Primary Domain Controller Setup
Note: Before you begin adding your domain controller roles make sure your target server has a static IP address.
Add PDC Roles and Features
To create a primary Domain controller start Server Manager:
- Click Manage
- Click Add Roles and Features
Click Role Based on Featured Installation and click Next followed by clicking Next again on the Server Selection page.
On the Server Roles selection page select:
- Active Directory Domain Services
- DHCP Server
- DNS Server
As each role is selected you will get a popup informing you of what features will be needed for the Server Role to function properly. Click Add Features to each pop up and then click Next.
Continue to push Next throughout following screens:
- Additional Features Installation
- AD info and best practices screen
- DHCP info and best practices screen
- DNS info and best practices screen
When you get to the confirmation screen make sure to review your settings and click Install.
Once the installation is complete you can begin configuring the server roles by clicking directly on the link on the installation progress page.
Configuring Active Directory Role.
If you closed out the roles and features installation wizard before configuring any newly installed features you can use the Server Manager. Click on the flag icon and then click Promote this server to a domain controller.
Select Add a new forest and give your root domain a name. My personal preferences here is to give the root domain an easy short name. For example AdminMonkeysLLC might be better off as just AM.local or AM.internal. As you sysadmin your way through the infrastructure the simplicity and fewer keystrokes will be a blessing.
Select your forest and domain functional level, leave the domain controller capabilities at their default settings, give your DSRM a password and click Next.
Continue to push your way through wizard by:
- Ignoring the DNS delegation error
- Verifying the NetBIOS name
- Verifying the AD Database location
- Reviewing your Configuration
- Completing the perquisite check and clicking Next.
Once the install is complete you will be forced to sign out and re-login using your newly created domain.
Creating Active Directory OUs and Users
With the Active Directory role installed the first thing I am going to do is create my OU structure followed by creating a new admin user.
Create the user account and the password policy that works best for you. In this scenario my user will be a backup admin service account with a very complex password. Because of this I have chosen not to have the password expire however if you have an active admin account on your network I’d recommend having the password changed regularly.
Next I will add this user to the Domain Admins, Enterprise Admins, Schema Admins, and Group Policy Creator Owners groups.
Note: All this groups are not necessarily needed however this will be the account I use for forest upgrades hence the Schema admins and this will be the account I use for installing my SQL Server which requires me to be an Enterprise Admin.
Finally I am going to log out of the default administrator account, login with the newly created domain admin account and disable the built in administrator account for security reasons.
Configuring the DHCP Server
Using Server Manager click on the flag icon and then click Configure DHCP configuration
This will create two new security groups:
- DHCP Administrators
- DHCP Users
You don’t have to do anything besides clicking Next however it is good to take note of the above changes.
If your still using the domain admin account we created previously you can click the Commit button to add this DHCP server to your AD.
Once the security groups have been created and the DHCP server has been authorized you can close out of the wizard.
The next step will be to open the DHCP application and then:
- Right click on IPv4
- Select New Scope…
I am going to start by creating a small scope for newly created servers. First I am going to give it a name:
Followed by an IP range. As mentioned this will be a small scope of 20 IPs between the range of 150 and 170 on a /24 subnet.
Click Next on the Exclusion and Delay screen. (Rarely should you every need to use and exclusion)
Select your DHCP lease duration. For workstations and IOT devices the default of 8 days should be fine. For my server scope I am going to change it to 1 day as I am likely going to be giving any servers on my network a static IP.
Configure your DHCP options now which will include identifying your default gateway:
Followed by listing your DNS servers. Since this is the first server on my network I will only have the one however when I add a backup I will need to edit these settings.
When finished with your first scope you will want to repeat these steps for all the VLANs you have planned out for your network.
Create a Reverse DNS Lookup Zone
Open your DNS Manager and right click on the Reverse Lookup Zones and then click New Zone…
When the New Zone Wizard begins select the following options:
- Primary Zone
- To all DNS servers running on domain controllers in the domain
- IPv4 Reverse Lookup Zone
For the Network ID your going to want to put in the first three octets of the IP your creating a reverse lookup for. When your done go ahead and repeat these steps for each IP scope you have on your network.
Your domain controller is now setup and configured to manage the 3 most vital roles in your infrastructure. Coming up next I will quickly cover setting up a backup domain controller. Stay tuned…