Install Active Directory on Windows Server 2016
Lab Objective
A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
This lab explains the process to add and install active directory domain services on windows server 2016.
- Server Name: DC01
- IP Address: 192.168.20.4
- DNS: 192.168.20.4
- Domain Name: faceitnet.com.au
Initial Configuration
Before you start active directory installation on windows server 2016, there are some changes its recommended to configure on server including the following:
- Server fully updated.
- Configure static IP.
- Create complex password for built-in administrator.
- Rename server.
- Configure time zone.
to change previous setting open server manager from start menu and follow the below figure.
The following steps will help you configure your server as an Active Directory Domain Controller on the network. DNS is an integral part of a Microsoft Active Directory Domain and will need to be setup and tested first to ensure it is running properly. All services within a Windows Domain require DNS in order to operate. Microsoft Best Practices specify a minimum of two domain controllers be installed within a domain. Having more than one domain controller allows for redundancy and continued operations even if one of the systems fails. The second system will continue to process user logins and DNS requests, continue to apply Group Policy, and will maintain your Active Directory environment. A single server domain is extremely risky and its’ best to avoid that at all costs.
Install Active Directory on Windows Server 2016
Install Active directory role
Now our server ready to install active directory domain service, as explained in the figures below
Promoting to Domain Controllers
Now we can promote the server to be active directory, from server manager follow the figures below
There are three allowed options when you try to promote your server to active directory:
- Promote your server to be additional DC in existing domain
- Promote your server to child domain in existing forest
- Promote your server to new forest (selected for our scenario)
Select forest and domain functional level to enable additional domain and forest-wide Active Directory features for our scenario select Windows Server 2016, also our domain will play DNS role and global catalog. finally create password for AD restore mode.
Its recommend to change active directory database and log files location from operating system partition.
After prerequisite checked, start installation. Its failed as we don’t have the secure password to Administrator user. You need to reset the password, If you didn’t get this error then you can continue with the next option on your screen.
Go to Computer Management on your server by right clicking on the start button, then go to local users and groups. In the Users go to administrator and reset the password by right clicking.
That’s All, Active Directory service is installed. Now let’s see how we can add the client to the domain as a domain member
To add the client machine to the domain, in this practical I am not using DHCP server on the domain controller hence I must assign the IP address information manually. If you have a DHCP service already running on your network, you don’t need to do this IP addressing manually.
The first step is confirming the IP address. I am using 192.168.20.250 as the IP address and 192.168.20.2 as the gateway since these machines are running on VMware NAT mode.
Now go to Computer Name/ Domain Changes by running the following steps
Go to Run (Windows Key +R) and type sysdm.cpl to go to system properties.
Go to Computer Name tab and select Change
You will see the following menu
In this screen select "Member of" and enter your domain name
When you click OK the system will ask to enter the domain Administrator user name and password for authentication
After you enter the password and click ok, if everything worked fine you will get the successful message
Click OK to restart
When the system boots next time you will be asked to go to domain user account. Now the client is part of the domain network.
No comments:
Post a Comment