This blog post is Part 2 in the Active Directory on Windows Server 2019 Series of knowledge articles
Zulfikar Ali, 2023
Time to create your first Domain Controller (DC)
You should already have setup the VM for this as per the blog post: https://zulfikar.co.uk/blog/creating-your-first-vm/
First thing to do before you promote a Server 2019 computer into a DC is to set a static IP for it. Do you know the reason why? If not, go find out…
Start your Server 2019 VM and logon. Within your VM only click Start > Run and type in ncpa.cpl. Once the Network Connections dialog appears right click ‘Ethernet0‘ and select Properties
Select Internet Protocol Version 4 (TCP/IP), double click to open up the properties
Select ‘Use the following IP address:‘ and enter in your preferred Static IP for you lab environment, this will be based on what your router or switch allocates to the VM. Ideally use what is already allocated to the VM (check with ipconfig) to prevent creating a conflict with another device on your network.
Your Default Gateway is usually your internet modems IP Address, as this is where other networks outside of your internal subnets 192.168.0.0/24 or 10.0.0.0/24 can be found. Your router is the gateway to other IP subnets
Your DNS server is an important configuration, as this is the first DNS server in your Active Directory domain you should point to itself for all DNS resolution. So enter in ‘Preferred DNS server‘ the static IP Address you added earlier or simply use the loopback address of 127.0.0.1 to refer to itself. Leave ‘Alternate DNS server‘ blank for now, in the future when you add another DC with DNS to your Domain you will update this blank entry with the static IP of your 2nd DC.
Click OK twice once done.
Now back in the Server Manager select Manage from the top right, and select ‘Add Roles and Features‘ from the menu:
Click Next>
NOTE: The below screens are currently NOT in the correct order
Select ‘Active Directory Domain Services’ Role
The Add Features pop up will appear, review this list of features – you need to be fmailiar with them as they are tools used to administer AD. Select Add Features
Add DNS Role
The Add Features for DNS pop up, again the feature required is listed. Select Add Features. Then select Next>
In the Features windows just review what is selected (don’t change anything) before clicking Next>
In AD DS read the information presented then select Next>
In DNS Server read again the information presented then select Next>
At this Confirmation screen you are ready to install the Roles and Features selectee, so press Install
A restart notification windows will pop up, simply select Yes to allow a restart if it needs one
Installation commences…
Once the installation of the Roles and Features completes you will get a notification icon in the top right of the Server Manager window. Select the Flag icon:
This brings up the task details, you can see here that the Feature installation is complete. You now need to select ‘Promote this server to a domain controller’
NOTE: in older versions of Active Directory this process was called DCPROMO and was initiated from the Start > Run
The first windows that appears is ‘Deployment Configuration‘, out of the 3 options you will be choosing ‘Add a new forest‘ because you are creating the first DC in your Lab environment. In a real life scenario where an AD Domain already exists you would be choosing one of the first 2 options.
Now before you can move on you have to choose a ‘Root domain name’. Choose one that replicates your existing public internet domain (if you have one) or like here just a generic format like ‘ad.mycompany.org‘
Once you have decided on your root domain name please enter it then click Next>
You then need to set the options for your new DC, leave the Forest and Domain functional levels at Windows Server 2016 level (as you will never have DCs on older operating systems than this in your lab environment)
Leave the capabilities selected as is (DNS server, Global Catalog server)
Add in a memorable Directory Service Restore Mode (DSRM) password and click Next>
On DNS options just click Next>
A ‘DNS Options‘ dialog box will appear, simply click OK
On Additional Options wait for the NetBIOS name to autofill, once it appears simply click Next>
Specify the Paths for the important Active Directory files, if you have provisioned a D: drive as per Add a new Disk to a VM then switch the letter C: to D: then press Next>
On Review Options check the selections are correct then press Next>
You can view the script using the button on previous page, this is what it will look like:
On this screen it runs the Prequisites Checks. It should pass, therefore press Install
Again the Pre-Req Check dialog appears, click OK
Installation of Active Directory commences
Once Installation is complete your Domain Controller will be ready! Congratulations you have created the First DC in your First AD DS root domain.
