Table of Contents
Introduction
In continuous to my previous post of Windows Server Core series, today we will see how to install,Configure and manage our first domain controller in a windows server 2019 core OS.
Please check below post for how to install a server 2019 core OS on a Microsoft hyper-V VM
Pre-Requisites
In my previous post we have installed server core 2019 on server named as CoreDc-01
Before we install AD-DS role, we need to assign a static IP on the server. To do the same, login to server CoreDc-01 and type #sconfig
You will see following screen. For Network Setting , Type 8 and press Enter
For the next steps, just follow the options and get the static IP configured.
Install AD-DS Role
Now lets do a wildcard search for AD roles/features. Run below command in PowerShell
You can install with or without management tools. So choose as per your wish 🙂
Get-WindowsFeature *AD*Install-WindowsFeature AD-Domain-Services –IncludeManagementTools
We will install AD-Domain-Services using below command
Install-WindowsFeature AD-Domain-Services
After the installation completed, you will see below screen
Promote – Domain Controller
Now we will promote the server as a Domain Controller. To do that follow below steps:
Step-1: – Import ADDSDeployment Module
Step-2:- Create the Forest
Install-ADDSForest -CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "testlab.com" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
Parameter Explanations:
-DatabasePath – File System path to store AD Database
-DomainMode “WinThreshold” ` – Available latest Domain Functional Level
-DomainName – Name of your Forest/Domain
-ForestMode “WinThreshold” ` – Available latest Forest Functional Level
-InstallDns:$true ` – This will install DNS role
-LogPath – File System path to store AD related log files
-NoRebootOnCompletion:$false ` – This will reboot the server after installation completed
-SysvolPath “C:\Windows\SYSVOL” ` – This is self explanatory
-Force:$true – This is self explanatory
After you run the above command in Powershell, next it will ask for DSRM password
Enter password and press enter
DC promotion started
After DC promotion completed, it will kick off the server reboot
After the server reboot, we are all set with our first domain controller in forest/domain testlab.com
Managing the Active Directory
Now to manage the AD infra, we have two options – Powershell OR through GUI based RSAT tools.
As the DC is having Windows Core OS, so if we login to DC, the only option to manage the AD objects is by Powershell
However most of us very much interested to perform the AD tasks via ADUC,GPMC etc consoles.
So from here we will not login to DC to perform AD tasks, rather install another member server OR windows10 client PC and install RSAT tools for AD.
I have a created another VM having Windows10 OS ( You can install other OS such as Server 2012 R2, 2016 or 2019 – Latest is better 🙂 )
Note: Since Windows10 version 1809 and Later, there is a different way to install RSAT tools. See below link
https://www.prajwaldesai.com/install-rsat-tools-on-windows-10-version-1809/
My Windows10 version is 2004, hence I have followed above link to install AD RSAT tools.
After you install RSAT tools, Join the Windows10 PC in to Domain (testlab.com)
After the PC joined to domain, open the respective RSAT tools to start managing your Active Directory
Go to RUN – Type “dsac.msc” > It will display ADUC console as below
Go to RUN – Type “gpmc.msc” > It will display Group Policy Management console
Go to RUN – Type “dnsmgmt.msc” > it will display DNS management console ( you need to choose DC fqdn to connect )
All good till now 🙂
We have successfully installed a server core 2019 server, installed AD role, Promoted as first DC and able to manage graphically via RSAT tool from a different GUI based PC.
That’s it for today guys! will see you in my next post
Till the stay safe and happy reading!!!