How to Install Active Directory from Windows Server 2012 Server Manager

This post will go over the initial installation process of Active Directory in a Windows Server 2012 environment.  We will go over creating a new forest and domain.  Later posts will discuss installing a new domain controller in the forest.

Active Directory today is a cornerstone of permission and access management in many businesses and is critical to the infrastructure of many businesses.  We will discuss the installation process and some basic configuration of a multi-site infrastructure over the next few posts.

I will cover some best practice information regarding sites and OU structure but ultimately the design and implementation of your Active Directory infrastructure is dependent on your business needs.

Installing Active Directory from Windows Server 2012 Server Manager

To start, we want a clean installation of Windows Server 2012 with minimal configuration on the system to keep our Active Directory services separate from other services in the network.  IT is recommended to maintain a stand alone Active Directory system so there is minimal downtime and interruption to this critical service.

• Start Server Manager and Select Add roles and features from the Dashboard 

• Before you begin: Click Next
• Select installation type: Select Role-based or feature-based installation and Click Next
• Select destination server: Choose Select a server from the server pool and be sure the local server is highlighted in the Server Pool list box, then Click Next

• Select server roles: Select Active Directory Domain Services 

• This will launch the Add features that are required for Active Directory Domain Services? window.  Select Add features then click Next
• Select features: Click Next

• Confirm installation selections: Click the Restart the destination server automatically if required check box and click Install

Run Active Directory Domain Services Configuration Wizard

Add a New Domain Controller to an Existing Windows Server 2012 Forest or Domain

• After the installation completes, you will notice a notification in the Notifications window.  Click the flag and click the link Promote the server to a domain controller

• This will launch the Active Directory Domain Services Configuration Wizard
• Deployment Configuration: Select Add a new forest radio button and enter the new Root domain name.  In this case we are calling the new forest testlab.local. Click Next

NOTE: Using the .local extension for the domain will ensure that the namespace will not interfere with any public DNS zones that we will be using later down the road for e-mail services and will make it easier to segregate internal versus external services.  I highly recommend using disjointed namespaces for any environment so you can better control data traffic in the domain.  To do this simply avoid the common extensions of .com, .edu, .gov, net, .biz, .org, etc...

• Domain Controller Options: Select the Forest functional level and the Domain functional level.  We will not be adding any domain controllers older than Windows Server 2012 so we will choose Windows Server 2012 for both Domain and Forest functional levels.
• Domain Controller Options: If this is the first server in the domain, be sure to select both the Domain Name System (DNS) server and  Global Catalog (GC) check boxes.
• Domain Controller Options: Finally, type in the password for restoring the Directory Services database and be sure to save the password in a safe place.  When you need it, you will really need it so it should be documented. Then click Next
• Understanding Forest and Domain functional levels

• DNS Options: You will notice a warning at the top of the page with the above error.  Basically, it is stating that the zone testlab.local cannot be found so delegation cannot be setup.  This is expected since the zone has not been created yet.  Go ahead and acknowledge the warning and click Next

• Additional Options:  Verify the NETBIOS name of the domain and click Next
• The NETBIOS name is what I call the short name of the domain and is what is referenced when logging into the domain with a user. ie. TESTLAB\Administrator instead of the FQDN testlab.local\Administrator.
• Microsoft is working on phasing out NETBIOS names and has removed the functionality from DNS as a default in Server 2012 but it still remains and can help make name lookup a little easier.  For now, understand that it exists and that it is essentially the domain name from before without the extension.

• Paths: Verify the paths for the AD database, Log files and SYSVOL share and click Next
• The AD database and SYSVOL location can be changed but is usually left as default.  Personally, I install all DCs with a single partition and keep the system very trim so I never change the path of the database or SYSVOL share.

• Review Options:  Look over all of the settings and verify they match what you expect and click Next
• You can also click View Script to see the Powershell command being sent to the system. The script can be seen above.

• Prerequisites Check: This will validate that the server is ready for Domain Services and will show a couple warnings about NT 4.0 compatibility and the same warning from the DNS delegation screen.  These are expected.  Click Install to begin the installation of the first DC in the forest.
• NT 4.0 Compatibility
• If you checked the  Restart the destination server automatically if required when installing domain services role the server will reboot automatically after the installation is complete.

• When you get to the login screen you will see the NETBIOS name pre-populated and will now be logging in to the domain whenever accessing this server.

This concludes the installation of Active Directory from Windows Server 2012 Server Manager.

I hope this was helpful and informative to you and I would appreciate any feedback you may have.