this video, I’m going to show you the different ways of installing a Domain Controller. But before that I just want you to know that you must install Active Directory first before you install a Domain Controller. And because we’ve already done that in the previous video, I will now show you how to install a Domain Controller in Full UI, in Core (using PowerShell) and install using a media.
First I’ll show you the steps on how to install using the Full UI. Now we’ve already done this in the previous video. But for the sake of you guys who didn’t watch the previous video, here’s how you do it.
- Assuming that you’re done installing Active Directory Domain Services. Go to your Server Manager, and click on AD DS.
- After that you’ll gonna be prompted to configure the Active Directory Domain Services, you should click on more.
- And then click on Promote this server to a domain controller.
- And then the ADDS configuration wizard will pop up. There you’ll be given three choices: Add a domain controller to an existing domain (This is if you already have an existing domain in another windows version). And then there’s the Add a new domain to an existing forest (You can use this if you already have an existing parent domain and you want to create a child domain), and lasty, the Add a new forest. This is if you are creating your first domain. In this case, I’m just gonna choose add a new forest.
- After that you’re gonna need to provide the name for your Root domain. Then click next.
- And here you’re gonna need to provide a Directory Services Root Mode (DSRM) password. . This password will be used whenever you encounter a problem within your Active Directory. Click Next.
- In the next wizard, , you can just ignore the prompt for the DNS delegation because in this case, the one we are configuring right now is the parent zone.
- After that, the system will provide a default NetBIOS (Network Basic Input/Output Domain System) domain name that matches the DNS domain name. Remember that you can only change this during the creation of the root domain. Click Next.
- In the next wizard, you may or may not encounter some warnings but you need not to worry if it’s just a yellow warning, you can just continue with the installation. But if ever you encountered a red warning, then there’s a certain prerequisite that needs to be fixed. After that click on “Rerun Prerequisites check” it can be found on the upper part of the wizard.
- And then click install.
Next I’ll show you how to install a Domain Controller in Core using PowerShell.
- The first thing you need to do is to enter powershell because we’re gonna need to execute this commands in PowerShell and not in CMD.
- Now in order to install Active Directory Domain Services type Install-WindowsFeature –name AD-Domain-Services. And press Enter.
- Once it’s done you’ll be warned about the automatic updates but you need not to worry because you already installed what you need.
- The thing we need to do then then is to install an Active Directory forest just type “install-ADDForest –domainname “hoit.com” and hit enter. After that you gonna need to enter the SafeModeAdministratorPassword and confirm it.
- And then the system will ask if you want to continue with this operation. You can just put “A” for Yes to all that’s the easiest way to go for it.
- Once it’s done, it will reboot. And now you have a domain controller.
- Then you can add other domain controllers because , seldom if ever do you have only a single domain controller in a production environment and if you have only one and it goes down then nobody’s cannot logon and no authentication can take place.
Now if you want to install your Active Directory Domain Controller from a form of Media, for example a flash drive or external hard drive. I’ll show you what you need to do. Again, you still need to install Active Directory first before installing the Domain Controllers. But before we go on what are the advantages of installing from a media?
- No initial Network needed
– The purpose of this IFM is to avoid network traffic and initially we don’t need to have a network connection. We use this to:
- Avoid large WAN Transfer
What we are going to do is to copy the data from one server to the media, maybe an external drive like a flash drive then copy it to the other server. Thereby, eliminating the need for WAN link to transfer files from server 1 to another. This will be very helpful if you need to transfer large volumes of data while having a very slow WAN link transfer rate.
- Another Advantage is that, while installing the Domain Controller only differences are synced. Thereby avoiding replication of data.
- Avoid large WAN Transfer
- And there’s the NTDS Util Parameters which are the commands we’ll use for this. So instead of powershell, we’re gonna use administrative command prompt to execute commands. And there are four different options for this.
- Create Full or Full Read and Write domain controller once it is already transferred to another domain controller via Media.
- RODC (Read Only Domain Controller that means that the other domain controller won’t have any rights to write to the Active Directory data).
- Third one is the Create SYSVOL Full (SYSVOL is a special directory in the file systems that contains important Active Directory items as well as critical types necessary to make sure that Active Directory is working properly.
- And then the last one is Sysvol Rodec.
- The only disadvantage though is that you can only copy the Active Directory via Media when you have the same Operating Sytem. For example, if you have a Windows Server 2012 and you copied it to Windows Server 2008, well, it won’t work.
