Reading Time: 7 minutes
Windows Active DIrectory

Introduction

This article will discuss the importance of Active Directory (AD), along with what it is, what it does, installation, and configuration. We must state in advance that there have been entire books written about AD. While we will touch on the significant aspects of its functionality, more in-depth information can be found online.

What Is Active Directory?

Active Directory is Microsoft’s proprietary directory service. It runs on a Windows Server and stores critical information about users and objects contained within a local network environment. It saves and organizes this information to allow administrators to easily associate users with specific network resources and grant users the permission needed to accomplish specific tasks.

The value of Active Directory for today’s Windows administrators cannot be understated. AD is critical to successfully managing users, computers, peripheral devices, and many other objects. Currently, 95% of Fortune 1000 companies use it to organize their environments. Active Directory Domain Services (DS) also provides authorization and authentication methods like Single Sign-On (SSO), Lightweight Directory Access Protocol (LDAP) management, administering certificate services, and user rights management.

What Does Active Directory Do?

Active Directory creates and stores service records on user data, applications, devices, and groups. It then saves and categorizes all this information in a hierarchical structure, by name and attribute. These ledgers help organize and make it simpler for administrators to locate details regarding the resources that are connected to the network. In essence, Active Directory acts as a type of registry for the objects connected to the network to be found and managed efficiently.

Prerequisites

  • Windows Professional or Windows Enterprise installed on our server.
  • Access to the Windows administrator account.
  • A static IP address is assigned to the server.
  • Latest Windows updates.
  • Windows Firewall is disabled.

Benefits of Active Directory

  • Admins can customize how information is designed to meet specific company needs.
  • Administrators can manage AD from any computer or location on the network.
  • AD DS provides built-in redundancy and replication services. If a single Domain Controller (DC) crashes, another DC will pick up the load to continue providing the service.
  • All-access to network resources operates through AD DS, which keeps network access rights management centralized.

How To Set up Active Directory

To begin, log in as an administrator to the Windows server.

Next, from the Start menu, select the Server Manager.

Active Directory 1

Then, select Add Roles and Features and click Next to continue.

The Beforeyou begin page provides information about the wizard that guides us through the process and instructs us to verify the stated prerequisites are in place before moving forward.

Active Directory 3

Now, select Role based or feature based installation and then click Next.

Active Directory 4

Click Select the server from the server pool, which is where Administrators will install Active Directory, then click Next.

Active Directory 5

Choose the Active Directory Domain Services checkbox on the server roles page.

Active Directory 6

A popup window will show additional required features. Click on the Add Features button, then click Next.

Active Directory 7

Keep the default settings for the Active Directory Domain Services selection, and then click Next.

Active Directory 8

The installation will prompt us to select additional features to add if desired. Keep the defaults and click Next.

Active Directory 9

Review the notes about the Active Directory Domain Services and then click Next.

Active Directory 10

Now, examine the confirmation info about the Active Directory installation and then click Install.

Active Directory 11

The Active Directory 2019 installation wizard will now run. It should take anywhere from five to thirty minutes to complete. When it finishes, click Close.

Active Directory 12b

How To Use Active Directory

In the Server Manager > Dashboard, click on the notifications icon in the top-right corner. Then, on the Post-deployment Configuration notification, click Promote this server to a website controller.

Active Directory 13

In the Deployment Configuration window, under Deployment Configuration, Select the deployment operation, and choose Add a new forest. Next, we specify the domain information for this operation by adding a Root domain name in the text box.

Active Directory 15

In the Domain Controller Options window, under the Select functional level of the new forest and root domain, keep the Forest functional levels and Domain functional levels set to Windows Server 2016 as the default level. This is the highest functional level to access the most recent or latest features.

Keep the Domain Name System (DNS) server and Global Catalog (GC) options checked. Now, type in the Directory Services Restore Mode (or DSRM) password twice, then click Next.

Active Directory 17
Note:
What is the Directory Services Restore Mode (DSRM)? The Directory Services Restore Mode (DSRM) is a specialized boot mode for fixing, recovering, or restoring Active Directory. This mode is utilized when it is necessary to log in to the server when Active Directory has been broken or when it needs to be restored.
Active Directory 19

Next, on the DNS Options page, you will most likely encounter an error at the top stating, “A delegation for this DNS server cannot be created because the authoritative parent zone nameserver cannot be found.” This error for DNS Delegation is expected since we do not have an Active Directory DNS setup yet. It is merely a notification letting us know that other domains or other private networks may not be able to resolve our domain name yet. Users can safely ignore this warning as it is expected at this point. Click Next to continue.

Active Directory 18

Now, verify and confirm the NetBIOS name and then click Next.

Active Directory 19

Next, keep the default paths for the Database, Log files, and SYSVOL folders unless different folder locations are required. Click Next to continue.

Active Directory 20

In the Review Options window, assess the options selected. Click Next if satisfied. Additionally, if Admins will perform additional installations, we can export a PowerShell script to automate future deployments. To take advantage of this option, click the Viewscript button. Should changes be required, click on the Previous button to go back and adjust the options.

Active Directory 21

In the next step, a Prerequisites Check is run. These checks are validated before the Active Directory Domain Services is installed. Please review and repair any errors by clicking the Previous button to return to the previous step if necessary. If all the prerequisites have been passed successfully, click Install.

Active Directory 22

When the installation completes, the system will notify us that our server has successfully been configured as a domain controller. The setup will then conclude by rebooting the server.

Active Directory 23

Post Installation Tasks

After the Active Directory installation completes, log back into the Server as the domain administrator. Go to the Server Manager > Dashboard and click on the Tools menu in the upper right-hand corner to see the available Active Directory resources.

Active Directory 24

Next, open the Server Manager and confirm the Active Directory Domain Service installation.

active-directory-post-installation-task-2

Lastly, confirm the DNS installation.

Conclusion

Active Directory is now configured on our Windows Server 2019. As we have seen, enabling this option allows us to manage numerous settings and tasks within the Active Directory manager. This includes adding and managing users, regulating domains, tracking access and certificates, and overseeing other system controls. Providing Administrators with a feature-rich, centralized management interface allows them to accomplish multiple tasks in one location. This saves time and effort while incorporating additional performance capabilities and functionality.

Should you have any questions regarding this information, we are always available to answer any inquiries with issues related to this article, 24 hours a day, 7 days a week 365 days a year. Our experienced support technicians can be reached via phone at 800.580.4985, support ticket, or LiveChat.

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article