In this post, we will see the process of implementing a new forest for an Active Directory environment using Windows Server 2016. This will be done initially by installing the corresponding role and then by promoting the server to be the first Domain Controller (DC). At the same time, we will also install the DNS role to exploit the capabilities of Active Directory-integrated zones.
In essence, the process is done in two steps:
- Install the Active Directory Domain Services role
- Promote the server to a Domain Controller
Before proceeding, you might want to have the server set up with a static IP address (for the most common implementations) as well as changing the Windows Server name according to your company’s naming standards.
Install the Active Directory Domain Services role
Open Server Manager, click Manage and then Add Roles and Features.
Immediately afterward, the wizard window will open. In the Before You Begin section, click Next to continue.
In the Installation Type section, select Role-based or feature-based installation and click Next to continue.
In the Server Selection section, make sure that the server you want is selected and click Next to continue.
Under Server Roles, select Active Directory Domain Services. Once you do this, you will be asked to add some additional features. Click the Add Features button and then click Next to continue.
In the Features section, you do not have to choose something, just click Next to continue.
In the AD DS section, some information about AD DS is displayed, just click Next to continue.
Finally, in the Confirmation section, click the Install button to proceed to install the role.
Promote the server to a Domain Controller
Once the role installation is completed, if you do not close the window, you will be prompted to promote the server to a Domain Controller (DC).
Alternatively, you can open the same window through Server Manager, as shown in the figure below.
In essence, this is the Active Directory Deployment Configuration wizard that will guide you to create the first forest in an Active Directory environment.
In the Deployment Configuration section, as far as the first forest is concerned, enable the Add a new forest option, and then type the desired domain name. In my case is meraki.edu.
Under Domain Controller Options, select Forest and Domain Functional Level. If this is your first forest on a Windows Server 2016, leave the default values. Otherwise, if there are other Domain Controllers in your business infrastructure, you should know the functional level of the others before proceeding to the necessary actions.
Enable the Domain Name System (DNS) server option to also install the DNS role on the same server if you have not done so before.
Also, type (twice) the Directory Services Restore Mode (DSRM) password, make sure to record it in your documentation and click Next to continue.
In the DNS Options sub-section, you will see if you install the DNS role, a warning message appears, but it does not need to worry you for the moment. Simply click Next to continue.
In the Additional Options section, leave the default NetBIOS name and click Next to continue.
In the Paths section, select where the NTDS, SYSVOL, and LOG folders will reside on your server. In my case I will leave the default values, you can choose another disk based on your preferences and setup.
In the Review Options section, you will see a summary of the settings you have selected. Once you’re sure you have not made a mistake, click Next to continue.
In the Prerequisites Check section, the prerequisites will be checked (duh). Here, if even one error occurs, then you will not be able to continue and you will need to fix it before proceeding. Otherwise, if only warning messages (which are the most common) are displayed but the check has ‘passed’ as shown in the picture, click the Install button to proceed.
At this point, you will need to wait a few minutes until the installation process is completed. The server will automatically reboot immediately afterward.
After your reboot, your first Domain Controller and Active Directory infrastructure are ready!