Installing Active Directory
To install Active Directory you need to promote your first server to a Domain Controller. This video looks at the process of using DCPromo as well as the prerequisites required. The video also discusses DNS requirements for Active Directory. DNS is required by Active Directory in order to operate.
Demo Network Setup 01:49
Demo DCPromo 04:47
Server must have an IPv4 and/or IPv6 static address.
DNS infrastructure (either Microsoft or 3rd party).
Microsoft DNS can be installed when promoting the server.
If you install DNS during the install, set the DNS server to 127.0.0.1
The Active Directory Domain Services role needs to be installed in order for the server to be promoted to a Domain Controller. This can be done through the server manager or when using DCPromo. When you are ready to promote your server to a Domain Controller, run the command DCPromo. This will install the Active Directory binaries if required and run the wizard. If you already have an existing forest you can choose to add this server to an existing forest. If you do not have any Domain Controllers on your network you need to create a new forest.
The forest and domain functional levels affect only Domain Controllers. The domain functional level will determine which Domain Controller you can add to that domain. For example, if the domain functional level was set to Windows Server 2003, you would only be able to have Windows Server 2003 Domain Controllers and above in the domain. The forest level affects which domain levels you can have. If the forest level was set to Windows Server 2008, then only domains that have a functional level of Windows Server 2008 could be added to the forest. The higher the forest and domain levels, the more features of Active Directory that are available. If you are not sure what levels to configure, set the forest and domain functional levels low. You can always raise the functional levels but you can’t lower them.
The wizard will ask you for a recovery password. This will be used if you need to perform certain operations in Active Directory later on. For example, if you need to perform restore operations later on you can only perform these in Active Directory Recovery Mode which requires this password. For day to day activities this password is not required.
Once the server has been promoted to a Domain Controller, the local users and groups will no longer be accessible for security reasons. If you need to configure access to a resource on the server (for example, you needed to share a folder), you will need to use a domain user.