Windows Lab 3 - Installing Active Directory
In this lab we will be promoting both servers to Domain Controllers. We will then add each server to Server Manager so we can centrally manage our servers. Both Server01 and Server02 need to be powered on for this lab.
Installing Active Directory on Server01
At this time we should have two Windows servers named Server01 and Server02. Both servers should be able to talk to each other over our network. Now we'll install the Active Directory Domain Services role on Server01. This will only install the role, once we're done we will promote the server, turning it into a Domain Controller for a new domain.
Log in to Server01 and open Server Manager if it doesn't open automatically. In Server Manager click Add roles and Features. If the Quick Start panel is hidden you can access this by clicking the Manage drop down.
The first screen of the Add Roles and Features wizard will show a summary of what the wizard will do and what's needed to run the wizard. Click Next.
The next screen will ask if you are trying to install a role or feature, or if you're trying to turn this server into a VDI (Virtual Desktop Infrastructure) based environment. We're installing a role with its corresponding features. Click Next.
The Server Manager tool can be used to manage multiple servers. This is something we'll see later in the lab when we add Server02 to Server01's Server Manager. This can be used to view information about other servers, as well as performing management tasks. We can use the Server Manager on Server01 to install a role on Server02. This can be handy if you want to remotely manage a server running without the desktop experience. Click Next.
You're presented with a list of server roles. Find Active Directory Domain Services and select it.
When you select a role it will display a dialog box with a list of features needed by the role and give you the opportunity to add them then. Click Add Features.
Now that Active Directory Domain Services is selected click Next.
You'll be presented with a list of features that can be installed. The features that appeared in the previous popup will already be selected, we don't need any additional features. Click Next.
The next screen summarizes what Active Directory Domain Services is, as well as giving you some best practices. You're informed that you should have a least 2 domain controllers, which we're going to do. It also lets you know that DNS is needed which we'll see later. At the bottom is a description of their cloud version of Active Directory. Click Next.
The confirmation shows you a summary of what changes will be made. Click Install.
The install will start running. While it's running you can click close at the bottom and it will keep running in the background. Click Close.
Promote Server01 to a Domain Controller for a New Domain
Server01 should have the role Active Directory Domain Services installed. The next step will be to promote the server to a domain controller.
After Active Directory Domain Services is installed on the server you'll see a yellow triangle at the top of Server Manager. When you click the flag icon you'll see an option to Promote this server to a domain controller. Click the link. If the required option to promote the server is missing from the Server Manager then click the refresh button at the top.
This screen will give us the opportunity to create our new domain. Choose the option Add a new forest and type in gotohull.com for the root domain name. Click Next.
On the Domain Controller Options screen keep the defaults and type in P@ssw0rd for the Directory Services Restore Mode password. The server will also become a DNS server since the Domain Name System checkbox is selected. When setting up our servers IP information we set each to point to Server01 for DNS so installing DNS on Server01 will make that setting work properly. Click Next.
On the DNS options screen you'll see a warning about not being able to create a delegation for the DNS server. Since we don't have a DNS server the installation wizard will install it for us so we don't need to worry about this message. Click Next.
After a few seconds the NetBIOS name will automatically populate with GOTOHULL. The NetBIOS name will be used for legacy naming reasons. Click Next.
The default paths for the database, logs and SYSVOL are fine. If we had multiple drives we might consider separating these to different volumes for performance reasons, but in our environment this is fine. Click Next.
The Review Options will show you a summary of the options you selected. You can also click on View script to see a PowerShell command that will do everything the wizards about to do. Click Next.
The Prerequisites Check will pass with a couple warnings. Click Install to start the installation.
After the server is configured as a domain controller it will automatically restart.
At the log on screen you'll see a small change. You're now logging into the domain as administrator as apposed to logging into the computer as administrator. Active Directory has replaced the local SAM (Security Account Manager) database of usernames and passwords, when you sign in you can only sign into the domain. Log in as administrator using P@ssw0rd as the password.
When Server Manager opens you'll see two new options on the left side. You'll see AD DS for Active Director Domain Services, as well as DNS. Now we're going to switch over to Server02.
Join Server02 to the New Domain
We're going to join Server02 to the newly created gotohull.com domain. Log in to Server02 as administrator if you haven't done so already.
Select option 1 to join the domain.
Hit d to choose to join a domain. Type in gotohull.com as the name of the domain. The username will be gotohull\administrator and the password is P@ssw0rd. When asked if we want to change the computer name answer n for no, then hit y to restart the server.
Server02 is now a member of the domain but is not a domain controller. This means we can log into the local computer as well as the domain. When the server returns to the login screen we want to log in to the domain but it's asking for the password of the local administrator account. Hit Esc to leave this prompt.
You'll be asked how you would like to sign in as Administrator, but we don't want to sign in with the local account so hit Esc.
Arrow down to Other user and hit enter.
By default it will try to log you into the domain.
When you type in administrator it will assume you want to log into the local computer. You can see this when you type in administrator, the sign in to section will change from gotohull.com to server02. We need to tell the server we want to log into the domain.
Type in the User Principal Name (UPN) for the administrator of the domain, firstname.lastname@example.org and a password of P@ssw0rd. The User Principal Name will tell the server you want to log in to the domain.
Install Active Directory Domain Services on Server02
We're going to remotely install Active Directory Domain Services on Server02 using Server Manager on Server01, before we can do that we're going to add Server02 to Server Manager on Server01.
In Server Manager click the Manage dropdown menu and click Add Servers. You could also click option 3 in the welcome message.
Type in Server02 and click Find Now to search for the server. Select Server02 in the results and click the arrow to add it to the list. Click Ok when done.
Now that you can manage Server02 from Server one start the add roles wizard to install Active Directory Domain Services. When you're on the screen to select the server choose Server02.
During the installation you'll see the destination server listed as Server02.
Promote Server02 to a Domain Controller for an Existing Domain
Once the Active Directory Domain Services role is installed start the process to promote the server to a domain controller.
In the Deployment Configuration screen we're going to select a different option this time. We already have a domain, now we want to add a second domain controller. We're going to select Add a domain controller to an existing forest. We need to provide an account to perform the install with. Click the Change button.
Type in administrator for the username and P@ssw0rd for the password. Click Ok.
Now we're ready to move forward, click Next.
We don't want the second server being a DNS server so uncheck Domain Name System (DNS) server. Enter P@ssw0rd for the Directory Service Restore Mode password. Click Next.
Additional Options, click Next.
Paths, click Next.
Review options, click Next.
Prerequisites Check, click Install.
The server will restart when complete.
Now Server Manager will show two server running Active Directory Domain Services and one server running DNS. We're done with the welcome screen on Server Manager, click Hide.
Now we can see the Server Manager acting as a dashboard showing use the status of all our servers and their roles in one spot. If you have some services that aren't running resulting in red boxes that's ok.
Once you're complete shut down both servers and take snapshots of both machines called Lab 3 Complete.