So to do this, you need to:
- Run the command prompt as an Administrator and enter “ntdsutil” which is the utility for Active Directory Services.
- And then you need to enter “activate instance ntds”.
- Then “ifm”.
- Then used Create Sysvol Full and then the path where you want to store the data.
- So now it’s ready for installation. So all you have to do now is to insert the media to your server and “promote the server to the domain controller”.
- And because you already have an existing domain, you can just choose “Add domain controller to an existing domain”.
- Fill out the necessary data and then install.
Another way to install Domain Controller is through scripts in command prompt. I have prepared a script right here, which I put in a folder name “Files” in drive C, which I named “adddc.ps1” because this is a Power Shell script. To run this script, we need to:
- Run “PowerShell” first.
- And then allow the execution of the script. First let us see if it is allowed or not enter “executionpolicy”.
- And if the result is “Restricted”, you can set it to “Unrestricted” by entering “set-executionpolicy unrestricted”.
- Now you can launch the script by entering the path. And because I’m already inside the directory where I put the script I just can type “./adddc.ps1”.
- And then enter the username and password.
- Then the SafeModeAdministrator password, Confirm it and wait for it to finish.
Now, how do you Uninstall an Active Directory? Here’s how you do it.
- You can go to “Manage”
- Choose “Remove Roles and Features”.
- Click on “next”.
- Next again
- And then Uncheck the Directory Domain Services.
- Click “Remove Features”.
- And once you click “Next” and it will prompt you to click on “Demote this Domain Controller”.
- You can check on the “Force the removal of this Domain Controller”.
- Click on Next. And check the “Proceed with removal”.
- Click on Next.
- Enter the password. Confirm it. And then click on Next.
- Click on “Demote”. It will reboot and then you’re done with the Uninstalled.
But if you want to do it in Core, you gonna need to:
- Run the cmd as an Administrator.
- And then type “powershell”.
- Type “uninstall –addsdomaincontroller” and press Enter.
- And then you’re gonna need to enter a local Administrator Password. Confirm the un install.
- Type “a” which means yes to all. And then wait for the uninstall to finish.
Now if you want to upgrade from Windows Server 2008 to Windows Server 2012 and want to retain accounts in your Active Directory Controller. You’re gonna need to do the following:
- You’re gonna need to run CMD as an Administrator and run all the necessary preparations.
- First enter “adprep/forestprep” then press enter. Note that you can just do this on one Domain Controller because it will just replicate all this schema changes to the other Domain Controllers in the Organization.
- After that, we’re gonna need to execute “adprep/domainprep”.
- And once it’s done, you are now ready for upgrade. You may now insert you windows server 2012 DVD or ISO file. Then run the installation.
- Then you can go online to check and install updates.
- Then choose the server with a GUI. Click on Next.
- Then agree to the license Agreement.
- Choose “Upgrade”.
- After that click on Next.
Then after the reboot, you can check on Tools->Active Directory Users and Computers. Check the inside of your domain and you can see that the user accounts, computers and organizational unit that present in Windows Server 2008 is now present in Windows Server 2012.
Now let’s move on to “Global Catalog”. A Global Catalog is a full copy of a host domain’s objects and a partial Read-Only of other domains in same forest. It provides simpler searches across domains. For example I wanted to find the name Shane you can just type SH. And then you’ll see Shane in the results without needing to contact the source Domain Controllers. Because it uses UPN (User Principle Name) Authentication. It can also validates forest objects and have Universal Group Membership WFO. Also if you have a single domain, there will be no extra data in your Global Catalog which means there will be no burden. But if you have multiple domains, then the Global Catalog will contain objects from all the domains this is how you make a Domain Controller a Global Catalog. First you gonna need to:
- Go to Tools.
- Then choose Active Directory Sites and Services.
- And from here you can select to make one domain controller a global catalog or not.
- Right click on NTDS Setting. Then click on Properties.
- And from there you can see the Global Catalog.
Now before we end our video, let me just discuss to you the four types of Trust relations. The first on is the:
- “External Trust” is a domain located in a separate forest that is not joined by a forests trust.
- The second on is the “Shortcut”, it is used to improve user logon times between two domains within Windows Server 2003. This is useful when two domains are separated by two or more child domain trees.
- The third one is called “Realm”, it is used to form a trust relationship between non-Windows domains and Windows domains. For example a wrong relationships between Windows and a Linux Domain.
- And lastly the “Forest Trust”, this gives full transitivity between 2 Forests and all its domains.
And now we are done with Active Directory Domain Controller Installations and Trust Relations.