Skip to main content

How to setup a Domain Controller? Setting up your first Domain Controller and installing Active Directory Domain Services (AD DS) on Windows Server is excellent to start managing the IT infrastructure. This article will show how to install AD DS and promote the server to Domain Controller.

Active Directory Domain Services

A server running the Active Directory Domain Services (AD DS) role is called a Domain Controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers and installing or updating software.

Setup a Domain Controller

There are three steps in total to setup a Domain Controller. The below step-by-step guide will ensure that you install and configure a Domain Controller.

Note: The steps will work for Windows Server 2012/2016/2019/2022.

Install Active Directory Domain Services (AD DS)

Follow the steps to install Active Directory Domain Services (AD DS) on Windows Server.

Start Server Manager. Go to Dashboard > Manage > Add Roles and Features.

Server Manager add roles and features

Click Next.

Add roles and features wizard before you begin

Select Role-based or feature-based installation. Click Next.

Add roles and features installation type

Select the server from the pool. Click on Next.

In our example, it’s Windows Server DC01-2019 with a fixed IP address 192.168.1.51.

Add roles and features installation server selection

Check the checkbox Active Directory Domain Services.

Select server role Active Directory Domain Services

A window will show that it will add features that are required for Active Directory Domain Services. Click Add Features.

Add features that are required for Active Directory Domain Services

Click Next.

Add roles and features select server roles

You don’t need to select any features. Click Next.

Add roles and features select features

Proceed with Next.

Active Directory Domain Services

Click Install.

Setup Windows Server Domain Controller confirm AD DS role install

The installation will start.

Install Active Directory on Windows Server installation progress

In the next step, we will promote the server to a Domain Controller.

Promote server to Domain Controller

Now that the Active Directory Domain Services feature installation is completed on Windows Server, additional steps are required to make this machine a domain controller.

Click on Promote this server to a domain controller.

Setup Windows Server Domain Controller promote domain controller

Select Add a new forest. Fill in the root domain. Click Next.

In our example, we will use the root domain exoip.local.

Setup Windows Server Domain Controller add new forest

Type the Directory Services Restore Mode (DRSM) password twice. Click Next.

Setup Windows Server Domain Controller type password

Ignore the delegation warning at the top. Click Next.

Setup Windows Server Domain Controller DNS options

Click Next.

Setup Windows Server Domain Controller NetBIOS domain name

Click Next.

Setup Windows Server Domain Controller paths

Click View script to see the Windows PowerShell script for automating the installation.

Setup Windows Server Domain Controller view script

You can save the file as PowerShell script (.ps1) and use it the next time you want to install a Domain Controller. Or you can adjust the PowerShell script to your needs. This can save you time instead of using the Server Manager and going through all the steps.

Setup Windows Server Domain Controller PowerShell script for AD DS deployment

Click Next.

Setup Windows Server Domain Controller review options

Click Install.

Setup Windows Server Domain Controller confirm promote server

A reboot will automatically occur at the end of the promotion operation.

Sign in to domain

Type in the credentials to sign in to the domain. The password is the same that you used when you sign in to the local server before installing AD DS and promoting the server to Domain Controller.

Sign in to domain controller

That’s it!

Important: Users can set weak passwords, wich allows hackers to enter your organization. To prevent this, install a free tool to Secure Active Directory passwords from breaches.

Leave a Reply