A domain controller (DC) is a server computer that responds to authentication requests. It participates in the replication and contains a complete copy of all directory information for its domain. Ensure the requirements are met here to be able to support AD FS. If your environment requires high availability of IT systems, so when one DC fails, another takes over to ensure successful login, etc. Please see this guide for how to add a second DC to the existing environment, how to set up VMs in Hyper in order to have Domain Controllers running on Virtual Machines, and “Post OS configure Windows Server 2019 Properties.
Here are some related articles that might interest you. What are Active Directory Forest, Trees, Domain, and Sites, and how to synchronize your on-premises AD with Azure Active Directory using the Azure AD Connect tool.
Steps in performing Setting up the first Domain Controller
Note: On the VMs, ensure you have searched rigorously and applied all updates: Click on Manage on the First VM you wish to use as the First DC
– Click on next as shown below. You can optionally click on the check box to skip through this window in the future.
– Select Role-based or Feature-based installation and click on next
– Select the right server you wish to install the role on. Here I have just one server, so I will click on next
– Under the Server role, Select Active Directory Domain Services
Note: When you click on Active Directory Domain Services (AD DS), it will prompt with a window to add features required for AD DS role
Note: There is no need for installing the DNS server role alongside AD DS. This is because; you must not necessarily use the built-in DNS server. So I will be using a 3rd party DNS Server.
– Click on Next without selecting to install the DNS server.
– Under the features, Windows, click next and do not select anything as no feature is needed at this moment by me. If you do, you can select any and click on next. On the Active Directory Domain Services window, Click on next
– On the confirmation tab, click on Install. Usually, if a restart is needed, the system will ask and prompt for this. But I do this on the fly by checking the box, restart the destination server if required as shown below.
– Click on yes and click on install
Note 1: After installing AD DS, ensure you change the Default First Site name to a useful “name”.
– Ensure you change the Default First-Site-Name under Active directory Sites and Services to reflect the domain name. Or else the default name stays. See this link on how to perform this task the following link.
Note: 2: Ensure, you change the computer- name and enter the right IP parameters. This is very vital.
Promoting as a Domain Controller | Installing First Forest in Windows Server 2019
Since this is going to be our first DC; it is going to be our Primary Domain Controller (DC): Here I will be adding a new Forest and the link to promote this server as a DC can be accessed from this link below
– But if you decide to close this window and access the link via the Task details
– Click on promote this server as a domain controller which will open the deployment configuration window as shown below.
– Enter your root domain name and click on next
– On the Domain controller option, I will be leaving the Forest and Domain functional level as shown below and will enter my Password that will be needed in the future for recovery purposes. Remember to uncheck the Domain Name Server (DNS) Server in order not to install DNS Server.
– On the DNS Option below, click on Next and Do nothing (this behavior is normal as we do not want the name to be resolvable in Public DNS) as shown below.
– On the Additional Option, the NetBIOS domain name will be automatically filled, click on next,
– If you have other drives and would like to save these folders into, then you can select other paths. But I will leave it as default as shown below.
– Under the review option, Click on Next (Note: you can also view the PowerShell cmdlets using the view script menu below).
– Now the prerequisite test will be performed and when passed you can then install.
Click on install and this will continue to run displaying various progress steps etc. The Server will automatically restart itself and that is the end of the entire process. Having set up a new DC, you may want to see this guide: Laps in Windows: How to Reset Directory Services Restore Mode (DSRM) password.
Some facts to note on Promoting a Domain Controller (DC)
I have decided to add this at the bottom in order not to interfere with your configuration steps above 🙂 To promote a Server to a DC, in the previous version you will need to run dcpromo. But this is not the case anymore as you have seen above.
When you run the dcpromo, it checks to see if the Active Directory Domain Services binaries (role) are installed. Note: If you install the ADDS role ahead of time, you do not need to promote the server.
Note: in place of the FQDN of the forest root domain, using .local is preferable as it cannot be resolved from the internet. At the time of writing this guide, this is no longer the case. Microsoft does not recommend using non-routable domains due to directory synchronization. Please see this link and this guide “how to synchronize your on-premises AD with Azure Active ” for more information. Else, you may run into issues when integrating your environment with Azure AD (hybrid). Some more configuration is desired in this case. In short, using .com address will enable you to resolve hosts on the internet
After promotion, note the local user and groups are no longer available and this is because the local user and groups are not as secure as domain users and this help protect the dc
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.
