Active Directory from scratch

- [Instructor] I'm logged into my Windows 2022 Server. And I want to promote this server to be a domain controller. And that means I'm going to be adding this as a domain controller in a brand new Active Directory forest and domain. I'm going to go to where it says Add roles and features. And I'll get the wizard that pops up. And I'll go through until we get to the server roles. But before I get that far, I want to make sure that my server name is correct, and the IP address is correct. The server name needs to be correct, because you cannot rename an Active Directory domain controller. So you want to rename it now if it's not the right name. And the IP address needs to be correct, because it needs to be a static IP address. At least one of your network cards needs to have a static setting. You cannot use dynamic and expect to have the domain controller work properly if your IP address changes, and users can no longer find you. Now that I have this set the way I want it, I'm going to click Next. And I'm going to check the box for server roles for the Active Directory domain services role service. And I'll click to add the features along with it. And click Next. Next. Keep going until I get to Install. Now, this does not turn the server into an Active Directory domain controller. This just installs the tools that I'm going to need to make this a domain controller. The installation is starting up. After this is complete, I can then go in and choose a new wizard, and that new wizard will give me several options. One will be to create a new domain in forest. Another will be to create a child domain. And the last option would be to add this server as a secondary domain controller in an existing forest and domain. I'm going to choose to create a new domain in forest. And we'll just have to wait until this installation is complete. It usually just takes a couple of minutes. And then we can continue. While I'm waiting, I'm going to click Close. And I'm going to go down to the network settings. And I'm going to point the DNS server to itself. Because if it's pointing to a public IP address, then any types of requests will end up going out to the internet instead of the local domain controller. So I'll open up Network and Sharing Center. And I'll click on Change adapter settings. And I'm using IP version four, so I'll edit that by double-clicking and taking out our public DNS server. And I'm going to point it back to itself. Now, any requests that need to go out to the internet can be made by going into DNS manager and setting up a forwarding IP address out to the public DNS. The feature installation is complete, so I'll click Close. And now I see this little triangle at the top, I'll click on that and choose to promote this server to be a domain controller. Now we need to choose this option where it says to add a new forest, and that's because we don't have a forest or domain created yet. So I need to create a root domain name. I've named my root domain name. Now I'm going to click Next. And I'm going to take a look at the forest functional level as well as the domain functional level. So I'll hit the dropdown, you can see there's nothing new after Windows Server 2016. This is about the time that Microsoft started moving people to try to get them to sign up with Azure Active Directory and Azure Active Directory domain services. So they stopped increasing the functional level at that point. Make sure you don't go any lower than that 2016. Feel free to go ahead and choose 2016 and move forward. Under the Specified domain controller capabilities, make sure that both boxes are checked for DNS and global catalog. We don't want to create a read-only domain controller. What that would do is create a domain controller, but it's a type that we can't write to, and our first domain controller cannot be a read-only. Next, we want to put in our password for DSRM or Directory Services Restore Mode. This is for disaster recovery in case Active Directory domain services won't launch when you log into the server. So I'm going to use the same password I used for the administrator, although you can certainly use anything you'd like, and choose Next. Next, we have a warning about a delegation for the DNS server cannot be created. This can be safely ignored. This happens on every version of Windows Server. Now, the NetBIOS domain name will automatically get added in. You don't have to actually type anything. You may just have to wait a few seconds. And there it is. Now you can see that the NetBIOS domain name is just part of our original Active Directory domain name. You can change this if you'd like, or you can leave it the way it is and click Next. What this NetBIOS domain name is is it's a holdover from the old Windows NT days. And this is the way that we used to log in was with this NetBIOS domain name. And we can certainly continue using that if we want when we log in. For instance, we can log in as LinkedIn backslash administrator. Or we can log in as administrator at LinkedIn dot internal. Either way will get us in. Click Next. I'm going to choose the default locations for the database log files and CIS file. And I'll click Next again. Now you may see some warnings. But as long as you don't see any red stop Xs, then you can go ahead and install. You can ignore all warnings. Once again, all versions of Windows have had this. And I don't see anything that gives me any pause, so I'll go ahead and click Install. Once the installation is complete, it will automatically restart, and it will be an Active Directory domain controller in your new forest and domain. Since this is the first domain controller, it's going to name the forest the same as the domain. Now, after that, if you'd like to install additional domain controllers, you can, or you can even create a new domain under this same forest name. And I've seen that in many companies that have multiple companies within one parent company. Soon, we'll see a popup that happens that says the server is about to restart. And then we'll wait for it to restart. And then we can log in for the first time with the server acting as a domain controller. Here we see the server is about to be signed out and restarted. And we were successful. I'm now logging in for the first time as the domain administrator. Server manager has loaded. If I go to Tools, I should be able to see some Active Directory tools, and there they are. I'll just click on Users and Computers to confirm that I don't have any errors when I launch it. And here we can see Active Directory Users and Computers has launched successfully, and the domain and forest are up, because we don't see any errors. Adding Active Directory gives clients a secure way to log in and have a CIS admin manage their user and computer accounts.