How to Setup Active Directory on Windows Server 2022: Step-by-Step Guide

Step-by-step Guide of How to Setup Active Directory on Windows Server 2022

How to Setup Active Directory on Windows Server 2022: Step-by-Step Guide

Home ยป Cookbook ยป How to Setup Active Directory on Windows Server 2022: Step-by-Step Guide
Unlock the full potential of Windows Server 2022 with my step by step guide on setting up Active Directory - a cornerstone feature for enhanced security and centralized management in enterprise environments.
Table of Contents

This is a comprehensive guide on ‘How to Setup Active Directory on Windows Server 2022’. If you’re asking yourself, ‘What is Active Directory?‘ or looking for the best ways to implement Windows Active Directory in your network, you’ve come to the right place. Active Directory, the backbone of Microsoft AD (Active Directory Domain Services), is an essential tool for any Windows server environment.

In this cookbook, we’ll dive deep into the steps to setup Active Directory on Windows Server 2022, ensuring you have a clear understanding of this powerful feature. We’ll cover everything from the basics of Windows Active Directory to the more advanced configurations, providing you with all the knowledge needed to efficiently manage and secure your network. Whether you’re a seasoned IT professional or just starting, this guide will help you harness the full potential of Active Directory on your Windows server.

Why don’t Active Directory admins tell secrets?
Because they have too many “trust relationships” to maintain!

– RooSho

What is Active Directory?

Imagine a giant rolodex for your entire office, but instead of names and phone numbers, it stores information about all the computers, users, printers, and other things on your network. That’s basically what Active Directory (AD) is โ€“ a central database that keeps track of everything in a Windows domain network.

Think of it like the behind-the-scenes organizer that makes sure everyone and everything has the right access to what they need. It does this by storing information about each object in the network as an “Active Directory object,” which has details like:

  • Names: Like your computer’s name or your username.
  • Attributes: Things like your email address, department, or what software you’re allowed to use.
  • Permissions: Who can access what resources, like who can print to a specific printer or edit a shared file.

By having all this information in one place, Active Directory makes it easy for administrators to manage the network and for users to access the resources they need.

Here’s an analogy to help you visualize it:

  • Imagine your office is a Windows domain network.
  • Active Directory is the receptionist who knows everyone’s name, where their desk is, and what they’re allowed to do.
  • Each person and thing on the network is an Active Directory object.
  • The receptionist’s rolodex is the Active Directory database.
  • The receptionist checking IDs to let someone into a meeting room is like Active Directory controlling permissions.

So, next time you log in to your work computer and access a shared file, remember that Active Directory is working behind the scenes to make it all happen smoothly!

How Does Active Directory Work?

Active Directory works by storing its information in a special database called the Directory Information Tree (DIT). This tree-like structure makes it easy to find and organize objects.

Here’s a simplified overview of how it works:

  1. Setup: When you set up Active Directory, you create a domain (like “mycompany.com”) and one or more domain controllers. These are special servers that store the DIT and manage authentication and authorization.
  2. Adding objects: As you add users, computers, printers, and other things to your network, they become Active Directory objects and are stored in the DIT.
  3. Authentication: When you log in to your computer, your username and password are sent to a domain controller. The domain controller checks the DIT to see if your username and password are correct and if you have permission to access the network.
  4. Authorization: Once you’re authenticated, the domain controller uses the information in the DIT to determine what resources you have access to. This includes things like which files you can open, which printers you can use, and which software you can run.

Active Directory also has features like:

  • Replication: The DIT is automatically copied to other domain controllers to ensure that even if one server goes down, users can still access their resources.
  • Group Policy: Administrators can create policies that control what users can and cannot do on their computers.
  • Security: Active Directory has built-in security features to help protect your network from unauthorized access.

While Active Directory can seem complex, it’s essentially a powerful tool that helps keep your network organized and secure. It’s like the invisible IT helper that makes sure everything runs smoothly in the background!

