clicking on Add roles and feature you will get the Add roles and features Wizard, click next proceed with installation.


Select Role based or feature based installation and click next to proceed.
In Select destination Server window, select a server from the server pool and click next to continue.

in check the box for Active directory domain services and click Add features on pop up window generated to add the required features to continue.

In features window click next to continue.
Go through the notes related to AD DS in the below window and click next to continue with the installation.
Check the box to restart the destination server automatically if required and click install to proceed with.

Post completing the installation you can see yellow escalation mark on the flag in Server manager window. Click on that and you will find the below to promote the server as Domain controller.
Click on promote this server to a domain controller to configure this server as DC.
In Active Directory Domain Services configuration wizard, select Add a new forest as we don’t have existing domain or a forest and provide Root domain name as per your requirement.
For ex: test.com
In Domain controller options window, select appropriate Forest functional level and domain functional level and specify domain controller capabilities, here I am configuring DNS and global catalog both with domain controller. Provide Directory services restore mode (DSRM) password to proceed with.
Click next to continue, you can ignore the warning as we don’t have delegation configured for the DNS server.

It will automatically configure the NetBIOS name assigned to the domain, if you want you can change only if necessary.
In paths window, leave the paths as it is by default and click next to continue.
Note: Active directory database file name is NTDS.dit

In review options window, review your selections during the configuration.
To automate these settings, you have export the settings and you can use this as a PowerShell script to automate the installations. To export click View script in the above window and save the notepad in local system for future use. The script looks like below. Click next to continue with the installation.
It will verify the pre-requisites for domain controller operations, if you see all prerequisites are completed successfully. Click install to begin the installation.

Post installation it will restart the server automatically. After restart, log into the server and check the configuration.
go to command prompt and type Net Accounts – result will show you the Computer role as Primary.

And it will hold all the FSMO roles, to find out type Netdom query FSMO in command prompt,
And you will find the below administrative tools to manage the Active Directory Domain Services. To find out to go to Control panel – administrative tools.

This concludes the installation and configuration of Active Directory Domain Services in Windows Server 2016.
Please drop in comments if any queries related.
Thank you and happy learning ☺



Labels:

Comments

Post a Comment

Popular posts from this blog

Unable to Install SCCM Client- File C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.Msi Error text : ExitCode: 1625

Today while troubleshooting SCCM client issue in one of the server I came across the below issue and thought of sharing with all of you. Hope it helps. Issue: Unable to Install SCCM Client getting below error in CCMSetup.log Reason:  Per the below log entry, setup was failing because the installation of MicrosoftPolicyPlatformSetup.Msi failed in the backend. Resolution: To resolve the issue, we need to perform manual installation of MicrosoftPolicyPlatformSetup.Msi. To perform the installation, follow below steps: Go to C:\windows\ccmsetup\ and right click on MicrosoftPolicyPlatformSetup.Msi and run as administrator to install it manually Post installing the MicrosoftPolicyPlatformSetup.Msi, run the CCMSETUP.exe setup once again and monitor the logs to check the installation status and the log should end with ccmsetup is exiting with return code 0. Post installation you can verify the configuration manager client in control panel and it should show all the 11
Post a Comment
Read more

Unable to transfer Schema master role from Primary Domain Controller to Additional domain controller (backup server) In Windows Server

Issue: Unable to transfer Schema master role from PDC to ADC. Symptoms: You will get below error while transferring Schema master using NTDSUTIL fsmo maintenance: seize schema master Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x32(50 (Insufficient Rights). Ldap extended error message is 00002098: SecErr: DSID-0315137D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Resolution: Add your user to Enterprise admin  group in Active directory to resolve this issue.
Post a Comment
Read more

Configuring Service Connection Point Role in System Center Configuration Manager 1702 Version

In Today’s guide, we will learn about Installing Service connection point role in Configuration Manager version 1702 . Using Service connection point role, we can keep the Configuration Manager up to date with latest updates. Before moving forward, we will understand about the Service Connection Point role in brief. What is Service Connection Point Role? A service connection point connects Configuration Manger to Microsoft cloud services and is used for Microsoft Intune subscription and servicing, and to update your Configuration Manager installation. This will help you in keep your Configuration Manager installation up-to date with latest updates. To install Service Connection Point Role, follow the below steps . Open Configuration Manager Console. From Workspace, Click on Administrations as shown in below screenshot In Navigation Pane – expand Site Configuration – Right click on Sites – and click on Add Site System Roles to proceed further. On General Screen, provide or
Post a Comment
Read more