Site icon REBELADMIN

Step-by-Step Guide to install Active Directory in Windows Server 2019 (PowerShell Guide)

Finally waiting game is over, Windows server 2019 is now available for public. So, it is time to start planning for your production migrations. In this demo I am going to demonstrate how we can setup Active Directory 2019 with new AD forest. I will discuss new features of AD 2019 in a later post. 

In below, I created a checklist which we can use to track the progress of installation. 

Active Directory Domain Service Installation Check List for First Domain Controller

Produce Active Directory Design Document 

Prepare Physical / Virtual resources for Domain Controller

Install Windows server 2019 Standard / Datacenter

Patch Servers with latest Windows Updates

Assign Dedicate IP address to Domain Controller

Install AD DS Role

Configure AD DS according to Design

Review logs to verify the healthy AD DS installation and configuration

Configure Service and Performance Monitoring 

AD DS Backup / DR Configuration 

Produce System Documentation 

Design Topology
 
As explain in the above figure, in my demo environment, rebeladmin.com will be the forest root domain. The first domain controller install on the forest will hold all five FSMO roles. Once additional domain controllers are in place you can place them in appropriate locations. 
 
1. To start the configuration, I logged in to Windows server 2019 server as local administrator. 
 

2. I already change the name of the pc to a meaningful one. Then need to check the ip config. in my initial config it got a DHCP IP. We need to change it to static first. (Get-NetIPAddress)

 
 
3. To set the static ip, we can use, 
 
New-NetIPAddress -InterfaceIndex 4 -IPAddress 192.168.61.100 -PrefixLength 24 -DefaultGateway 192.168.61.2
 
In above, InterfaceIndex can find using Get-NetIPAddress  command. 
 
 
4. Next step is to set DNS Ip addresses. The primary dc also going to act as DC so we need to set it as the preferred DNS. We can do this using Set-DnsClientServerAddress -InterfaceIndex 4 -ServerAddresses ("192.168.61.100","8.8.8.8")

After config, we can verify it using ipconfig /all.
 
 
5. Before the AD configuration process, we need to install the AD DS Role in the given server. In order to do that we can use Following command. 
 
Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools
 
This is not required reboot to complete the role service installations. 
 
 
1) Now we have the AD DS role installed, next step is to proceed with the configuration
 
Install-ADDSForest `
-DomainName "rebeladmin.com" `
-CreateDnsDelegation:$false ` 
-DatabasePath "C:\Windows\NTDS" ` 
-DomainMode "7" ` 
-DomainNetbiosName "REBELADMIN" ` 
-ForestMode "7" ` 
-InstallDns:$true ` 
-LogPath "C:\Windows\NTDS" ` 
-NoRebootOnCompletion:$True ` 
-SysvolPath "C:\Windows\SYSVOL" ` 
-Force:$true
 
Following table explain the PowerShell arguments and what it will do. 
 

Argument

Description

Install-WindowsFeature

This cmdlet will allow to install windows role, role services or windows feature in local server or remote server. It is similar to using windows server manager to install those.

IncludeManagementTools

This will install the management tools for the selected role service.

Install-ADDSForest

 

This cmdlet will allow to setup new active directory forest. 

-DomainName

This parameter defines the FQDN for the active directory domain.

-CreateDnsDelegation

Using this parameter can define whether to create DNS delegation that reference active directory integrated DNS.

-DatabasePath

This parameter will use to define the folder path to store active directory database file (Ntds.dit)

-DomainMode

This parameter will specify the active directory domain functional level. in above I, have used mode 7 which is windows server 2016. Windows server 2019 doesn’t have separate domain functional level.

-DomainNetbiosName

This defines the NetBIOS name for the forest root domain.

-ForestMode

This parameter will specify the active directory forest functional level. in above I, have used mode 7 which is windows server 2016. Windows server 2016 doesn’t have separate forest functional level.

-InstallDns

Using this can specify whether DNS role need to install with active directory domain controller. For new forest, it is default requirement to set it to $true.

-LogPath

Log path can use to specify the location to save domain log files.

-SysvolPath

This is to define the SYSVOL folder path. Default location for it will be C:\Windows

–NoRebootOnCompletion

By default, system will restart the server after domain controller configuration. using this command can prevent the automatic system restart.

-Force

This parameter will force command to execute by ignoring the warning. It is typical for the system to pass the warning about best practices and recommendations. 

 
6. Once execute the command it will prompt for the SafeModeAdministrator Password. This is to use in Directory Services Restore Mode (DSRM). Make sure to use complex password (According to windows password complexity recommendations). Failure to do so will stop the configuration. 
 
 
7. Once configuration complete, reboot the domain controller and log back in as domain administrator. 
 
Let’s do further check to confirm the successful installation of the services. 
 
Get-Service adws,kdc,netlogon,dns
 
Above command will list down the status of the active directory related services running on the domain controller.
 
 
8. Run Get-ADDomainController – It will list down all the configuration details of the domain controller.
 
 
9. Run Get-ADDomain rebeladmin.com , It will list down the details about the active directory domain. 
 
 
10. Same way Get-ADForest rebeladmin.com will list down the active directory forest details. 
11. Get-smbshare SYSVOL will show if domain controller sharing the SYSVOL folder. 
 
As we can see AD DS components are installed and configured successfully. This marks the end of this blog post. If you have any further questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.
Exit mobile version