I hope this explanation helps you understand what Active Directory is and how it works, even if you’re not a tech expert.

Prerequisites of Setup Active Directory on Windows Server

Before You Set Up Microsoft Active Directory (AD), Check These Essentials. To ensure a smooth setup of your Windows Active Directory (AD), make sure you’ve got these important things in place:

Name Your Server

While you can change the name of your domain controller later, it’s best to choose a final, meaningful name before starting the AD setup process. This helps avoid potential complications down the line.

Assign a Static IP Address:

Think of a static IP address as your server’s permanent home address on the network. It’s crucial to ensure that devices and resources can always find and connect to your server reliably.

Dedicate the Machine for Server Duties:

Your server will be playing a vital role in managing your network, so it’s essential to give it its own dedicated machine. This means:

  • Hardware Resources: Verify that the server has enough processing power, memory, and storage to handle the demands of Active Directory and your network’s needs.
  • Exclusive Focus: Avoid using the server for other tasks, as this could impact its performance and reliability for running AD.

By taking care of these prerequisites, you’ll create a solid foundation for successfully setting up Active Directory and managing your Windows network effectively.

Step-by-step guide to setup Active Directory on Windows Server 2022

Here’s a step-by-step guide to setting up Microsoft Active Directory (AD) on your Windows Server 2022 machine, using clear and concise language:

Launching Server Manager

Begin your setup by opening the Server Manager program. To do this, press the Windows Logo Key and type “Server Manager” in the search bar. Click on the application that appears.

Adding Roles and Features

Locate “Manage” in the top right corner of the menu bar and click on it. From the dropdown menu, select “Add Roles and Features.” This action will launch a wizard designed to guide you through the setup process.

On the left side of the window, you’ll see a list of steps involved in this stage. Click “Next” to proceed.

Selecting Installation Type

Select “Role-based or feature-based installation“. Then Click “Next“.

Configuring Active Directory Server Selection and Roles

Opt for “Select a server from the server pool” radio button. This will display a list of servers installed on your machine. Click on the server you intend to use for AD and click “Next.”

At the “Server Roles” checkpoint, you’ll see a list of roles that can be assigned to the server. Find and select “Active Directory Domain Services.” A pop-up window will appear, prompting you to add new features. Click the “Add features” button at the bottom of the window to view a list of available options

Click “Next” without making any changes to the default settings.

You’ll be redirected to the “Active Directory Domain Services” feature screen. Click “Next” again.

Summary and Confirmation

Carefully review the summary of your selected options. If you need to make any adjustments, click “Previous” to return to earlier steps.

Once you’re confident in your choices, if you see the warning Do you need to specify an alternate source path? …. Click on “Specify an alternate source path“. and enter the path. The path should be Windows Server mount drive\sources\sxs (such as D:\sources\sxs)

click the “Install” button at the “Confirmation” checkpoint.
The installation process will begin and may take some time depending on your hardware configuration. Avoid interrupting the process.

Upon completion, click the “Close” button. Keep the Server Manager application open for the subsequent steps.

Promoting Your Server to a Domain Controller

The “Active Directory Domain Services” feature now needs to be promoted to a Domain Controller (DC). Here’s how:

If you accidentally closed Server Manager, relaunch it.

Locate a yellow triangle warning sign near the menu bar on the Server Manager dashboard. It indicates the successful installation of AD DS. Click on the warning sign to reveal a dropdown list of “post-deployment configuration” actions. Select “Promote this server to a domain controller.”

We’ve successfully navigated the initial stages of setting up Active Directory (AD) on your Windows Server 2022 machine. Now, let’s embark on the crucial task of promoting your server to a Domain Controller (DC) and delve into further configuration steps.

Adding a Forest (For New Forests)

Upon clicking “Promote this server to a domain controller,” a configuration wizard will guide you through deployment.

