Installing Active Directory Domain Services on Windows Server 2016

In this post, we will learn about Installing Active Directory Domain Services on Windows Server 2016. Since Microsoft has all the information documented by SME’s, I will be using reference to Microsoft posts.

Before we go further, I would like you to visit few important links here:

  1. What’s new in Active Directory Domain Services for Windows Server 2016
  2. Active Directory Domain Services Overview
  3. AD DS Design and Planning
  4. What’s New in Active Directory Domain Services Installation and Removal

The AD DS installation process is now built on Windows PowerShell and is integrated with Server Manager. The number of steps required to introduce domain controllers into an existing Active Directory environment is reduced. This makes the process for creating a new Active Directory environment simpler and more efficient. The new AD DS deployment process minimizes the chances of errors that would have otherwise blocked installation.

In addition, you can install the AD DS server role binaries (that is the AD DS server role) on multiple servers at the same time. You can also run the AD DS installation wizard remotely on an individual server. These improvements provide more flexibility for deploying domain controllers that run Windows Server 2012 , especially for large-scale, global deployments where many domain controllers need to be deployed to offices in different regions.

There are two ways you can install the AD DS:

  1. Installing AD DS by Using Windows PowerShell
  2. Installing AD DS by using Server Manager

We will be installing AD DS by Using Windows PowerShell.

Installing the Active Directory Domain Service

First thing to is to add the role using Windows PowerShell. This will install following roles:

  1. AD DS server role
    1. Active Directory module for Powershell
  2. AD DS and AD LDS Server Administration Tools, It also install sub components:
    1. Active Directory Administrative Center
    2. AD DS Snap-ins and Command-line tools

When AD DS is installed via PowerShell, Server administration tools are not installed by default . You can install these via including switch –IncludeManagementTools to manage the local server.

Alternatively you can install Remote Server Administration Tools to manage a remote server.

Install-WindowsFeature -Name AD-Domain-Services –IncludeManagementTools

Import the Required Modules

After AD DS role is installed on your server, next step is to promote the box as a DC. But before that you will need to import the AD DS Deployment module, so you have all available commands to promote this server as DC.

Import-module ADDSDeployment

Commands to Promote Server as Domain Controller

Before we promote this server as domain controller, we can make use of Test AD DS Forest installation command to confirm. It is recommended to check all the pre-requisites before promoting as Domain Controller.

Test-ADDSForestInstallation, Runs the prerequisites for installing a new Active Directory forest. this

To do so, Run the command

Test-ADDSForestInstallation -DomainName harmikbatth.com -InstallDns

Press Enter

When promoted, Enter your “SafeModeAdministratorPassword” and confirm the password again.

After the command has successfully completed, it should return whether the status is Success or not. If it is success, then we can proceed further.

test-addsforestinstallation

Now as we have successfully tested promoting as domain controller, we can now actually Promote the Server as Domain Controller. Command will be same, but instead of Test-ADDSForestInstallation, we will use Install-ADDSForest.

Install-ADDSForest -DomainName harmikbatth.com -InstallDns

Have a read for various cmdlet arguments here. Few of the most common arguments used are as per below:

Install-ADDSForest

-CreateDnsDelegation:$false
By Default this will be computed automatically and used as per your environment assessment. You can either have it true or false.

-DatabasePath “C:\Windows\NTDS”
The default is %SYSTEMROOT%\NTDS, you can change it to the folder if required.

-DomainMode “Win2012R2”
Few of the options available are Win2003 | Win2008 | Win2008R2 | Win2012 | Win2012R2. You can also specify it as DomainMode {2 | 3 | 4 | 5 | 6}, which corresponds to names above.
The default value is automatically computed and set to the existing forest functional level or the value that is set for -ForestMode
Note: The domain functional level cannot be lower than the forest functional level, but it can be higher

-DomainName “yourdomain.com”
Provide your FQDN of the domain that you like to install as Domain Controller. This is required in order to install a Domain Controller.

-DomainNetbiosName “YOURDOMAIN”
It is only required if FQDN prefix name is longer than 15 characters

-ForestMode “Win2012R2”
This is required to specify Functional level when you create a new forest.
Default Forest Functional level is Win 2012. 
Few of the options available are Win2003 | Win2008 | Win2008R2 | Win2012 | Win2012R2. You can also specify it as ForestMode {2 | 3 | 4 | 5 | 6}, which corresponds to names above.

-InstallDns:$true
It is used to specify whether to install DNS as part of installation or not. If you have separate DNS then it should be set to $False or $True to install it. For a new forest, the default is $True and DNS Server is installed.

-LogPath “C:\Windows\NTDS”
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that contains the domain log files, for example, C:\Windows\Logs.

The default is %SYSTEMROOT%\NTDS. Important: Do not store the Active Directory log files on a data volume formatted with Resilient File System (ReFS).

-NoRebootOnCompletion:$false
Specifies whether to restart the computer upon completion of the command, regardless of success. By default, the computer will restart. To prevent the server from restarting, specify: -NoRebootOnCompletion:$True

-SysvolPath “C:\Windows\SYSVOL”
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer, for example, C:\Windows\SYSVOL.

The default is %SYSTEMROOT%\SYSVOL. Important: SYSVOL cannot be stored on a data volume formatted with Resilient File System (ReFS).

-Force:$true
When this parameter is specified any warnings that might normally appear during the installation and addition of the domain controller will be suppressed to allow the cmdlet to complete its execution. This parameter can be useful to include when scripting installation.

Install the First Domain Controller in Forest

Now as we have information on how to use powershell and AD DS cmdlets to install your First Domain controller, let’s just do it. To install, we will be using minimal arguments to do it. You can use different depending on your requirement, as various cmdlets are specified above.

To install, Type following command in Powershell and Press Enter

Install-ADDSForest -DomainName harmikbatth.com -InstallDns

Specify Safe mode password twice and Press Enter

install

When prompted, Type Yes or Yes to All to configure as a domain controller. Server may restart to complete this operation.

During Installation, All pre-requisites will be checked again. Installation will validate the environment and continue further.

install-step1

After successfully validating the environment, it will begin installing new Forest. Active Directory Forest will be created and schema will be installed.

install-step2

Server will reboot unless no reboot argument is specified.

After the reboot, Continue to login screen. You will notice that your you have few other options to login now. You can either login to domain account or this computer account.

install-finishscreen

After the login, AD DS will be fully installed and configured. You will notice that in Server Manager as per below picture

install-loginscreen

You can also open Active Directory Users and Computer and ADSI Edit etc from Program menu.

install-done

install-completed

You can also access new Active Directory Administrative Center, which gives you quick and easy way to rest password and other tasks on your fingertips.

This completes installing and promoting as Domain Controller.

I hope you liked the post and I am looking to hear from you should you have questions for me.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s