Lesson 2: INSTALLING

WINDOWS SERVER 2012

ACTIVE DIRECTORY VIA
SERVER MANAGER
 WHAT IS ACTIVE
DIRECTORY?
• Active Directory Domain Services (AD DS)
o a central repository of active directory objects such as user
accounts, computer accounts, groups, group policies and
so on.
• Active Directory authenticates user accounts and
computer accounts when they login into the
domain.
• Computers must be joined to the domain in order to
authenticate Active Directory users.

2
 WHAT IS ACTIVE
DIRECTORY?
• Active Directory is a database that is made
up of several components.
• Domain Controller (DC): - servers where the Active Directory
Domain Services role is installed.
o The DC stores copies of the Active Directory Database (NTDS.DIT)
and SYSVOL (System Volume) folder.
• Data Store: - It is the actual file (NTDS.DIT) that stores the Active
Directory information.
• Domain: - Active Directory Domain is a group of computers
and user accounts that share common administration within a
central Active Directory database.
• Forest: - a collection of Domains that share common Active
Directory database.
o The first Domain in a Forest is called a Forest Root Domain.
3
• Tree: - A collection of domain names that share
common root domain.
• Schema: - defines the list of attributes and object
types that all objects in the Active Directory
database can have.
• Organizational Units (OUs): - simply container or
folders in the Active Directory that stores other
active directory objects such as user accounts,
computer accounts and so on.
o OUs are also used to delegate control and apply group
policies.
• Sites: - Active Directory object that represent
physical locations.
o Sites are configured for proper replication of Active
Directory database between sites.
4
• Partition: - Active Directory database file is
made up of multiple partitions which are also
called naming contexts.
• The Active Directory database consists of
partitions such as
application, schema, configuration, domain
and global catalog.

5
INSTALLING ACTIVE DIRECTORY DOMAIN

CONTROLLER IN SERVER 2012

• the Active Directory Domain Controller role
can be installed using
o the Server Manager or
o alternatively, using Windows PowerShell

6
• A checklist before installing a Domain Controller
in your network is always recommended. It
should include:
• Server Host Name
o A valid Hostname or Computer Name must be
assigned to domain controller.
o E.g. We've selected FW-DC01 as a server's host name.
• IP Address
o You should configure a static IP address, which will
not be changed later on.
o In our example, we've used 192.168.1.1/24 which is
a Class C IP address.
• Domain Name – e.g. firewall.local
o Avoid usage of a public domain name in an internal
domain controller

7
 INSTALLING ACTIVE DIRECTORY DOMAIN

CONTROLLER USING SERVER MANAGER

• Open Server Manager, go to Manage and
select Add Roles and Features:

• Click Next on the Before you begin page.

• On the next screen, choose Role-based or
feature-based Installation and click Next:
8
• Select the destination server by choosing Select a
server from the server pool option and select the
server and click Next.
• In cases where there is only one server available, it
must be selected:
9
• In the Select server roles page, select
the Active Directory Domain Services role
and click Next: 10
• The next page is the Features page which we can
safely skip by clicking Next
• The Active Directory Domain Services page
contains limited information on requirements and
best practices for Active Directory Domain Services: 11
• Once you've read the information provided, click Next to
proceed to the final confirmation page.
• On the confirmation page, select Restart the destination server
automatically if required and click on the Install button.
• By clicking Install, you confirm you are ready to begin the AD
DS role installation: 12
• Note: You cannot cancel a role installation once it
begins
• The Add Roles and Feature Wizard will continuously
provide updates during the Active Directory
Domain Services role installation, as shown below:

13
• Once the installation has completed successfully,
we should expect to see the Installation
succeeded message under the installation progress
bar:
• Successful Installation & Promote Server to DC

14
 PROMOTING SERVER TO
DOMAIN CONTROLLER
• we can choose to Promote this server to a
domain controller by clicking on the
appropriate link as highlighted above (Blue
arrow).
• Then the Deployment Configuration page will
appear.
• Assuming this is the first domain controller in the
network
o select the Add a new forest option to setup a new
forest
o then type the fully qualified domain name under root
domain name section. E.g. firewall.local

15
• Administrators who already have active directory
installed would most likely select the Add a domain
controller to an existing domain option.
• Having at least two Domain Controllers is highly
advisable for redundancy purposes.
• When done click the Next button.
16
• Now select Windows Server 2012 R2 for
the Forest functional level and Domain
functional level.
• Next, click on the Domain Name System (DNS)
server option as shown in the figure below:

17
• The DNS Server role can be later on installed.
• Since this is the first domain controller in the forest, Global
Catalog (GC) will be selected by default.
• Now set the Directory Services Restore Mode
(DSRM) password.
• DSRM is used to restore active directory in case of failure.
• Once done, click Next.
• The next window is the DNS Options page. Here we might
encounter the following error
o can be safely ignored simply because of the absence of a DNS server
(which we are about to install later):

• Ignore the error and click Next to continue.

• In the next window, Additional Options, leave the
default NetBIOS domain name and click Next.
• The AD DS wizard will automatically remove the .local from the
domain name to ensure compatibility with NetBIOS name
resolution:
18
• The next step involves the Paths selection
o selection of where to install the Database, Log
Files and SYSVOL folders.
• You can either browse to a different location or leave
the default settings.
• When complete, click Next: 19
• Note: When the installation is complete, the Database
folder will contain a file named NTDS.DIT.
• This important file is database file of your active directory.
• Finally, the next screen allows us to perform a quick review of
all selected options before initiating the installation:
• Once reviewed, click Next.
20
• The server will now perform some prerequisites check.
• If successful, it will show green check mark on the top.
• Some warnings may appear, however if these are non-
critical, we can still proceed with the installation.
• Click the Install button to promote this server to domain
controller: 21
• The installation begins and the server's installation progress is
continuously updated:
• When the installation of Active Directory is complete, the server will
restart.
• After the restart, we can now open Active Directory Users and
Computers and begin creating user accounts, computer accounts,
apply group policies, and so on. 22
• under the Domain Controllers section, we
could find our single domain controller listed.
• If we were to add our new domain
controller to an existing active directory,
then we would expect to find all domain
controllers listed here.
23