This first step focuses on adding a new forest. Choose the “Add a new forest” radio button and enter your desired root domain name (in my case it is roosho.local). Click “Next.”

Setting Domain Controller (DC) Options

Regardless of your forest option, this step remains the same. Leave the default settings untouched and provide a strong password for your DC account. Remember, this password is crucial for secure access, so keep it safe and complex.

Configuring DNS Options

You might encounter an error message about missing parent zone or DNS server delegation. Don’t worry, just click “Next” without modifying any settings at this point.

Configuring Additional Options

Enter your desired NetBIOS domain name in the provided textbox. This acts as a user-friendly alternative to the technical domain name.

Confirm Preselected Paths

The wizard will display three or more paths related to AD data storage. These are pre-selected and recommended, so don’t modify them. You don’t need to memorize these paths either.

Reviewing Selections

Take a final look at all the options you’ve chosen throughout the configuration process. If any adjustments are needed, use the “Previous” button to navigate back and make changes. Once satisfied, click “Next” on the “Review Options” page.

Run Prerequisites Check and Complete Active Directory Domain Service Configuration

This crucial step verifies if your system meets all the requirements for successful AD operation. If everything checks out, you’ll see a green checkmark and a success message. If errors arise, address them before proceeding.

Click “Install” at the “Prerequisites Check” stage to initiate the promotion process. It might take some time, so be patient and avoid interrupting the installation.

Once completed, the wizard will guide you through the final configuration steps, such as setting DNS options and verifying replication. Follow the on-screen instructions to finalize the setup.

If everything goes right, you will be logged out. Click on “Close“.

Sign in with AD Domain

Congratulations! You’ve successfully promoted your server to a Domain Controller and established the foundation for managing your network through Active Directory. Remember, ongoing maintenance and security updates are essential for a healthy and secure AD environment.

PowerShell Commands After Active Directory Setup

Here are some essential PowerShell commands to leverage after setting up Active Directory (AD) on your Windows Server, ensuring a smooth and successful deployment:

Verifying AD Installation

ShellScript
Get-Service adws,kdc,netlogon,dns

Purpose: This command checks the status of crucial services responsible for AD functionality:

  • ADWS: Active Directory Web Services
  • KDC: Key Distribution Center
  • Netlogon: Handles user and computer authentication
  • DNS: Domain Name System

Output: The command displays the status of each service. “Running” indicates successful operation, while other statuses may signal potential issues.

Inspecting Domain Controller Details

ShellScript
Get-ADDomainController

Purpose: This command retrieves detailed information about your domain controllers, including:

  • Hostnames
  • Domain names
  • IP addresses
  • Operating system versions
  • Site names
  • Roles

Output: A list of domain controllers with their associated details is displayed.

Examining Domain Information

ShellScript
Get-ADDomain ad-domain.com

(replace “ad-domain.com” with your actual domain name)

Purpose: This command provides a comprehensive overview of your domain, including:

  • Distinguished name
  • Domain mode (e.g., Windows Server 2016)
  • Forest name
  • Domain controllers
  • Security settings

Output: A detailed description of your domain’s configuration is displayed.

Additional Notes

Forest Creation:ย To create a new forest,ย ensure you’re logged in as the local administrator of the server.
Adding Domain Controllers:ย To add more domain controllers,ย you must possess membership in the domain administrators group.

Bonus Tip on Active Directory

Consider utilizing Microsoft’s official Active Directory documentation and resources for detailed guidance and troubleshooting assistance. Here are some helpful links:

Setting up Active Directory on Windows Server 2022 is a strategic step towards efficient user management and enhanced security within your organization. Remember to keep records of your Active Directory credentials and be aware that this guide is specific to Windows Server 2022.

By following this comprehensive guide, you’ll be well on your way to leveraging the full potential of Windows Active Directory in your enterprise environment.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog.ย 
share this article.

ADVERTISEMENT

ADVERTISEMENT

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name