Step-by-Step guide to setup Active Directory on Windows Server 2016

Long wait is over for windows server 2016 and its available for public from Oct 12, 2016. So most looking for upgrade paths or at least start testing in their lab environments. (if it wasn’t brave enough to try with technical previews  ).

What is new in Active Directory? 

There are interesting new features such as time based group membership, privileged access management etc. but in this post I am not going to discuss those as I am going to write separate articles to provide more info about those new features. But still you can find more details https://technet.microsoft.com/en-us/windows-server-docs/identity/whats-new-active-directory-domain-services

In this post I am going to demonstrate how to install active directory on windows server 2016.

Before the AD install it is important to understand what is the minimum requirement to install windows server 2016. This information can find in https://technet.microsoft.com/en-us/windows-server-docs/get-started/system-requirements–and-installation

Processor

• 1.4 GHz 64-bit processor

• Compatible with x64 instruction set

• Supports NX and DEP

• Supports CMPXCHG16b, LAHF/SAHF, and PrefetchW

• Supports Second Level Address Translation (EPT or NPT)

Coreinfo is a tool you can use to confirm which of these capabilities you CPU has.

RAM

• 512 MB (2 GB for Server with Desktop Experience installation option)

• ECC (Error Correcting Code) type or similar technology

Storage controller and disk space requirements

Computers that run Windows Server 2016 must include a storage adapter that is compliant with the PCI Express architecture specification. Persistent storage devices on servers classified as hard disk drives must not be PATA. Windows Server 2016 does not allow ATA/PATA/IDE/EIDE for boot, page, or data drives.

The following are the estimated minimum disk space requirements for the system partition.

Minimum: 32 GB

Network adapter requirements

Minimum:

• An Ethernet adapter capable of at least gigabit throughput

• Compliant with the PCI Express architecture specification.

• Supports Pre-boot Execution Environment (PXE).

A network adapter that supports network debugging (KDNet) is useful, but not a minimum requirement.

So in my demo I am using a virtual server with windows server 2016 datacenter. In order to setup active directory we need to log in as local administrator. First thing to check is IP address configuration.

1) Once Active directory setup on the server, it also going to act as DNS server. There for change the DNS settings in network interface and set the server IP address (or local host IP 127.0.0.1) as the primary DNS server.

2) Then open the server manager. Go to PowerShell (as administrator) and type ServerManager.exe and press enter.

3) Then on server manager click on add roles and features

4) Then it opens the add roles and features wizard. Click on next to proceed.

5) Then in next window keep the default and click next

6) Since its going to be local server, in next window keep the default selection.

7) In next window from the roles put tick box for active directory domain services. Then it will prompt to show you what are the associated features for the role. Click on add features to add those. Then click next to continue.

8) The features page, keep it default and click on next to proceed.

9) In next windows it gives brief description about AD DS service. Click next to proceed.

10) Then it will give the confirmation about install, click on install to start the role installation process.

11) Once done, it will start the installation process

12) Once installation completes, click on option promote this server to a domain controller.

13) Then it will open the active directory configuration wizard. In my demo I am going to setup new forest. But if you adding this to existing domain you can choose relevant option. (I am going to write separate article to cover how you can upgrade from older version of Active Directory). Select the option to add new forest and type FQDN for the domain. Then click next.

14) In next page you can select the domain and forest functional levels. I am going to set it up with latest. Then type a password for DSRM. Then click next

15) For the DNS options, this going to be the first DNS server in new forest. So no need any modifications. Click next to proceed.

16) For the NETBIOS name keep the default and click next 

17) Next page is to define the NTDS, SYSVOL and LOG file folders. You can keep default or define different path for these. In demo I will be keeping default. Once changes are done, click next to continue

18) Next page will give option to review the configuration changes. If everything okay you can click next to proceed or otherwise can go back and change the settings.

19) In next windows it will do prerequisite check. If it’s all good it will enable option to install. Click on install to begin installation process.

20) Then it will start the installation process.

21) After the installation system will restart automatically. Once it comes back log in to the server as domain admin.

22) Once log in open the powershell (as administrator) and type dsac.exe and press enter. It will open up the active directory administrative center. There you can start managing the resources.

23) Also you can use Get-ADDomain | fl Name,DomainMode and Get-ADForest | fl Name,ForestMode from powershell to confirm domain and forest functional levels

Hope this was helpful and if you have any questions feel free to contact me on rebeladm@live.com