Before we get to the installation, there are a few things to check to make sure the server is ready. Check that DNS is installed and functioning, and that there are no major event log errors. Next, make sure the system is fully updated with the latest Service Packs installed.
Ideally, you will only want 1 NIC in the server to avoid duplicate IP addresses being resolved to the same name in DNS, which can generate several event log errors and warnings relating to AD and DNS services. If 2 NICs are in place on the server, set only 1 of them to be able to register with DNS as shown below.
Now begin the AD installation process to turn a Windows 2012 Server into a Domain Controller (DC) Server by logging onto it as the Local Administrator and using the Server Manager Dashboard.
Note: Unlike its predecessors, Windows 2012 no longer has a DCPROMO command as a means to do an all in one installation of Active Directory Services.
To get started, first open Server Manager and add the AD service and roles.
Note the preinstallation tasks listed on the next screen.
On the next screen, choose “Role-based or feature-based installation”.
Select the server to install AD onto (the local server in this scenario).
Next, select “Active Directory Domain Services”.
On the next screen, simply click “Next” to install dependent services and roles.
The next screen explains that a DNS server is required for active directory. If there isn’t one available, that role will be installed on this server. There is also a recommendation of having at least 2 domain controllers on the network. Click “Next”.
Next is a confirmation of your settings. Click “Install”.
Active directory has now been installed, but requires configuration.
The next step in the process is to convert this server into a domain controller. Select the “AD DS” section in Server Manager, and via the “Notifications” or “More” prompt for configuration, click on “Promote this Server to a Domain Controller”
On the next screen, you will be prompted to add this new DC to an existing domain, add a new domain to an existing forest, or add a new forest. In this example, we’ll add our server to an existing domain.
If adding an additional DC Server that is a Windows 2012 Server to an existing Domain you must first do the following:
- Ensure the existing Domain Forest Functional Level is Windows 2003 or higher.
- You must also prep the existing Windows Forest Schema with the following commands:
- ADprep /forestprep
- ADprep /domainprep
The ADprep.exe program is supplied on your Windows 2012 DVD in the \support\adprep folder. The images below show the process of running ADprep /forestprep.
Next, we must run the ADprep /domainprep command as shown below.
Now back to the promotion of our server. Next, we need to set the domain and forest functional levels, set the other roles this DC will have (Global Catalog, DNS), and set a passord for the DS restore administrator account. When setting the domain and forest functional levels, you need to specify what types of DCs you have within those entities. The possibilities are:
- All DCs Windows 2003
- All DCs Windows 2008
- All DCs Windows 2008 R2
- All DCs Windows 2012
- Mixture of Windows 2008 and 2003 DCs
- Mixture of Windows 2008 R2 and 2003 DCs
- Mixture of Windows 2008 and 2008 R2 DCs
- Mixture of Windows 2003 and 2012 DCs
- Mixture of Windows 2008 and 2012 DCs
- Mixture of Windows 2008 R2 and 2012 DCs
Higher levels enable new unique functionality in Active Directory.
During AD configuration, a DNS delegation is attempted to be created to ensure that computers can resolve DNS queries for hosts, including domain controllers and member computers for the Domain being constructed (i.e. Testing.local in this scenario). If you already have installed and configured DNS you do not need to create A DNS delegation, and this can be ignored.
Enter the NETBIOS version of the Fully Qualified Domain Name (FQDN) chosen for this domain. In this scenario, NETBIOS name = TESTING and FQDN name = TESTING.local.
Next, we specify the locations for the database folder, log files, and SYSVOL folder. The default locations are shown in the image below. SYSVOL is a shared folder that AD creates in %System_Drive%\win_dir\SYSVOL\sysvol. It will hold policies and scripts that can be used within the domain environment.
Next is a summary of the AD configuration settings that have been selected. The “View Script” button allows you to view and save the PowerShell script commands that will be used to carry out the AD configuration for additional installations. This topic will be discussed more later.
This is what the PowerShell script looks like:
The next screen is a pre-requisite check to ensure all conditions are met for this Windows 2012 Server to become a DC Server running the AD services.
Press the “Install” button and the installation will begin. After the AD configuration completes, the system reboots automatically. You now logon as the Domain Administrator who has a password set to that of the Local Administrator for now. After logging in, there will now be AD Tools including the main Admin Console called “Active Directory Administrative Center” and more familiar “AD Users and Computers”, “AD Sites and Services”, etc as shown below.
Additional Installation Methods:
You can install AD onto a Server using the GUI we have just used or a Windows Powershell command prompt using the command:
You can also carry out an Advanced Installation using an “Install From Media” (IFM) option) of AD onto a Server using either Powershell commands or the GUI. With an Advanced Mode AD installation\configuration, you can install AD from an existing backed up AD database file (NTDS.DIT) as highlighted on the previous image via the “Install-ADDSDomainController” command with the “–InstallationMediaPath ” option.
Typically, in such a scenario you would be installing AD to create an additional DC for an existing domain, rather than creating a new domain and waiting for AD replication to occur.