IT Training Modules - Classroom Tasks

IT Training Module3 Homepage
Home | How To | Name & IP Address | Domain Service (ADDS) | Build a Company Structure | PowerShell AD Users | Administrative Centre | Sites & Services | Password Policy | Group Policy | LDAP | Back Up AD | Azure AD |

Install Active Directory – Domain Service (AD DS)

Install the Service

AD DS is the service used to create a tree structure for a domain. It is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a network distributed database (covered later in this training). AD DS is used for identity and access management. AD DS stores and organises information about the people, devices and services connected to a network. You will use server manager to install the AD DS service. There are multiple ways to add roles and features to a 2022 server operating system, use your preferred way or follow the instructions below.

1.   Login to the AMS-DC1 Template using MRemote. Using canon\administrator Password supplied by your trainer

2.   From Server Manager, Open the Add Roles & Features wizard from server manager, option 2 or from the manage menu.

3.   On the before you begin page select next, you can also tick the skip this page box to prevent it apearing many times in this module.

4.   Select “Role-based or feature based installation” then Next.

5.   Ensure you are installing to the correct server AMS-DC1(Server manager can manage multiple servers at one time). In this module you will only have the one server available.

6.   From the “Server Roles” list select Active Directory Domain Service (ADDS).

7.   Add the required features for both services.

8.   There are no other features to install as part of ADDS so click next all the way to the end if the installation wizard. To the Confirmation page.

9.   Select restart server if required. Then Next. (your server will need to restart to complete the setup).

10.   Click Install.  

NOTE: This may take a little time. You can close the wizard when prompted.

11.   Do not close Server Manager Keep open to see when the install is completed. 

12.    You will recieve a notification in server manager when further actions are needed. Notifications are displayed by the flag in the managers title bar.

13.    Wait until the flag shows that furter action is required, clicking the flag every now and then may help speed this up.

Promote Server to Domain Controller

1.   Now you will promote your server to become a domain controller. After up to 5 minutes select the yellow triangle on the notifications area. 

2.   Select “Promote this server to a domain controller

3.   The DC promotion wizard will start. First you need to create a new forest.

4.   The domain canon.training does not exist yet. To create it you need to create a new forest. Select “Add a new forest” under “Root domain name” type canon.training

5.   First click "next" then create a password for the Domain Recovery.  

NOTE: This is a very important password in the event of Domain Controller failure/recovery.

6.   Please use "Canon-01" as the password for this exercise.

7.   Also examine the forest function level, this is important with regard to the lowest functional server in a domain. Note there is no 2019 or 2022 function level. 

Why?

8.   Simply click Next and Next again.

9.   The “Path” for the locations of the AD Database and SYSVOL are next please leave the default values.

10.   Click “Next” again for review page. Here you can also view and copy a script.

The script can be used with powershel to perform the same task as the whole GUI selections used in this excersise. Covered again later in this module.

#
# Windows PowerShell script for AD DS Deployment
#

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "canon.training" `
-DomainNetbiosName "CANON" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

11.   The “Prerequisite Check” screen will show any issues present if you upgrade this server to a DC.

The Yellow warnings are usually “Best Practice” compliance errors (important for production servers).

If you have any red errors, you will not be able to proceed.

12.   Complete the Install and restart the Domain Controller.

What changed at login ???  and Why ???

HINT: canon.training\administrator or canon\administrator

While others finish the exercise please research RODC on the internet.

  • What is a RODC?  
  • Why would you not install solutions on an RODC?
  • What is special about the passwords accessed from the RODC? 

Discuss as a group. Read Only Domain Controller (RODC)

Footer