Download Windows Server 2022 from: https://www.microsoft.com/en-us/evalcenter/
– Install Windows Server 2022
* Windows Server 2019 System Requirements:
Processor: 1.4 GHz 64-bit processor
RAM: 512 MB
Disk Space: 32 GB
Network – Gigabit (10/100/1000baseT) Ethernet adapter
Optical Storage – DVD drive (if installing the OS from DVD media)
Video – Super VGA (1024 x 768) or higher-resolution (optional)
Input Devices – Keyboard and mouse (optional)
Internet – Broadband access (optional)
A domain controller is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain. — Wikipedia
In this guide, we will go through the process of creating a AD forest and promoting our computer to a domain controller. We will go through the process using Server Manager in the GUI on our computer, then we will see how we can do this using PowerShell.
— USING THE GUI
1. Open Server Manager
2. Click on Manage > Add Roles and Features
3. Click Next, then select Role-based or Feature-based Installation
4. Verify that Select a server from the server pool is selected and that the server is selected, click Next
5. Check Active Directory Domain Services and DNS Server
6. Click Add Features in the popup box to include/install all required features for each role selected. For DNS Server, if a popup warning displays warning that the server does not have a static IP, go ahead and click Continue
7. Click Next
8. Check .NET Framework 3.5 Features
9. Click Next through each page and install all roles and features selected
10. Click Close
11. In Server Manager, click the Notifications (it should have a warning next to it) > Promote this server to a domain controller
12. Select Add a new forest
13. Enter a name for our new domain (Example: newDomain.ad)
14. Click Next
15. Enter a new Directory Services Restore Module password
16. Click Next
17. On the DNS Options window, click Next to proceed
18. Verify NetBIOS name, then press Next and continue on through with completing installation.
19. Once installation is complete, server will restart
— USING POWERSHELL (2 Steps)
1. Rename Computer:Using PowerShell:
Rename-Computer -NewName "DC-01" -LocalCredential localhost\Administrator -Restart
You will be prompted for your Administrator password, and the computer will restart
2. Create the AD forest and set the computer as the domain controller:Using PowerShell, open PowerShell ISE and run the following script: https://github.com/robjschroeder/Windows-PowerShell/blob/main/CreateDomainControllerForest.ps1
# Add the Windows Features for AD Add-WindowsFeature AD-Domain-Services Add-windowsfeature RSAT-ADDS # Prompt For Variables $SafetModeAdministratorPasswordText = Read-Host -Prompt "Enter your Safe Mode Administrator Password" $DomainName = Read-Host -Prompt "Enter what you would like your domain to be. (ex. LAB.ADSecurity.org)" $SiteName = Read-Host -Prompt "Enter what you would like your site name to be (ex. LAB)" # Convert Text Password To Secure String $SafeModeAdministratorPassword = ConvertTo-SecureString -AsPlainText $SafetModeAdministratorPasswordText -Force # Create the domain Import-Module ADDSDeployment Install-ADDSForest -CreateDNSDelegation:$False -DatabasePath “c:\Windows\NTDS” -DomainMode ‘Win2012’ -DomainName “$DomainName” -DomainNetbiosName “$SiteName” -ForestMode ‘Win2012’ -InstallDNS:$true -LogPath “C:\Windows\NTDS” -NoRebootOnCompletion:$false -Sysvolpath “C:\Windows\SYSVOL” -Force:$true -SafeModeAdministratorPassword $SafeModeAdministratorPassword
3. Take note of your DC’s IP address as we will use it as the DNS address for all other computers in the test lab environment.
It may also be a good idea at this point to create a new domain user that you can use for all your administrative tasks. Add this user to the Enterprise Admins and Domain Admins security groups for now.