This article will discuss the importance of Active Directory (AD), along with what it is, what it does, installation, and configuration. We must state in advance that there have been entire books written about AD. While we will touch on the significant aspects of its functionality, more in-depth information can be found online.
What Is Active Directory?
Active Directory is Microsoft’s proprietary directory service. It runs on a Windows Server and stores critical information about users and objects contained within a local network environment. It saves and organizes this information to allow administrators to easily associate users with specific network resources and grant users the permission needed to accomplish specific tasks.
The value of Active Directory for today’s Windows administrators cannot be understated. AD is critical to successfully managing users, computers, peripheral devices, and many other objects. Currently, 95% of Fortune 1000 companies use it to organize their environments. Active Directory Domain Services (DS) also provides authorization and authentication methods like Single Sign-On (SSO), Lightweight Directory Access Protocol (LDAP) management, administering certificate services, and user rights management.
What Does Active Directory Do?
Active Directory creates and stores service records on user data, applications, devices, and groups. It then saves and categorizes all this information in a hierarchical structure, by name and attribute. These ledgers help organize and make it simpler for administrators to locate details regarding the resources that are connected to the network. In essence, Active Directory acts as a type of registry for the objects connected to the network to be found and managed efficiently.
- Windows Professional or Windows Enterprise installed on our server.
- Access to the Windows administrator account.
- A static IP address is assigned to the server.
- Latest Windows updates.
- Windows Firewall is disabled.
Benefits of Active Directory
- Admins can customize how information is designed to meet specific company needs.
- Administrators can manage AD from any computer or location on the network.
- AD DS provides built-in redundancy and replication services. If a single Domain Controller (DC) crashes, another DC will pick up the load to continue providing the service.
- All-access to network resources operates through AD DS, which keeps network access rights management centralized.
How To Set up Active Directory
To begin, log in as an administrator to the Windows server.
Next, from the Start menu, select the Server Manager.
Then, select Add Roles and Features and click Next to continue.
The Beforeyou begin page provides information about the wizard that guides us through the process and instructs us to verify the stated prerequisites are in place before moving forward.
Now, select Role based or feature based installation and then click Next.
Click Select the server from the server pool, which is where Administrators will install Active Directory, then click Next.
Choose the Active Directory Domain Services checkbox on the server roles page.
A popup window will show additional required features. Click on the Add Features button, then click Next.
Keep the default settings for the Active Directory Domain Services selection, and then click Next.
The installation will prompt us to select additional features to add if desired. Keep the defaults and click Next.
Review the notes about the Active Directory Domain Services and then click Next.
Now, examine the confirmation info about the Active Directory installation and then click Install.
The Active Directory 2019 installation wizard will now run. It should take anywhere from five to thirty minutes to complete. When it finishes, click Close.
How To Use Active Directory
In the Server Manager > Dashboard, click on the notifications icon in the top-right corner. Then, on the Post-deployment Configuration notification, click Promote this server to a website controller.
In the Deployment Configuration window, under Deployment Configuration, Select the deployment operation, and choose Add a new forest. Next, we specify the domain information for this operation by adding a Root domain name in the text box.
In the Domain Controller Options window, under the Select functional level of the new forest and root domain, keep the Forest functional levels and Domain functional levels set to Windows Server 2016 as the default level. This is the highest functional level to access the most recent or latest features.
Keep the Domain Name System (DNS) server and Global Catalog (GC) options checked. Now, type in the Directory Services Restore Mode (or DSRM) password twice, then click Next.
Next, on the DNS Options page, you will most likely encounter an error at the top stating, “A delegation for this DNS server cannot be created because the authoritative parent zone nameserver cannot be found.” This error for DNS Delegation is expected since we do not have an Active Directory DNS setup yet. It is merely a notification letting us know that other domains or other private networks may not be able to resolve our domain name yet. Users can safely ignore this warning as it is expected at this point. Click Next to continue.
Now, verify and confirm the NetBIOS name and then click Next.
Next, keep the default paths for the Database, Log files, and SYSVOL folders unless different folder locations are required. Click Next to continue.
In the Review Options window, assess the options selected. Click Next if satisfied. Additionally, if Admins will perform additional installations, we can export a PowerShell script to automate future deployments. To take advantage of this option, click the Viewscript button. Should changes be required, click on the Previous button to go back and adjust the options.
In the next step, a Prerequisites Check is run. These checks are validated before the Active Directory Domain Services is installed. Please review and repair any errors by clicking the Previous button to return to the previous step if necessary. If all the prerequisites have been passed successfully, click Install.
When the installation completes, the system will notify us that our server has successfully been configured as a domain controller. The setup will then conclude by rebooting the server.
Post Installation Tasks
After the Active Directory installation completes, log back into the Server as the domain administrator. Go to the Server Manager > Dashboard and click on the Tools menu in the upper right-hand corner to see the available Active Directory resources.
Next, open the Server Manager and confirm the Active Directory Domain Service installation.
Lastly, confirm the DNS installation.
Active Directory is now configured on our Windows Server 2019. As we have seen, enabling this option allows us to manage numerous settings and tasks within the Active Directory manager. This includes adding and managing users, regulating domains, tracking access and certificates, and overseeing other system controls. Providing Administrators with a feature-rich, centralized management interface allows them to accomplish multiple tasks in one location. This saves time and effort while incorporating additional performance capabilities and functionality.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.