Active Directory : Install

Install Active Directory Domain Service.

[1] Run [Start] - [Server Manager].

[2] Click [Add roles and features].

[3] Clici [Next] button.
[4] Select [Role-based or feature-based installation].
[5] Select a Host which you'd like to add services.
[6] Check a box [Active Directory Domain Services].
[7] Addtional features are required to add AD DS. Click [Add Features] button.
[8] Click [Next] button.
[9] Click [Next] button.
[10] Click [Next] button.
[11] Click [Install] button.
[12] Installation is started.
[13] After finishing Installation, click [Close] button.
 Active Directory : Configure DC

Configure New DC (Domain Controler).

[1] Run [Server Manager] and click [AD DS].

[2] Click [More...] link which is upper-right.

[3] Click [Promote this server to domain...] link.
 Check a box [Add a new forest] and input any Domain name you'd like to set for [Root
[4]
domain name] field.
 Select [Forest functional level] and [Domain functional level]. This example shows to select
[5] [Windows Server 2012R2] both. Furthermore, Set any password for Directory Services
Restore Mode.
[6] Click [Next] button.
[7] Set NetBIOS name.
 Specify Database folder or Log folder and so on. It's Ok to keep default if you don't have
[8]
specific requirements.
[9] Check the contents you configured and click [Next] button.
[10] Click [Install] button. After finishing installation, System will restart.
[11] After restarting System, logon name is changed as [Domain name]\[User name].
 Active Directory : Add User Accounts

Add User Accounts on Active Directory.

[1] Run [Server Manager] and click [Tools] - [Active Directory Users and Conputers].

[2] Click with right button [Users] on left tree and select [New] - [User].
[3] Input User name or Logon name for new user.
[4] Set initial password for new User.
[5] Check contents you set and click [Finish] button.
[6] A new user is just added.
 Active Directory : Add Group Accounts

Add Group Accounts on Active Directory.

Run [Server Manager] and open [Tools] - [Active Directory Users and Conputers], next,
[1]
Click with right button [Users] on left tree and select [New] - [Group].

[2] Input a Group name you'd like to add.

[3] A new Group is just added.
 Active Directory : Add Organizational Unit

Add Organizational Unit on Active Directory.

Run [Server Manager] and open [Tools] - [Active Directory Users and Conputers], next,
[1] Click with right button your domain name on left tree and select [New] - [Organizational
Unit].

[2] Set any name you like.

[3] A new Organizational Unit is just created.
[4] It's possible to configure hierarchical design for Organizational Unit.
 A new Organizational Unit "development01" is created under the OU "Hiroshima" as an
[5]
example.
 Deletion of Organizational Unit

For Deletion of Organizational Unit, it cannot delete by default because it is protected. For
[6]
unprotection, select the OU you'd like to delete and right click it and select [View] - [Detail].
[7] Right-click the OU you'd like to delete and open [Properties].
 Move to [Object] tab and uncheck a box [Protect object from accidental deletion], then you
[8]
can delete the OU.
 Active Directory : Add Computer Accounts

Add Computer Accounts on Active Directory.

Run [Server Manager] and open [Tools] - [Active Directory Users and Conputers], next,
[1]
Click with right button [Computers] on left tree and select [New] - [Computer].

[2] Input a new Computer name.

[3] A new Computer is just added.
 Active Directory : Add Users with a Batch

If there are many user accounts you must add on AD, then Add them with a Batch. This is
an example.
[1] Create a text file and write users you'd like to add on AD with full name like follows.

Create a batch file like follows (it's an example, modify if you want).
The batch loads the user-list file created in [1] and add them into OU:Hiroshima-
[2] OU:Development01.
The users's password are set temporarily as their full name and they must change it for initial
logon.
 The default password policy denies passwords which username is included, so change policy
temporarily (after adding users, Do not forget to go back to default policy to protect trivial
[3]
password).
Run [Tools] - [Group Policy Management].
[4] Click with right button [Default Domain Policy] and select [edit...].
[5] Open [Password Policy] like follows.
[6] Open [Password must meetcomplexity requirements] and turn to Disabled temporarily.
 After few minites later, Run a batch created in [2] to add Users. After finishing Users, Do
[7]
not forget to turn to Enabled for [Password must meetcomplexity requirements].
[8] User Accounts are just added with a batch.
 Active Directory : Join in Domain from Clients

Join in Active Directory Domain from Other Windows Clients. This example is based on
Windows 10.
[1] Before setting, change to DNS settings to refer Active Directory Host.

[2] Open [System] and click [Change settings] link which is lower-right.
[3] Move to [Computer Name] tab and click [Change] button.
[4] Check a box [Domain] and input domain name and next, click [OK] button.
[5] Authentication is required, authenticate with Administrator or other priviledged Users.
 After successing authentication, Welcome message is shown like follows. Restart the
[6]
Computer once.

On the logon screen after restarting Computer, click "another user" to switch Domain user to
[7]
logon.
[8] Authenticate with a Domain user you added.
[9] Just Logon to Active Directory Domain.