An Active Directory deployment may seem straightforward, but it takes a bit of groundwork to set up a Windows Server 2016 domain controller.
Active Directory Domain Services needs to be installed and managed by an IT administrator with a background in Windows Server 2016 and Windows environments. They should research the Active Directory (AD) domain controller deployment thoroughly using Microsoft and other documentation, but this tip covers the basics to get you started.
Set up the server and Active Directory
The road to deploying AD starts by finding a suitable server to run Windows Server 2016. Administrators can use a physical machine with flash or DVD media, but more often they install AD on a VM.
The server that runs the Windows Server 2016 domain controller has few comprehensive system requirements. The compute demands can vary dramatically, depending on the size and complexity of the data center. To be safe, deploy to a server that exceeds the system requirements and a cluster for better AD performance and resilience. For example, a typical AD server might use a two-core processor, 8 GB of memory, 60 GB of disk space and a high-performance network adapter, such as VMXNET3.
Once Windows Server is installed and configured with critical information such as a server name, IP address and all OS updates, start to set up Active Directory. The Add Roles and Features wizard walks you through the selection of the desired server and proceeds with the installation of the Active Directory Domain Services. When prompted, add desirable features, such as group policy management and role administration tools. You will also need domain name services (DNS) installed on the server. If the server does not have DNS, it will be installed.
How to create the Windows Server 2016 domain controller
Now, create the domain. After a successful installation of roles and features for AD, promote this server to a domain controller.
After the deployment configuration wizard starts, add a new forest and enter a meaningful name. A domain-controller-options dialog will ask for a password to run recovery and restore Directory Services; be sure to use a different password than the server administrator password.
Skip the DNS Options dialog and move on to the Additional Options dialog to be sure the NetBIOS name is the correct prefix of your local domain. Next, set the proper paths for the database, log files and system volume folders. Review all of the options and make any necessary changes.
A prerequisites check will confirm the configuration is ready or report any errors with the setup. There are usually some warnings, but with a message such as, “All prerequisite checks passed successfully,” it is possible to complete the installation of the desired AD configuration. Windows will restart to complete the installation, and the administrator can log back into the system to fix any remaining issues, such as DNS server IP configurations. Check applications to see that they work and that the internet is available, and recheck the server’s dashboard to verify the domain is OK.
How to add users to Windows Server 2016 domain controller
Now that the AD domain controller is running, it’s time to add users. Open the Tools menu and select Active Directory Users and Computers. Expand the domain, select Users and click the New User button. Complete the name and details for the new user in the New Object — User dialog. Now, set a password and decide whether and when the password will expire. Review and accept the user details.
Add the new user to the correct group. For example, the first user — the one completing this task — is usually the AD administrator. So, right-click the user, select Properties, choose the Member Of tab in the user’s Properties dialog and add the user to the Administrators group. From that point, the administrator can access the AD domain controller using their own credentials.
Finally, administrators can add more users and other objects to the AD database, set rights and perform other Active Directory tasks.