How to Install and Configure Active Directory Domain Services on Windows Server 2012 R2

Installation and Configuration of Active Directory Domain Services on Windows Server 2012/2012R2/2016/2019/2022

Active Directory core component is Active Directory Domain Services (ADDS), adds is a role not service on Microsoft Windows Server 2008/2012/2016/2019/2022. ADDS centralized managed users, computers, mobile devices, network devices, services connected to network etc. The main purpose of ADDS is authenticate the user and authorize the users to access network resources. The main benefit of Active Directory Domain Service (ADDS) is single point of access means by use of this service user is authorize to access the servers, services, application from any computer that is a member of Active Directory Domain Service (ADDS). In Active Directory Domain Service multiple domain controller are work together, if single domain controller is not working, another domain controller will take the responsibility of fail domain controller.

Example 1: Two domain controllers are working. Primary domain controller that have all flexible single master operation (fsmo) role is shut down for any reason (OS corrupt, power supply issue, mother board issue, ram issue etc.), 2^nd domain controller will become a primary domain controller. You need only to seize the flexible single master operation (fsmo) role on secondary domain controller.

Example 2: Two domain controllers are working and both domain controllers are working fine but you want to change a primary domain controller, you need to transfer a flexible single master operation (fsmo) role from primary domain controller to secondary domain controller.

What are Flexible Single Master Operation (fsmo) Role:

In Active Directory Domain Services (ADDS) five fsmo roles that are mention below.

1. Primary Domain Controller (PDC) Emulator.
2. Relative ID (RID) Master.
3. Schema Master.
4. Domain Naming Master.
5. Infrastructure Master.

Primary Domain Controller (PDC) Emulator:

The purpose of Primary Domain Controller (PDC) Emulator are authenticate requests, manages Group Policy Objects and changes passwords. PDC emulator also inform the time centrally.

Relative ID (RID) Master:

The Relative ID (RID) Master use Security Identifier (SID). In Active Directory, each object have unique Security Identifier (SID).

Schema Master:

The Schema Master is use to update the active directory schema and manage the read and write copy of active directory schema. Active Directory Schema contain attributes for example employee id, info, display Name, SAM Account Name (User id), User Principal Name (Email id) etc.

Domain Naming Master:

Domain Naming Master is use to manage the name of domain in a forest means if multiple domain name create in a forest it check domain must not be create with same name. If new domain add or existing domain delete the Domain Naming Master must be online.

Infrastructure Master:

Infrastructure Master role is use to update the Security Identifier (SID) and Distinguish Name in multiple domain actually it translates Globally Unique Identifiers (GUID), Security Identifier (SIDs), and Distinguished Names (DN) between domains in a forest.

To install the Active Directory Domain Service Role on Windows Server 2012/2012 R2/2016/2019/2022 open Server Manager Dashboard then click on Add roles and features.

Then click “Next” to continue.

Note: if you want to remove any role, service and feature need to click on “Start the Remove Roles and Feature wizard”.

 The ADDS (Active Directory Domain Service) is a role therefore for the installation of ADDS role select “role based or feature based installation” on select installation type then click “Next” to continue.

Select a server from the server pool, here we have only single server “WS2012R2” select it then click next to continue.

Select “Active Directory Domain Services” role on Add Roles and Feature wizard, Server Roles. Then click “Next” to continue.

The require features of Active Directory Domain Services will be added automatically, if you cancel it, you cannot install Active Directory Domain Services. Therefore, click on Add Features.

Click “Next” to continue, for the installation of Windows Server Role “Active Directory Domain Services”.

On Features, you do not need to select anything more for the installation of “Active Directory Domain Service” until you need any feature for other reason to install. Therefore, on Features click “Next” to continue.

Click “Next” on “Active Directory Domain Services” window, in the below image you can read the definition of Active Directory Domain Services and get some tips.  

 On “Confirm installation selections”, check mark “Restart the destination server automatically if required” then click “install”.

After click install, Active Directory Domain Services installation is in progress.

The Active Directory Domain Services installation has been completed; now click on “Promote this server to a domain controller”.

This is a first domain in a new forest, therefore select “Add a new forest” and provide Root domain name: pakistan.local1. You can provide Root domain name as per your choice.

For the installation of Active Directory Domain Services must select “Domain Name System (DNS) server”, provide forest and domain functional level as per your organization need and provide secure password for Directory Service Restore Mode (DSRM).

Domain Name System (DNS) server:

Domain name system (DNS) is use to trasnslate name into IP and IP into name as farward and reverse lookup zone respectively. DNS server also use to locate web server by map the IP with name. In Active directory, Domain Name System (DNS) server locate clients a domain controller so clients connect to each other centrally and use services on single authentication that is Single Sign ON (SSO).

Directory Service Restore Mode (DSRM):

Directory Service Restore Mode is use in safe mode. It is use for to restore AD objects from Backup. Directory Service Restore Mode also allow administrator to restore Active Directory database.

Forest Functional Level:

In our case, Forest Functional Level is “Windows Server 2012 R2”. In your case, you can select below version of OS. Actually, forest is top of organization in Active Directory infrastructure therefore selection of Forest Functional Level is important.

Domain Functional Level:

In our case, Domain Functional Level is “Windows Server 2012 R2”. You can select below version of Windows. Domain Functional Level must be same as Forest Functional Level or above windows version, below version of Windows Domain Functional Level not compatible with Forest Functional Level. Actually, Domain Functional Level determine the feature of Domain Controller and Domain Controller is based on the operating system. 

On DNS options click “next” to continue.

Leave the default NetBIOS domain name, in our case it is “PAKISTAN”. The NetBIOS domain name is set on base on root domain name.

 If you want to change the default location of log files folder, database folder and sysvol folder you can change it otherwise leave it default.

Review selections, and then click next to continue.

It check prerequisites, after prerequisites check complete click on “install” for finalize the installation of Active Directory Domain Services.

System automatically goes to reboot.

The active directory domain services has been successfully install on windows server 2012 r2. You can follow the same steps on Windows Server 2012/2016/2019/2022.

 

For OS details right click “my computer” or “This PC” and take properties of system.

Thanks for Read This Article