Tutorial 2: Install Active Directory & Domain Controller

Exercise 2. 1 Installing the Active Directory Domain Services Role

Overview In this exercise, you use the Add Roles and Features Wizard to
install the Active Directory Domain Services role on a newly
installed server running Windows Server 2012.
Mindset What are the minimum requirements for a domain controller server?
Does this server fulfill them?
Completion time 10 minutes

1. Log on to the SVR-DC-A computer, using the local Administrator account and the password
Pa$$w0rd. When the Server Manager console appears, select Manage > Add Roles and Features.
The Add Roles and Features Wizard appears, displaying the Before you begin page.
2. Click Next. The Select Installation Type page appears.
3. Leave the Role-based or feature-based installation radio button selected and click Next. The Select
Destination Server page appears.
4. Click Next to accept the default local server. The Select Server Roles page appears.
5. Select the Active Directory Domain Services check box. The Add features that are
required for Active Directory Domain Services? page appears.
6. Click Add features.
7. Click Next. The Select features page appears.
8. Click Next. The Active Directory Domain Services page appears.
9. Click Next. The Confirm installation selections page appears.
10. Click Install. The Installation progress page appears as the wizard installs the selected
roles and features (see Figure below)

11. Click Close. The Add Roles and Features Wizard closes.
12. In Server Manager, click Tools> Active Directory Users and Computers. The Active
Directory Users and Computers console fails to open properly.
 Exercise 2.2 Creating a New Forest
Overview Once you have installed the Active Directory Domain Services role, you must promote
the server to a domain controller. In this exercise, you create a new domain in a new forest and
configure the server to function as the domain controller for that domain.
Mindset What are the functions performed by the first domain controller in an
AD DS forest?
Completion time 15 minutes

1. On SVR-DC-A, in Server Manager, click the AD DS link in the left pane. The AD DS
home page appears, with a warning message stating that configuration is required for AD
DS (see Figure 2).

2. Click the More link. The All Servers Task Details window appears (see Figure 3)

3. Click the Promote this server to a domain controller link. The Active Directory Domain
Services Configuration Wizard appears, displaying the Deployment Configuration page.
 4. Select the Add a new forest option, and in the Root domain name text box, type adatum.com and
click Next. The Domain Controller Options page appears.
5. In the Password and Confirm Password text boxes, type Pa$$w0rd and click Next. The DNS Options
page appears.
6. Click Next. The Additional Options page appears and, after a brief delay, the NetBIOSdomain name
appears in the text box.
7. Click Next. The Paths page appears.
8. Click Next. The Review Options page appears.
9. Click the View Script button. A Notepad window appears, containing a Windows PowerShell script
equivalent to the settings you just configured in the wizard.
10. Close the Notepad window without saving the file and click Next. The Prerequisites check page
appears. The wizard performs the necessary checks, and a notice appears on the page, indicating that all
prerequisite checks have passed successfully.
11. Click Install. The Installation page appears as the wizard creates the new forest and promotes the server
to a domain controller. After several minutes, the computer restarts.
12. On SVR-DC-A, press CTRL+ALT+DEL and log on using the Adatum\Administrator account and
the password Pa$$w0rd.

Exercise 2.3 Creating a Child Domain

Overview In this exercise, you create a subdomain beneath the adatum.com
domain you created previously.
Mindset How does the process of creating a subdomain differ from that of
creating a forest root domain?
Completion time 15 minutes

Note: To create a child domain, make sure that 2 servers in the same network (You can
clone the first server to have the 2nd server and change server names).
In VirtualBox, choose Network adapter as NAT network, if using VMware, choose Vmnet8 to set
up a virtual network.

1. Log on to the SVR-DC-B computer, using the local Administrator account and the password Pa$$w0rd.
In Server Manager, use the Add Roles and Features Wizard to install the Active Directory Domain Services
role, as you did in Exercise 2.1.
2. On the Installation progress page that appears at the end of the Active Directory Domain Services role
installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory
Domain Services Configuration Wizard appears, displaying the Deployment Configuration page.
3. Select the Add a new domain to an existing forest option and, in the Select domain type drop-down list,
leave Child Domain selected.
What would the difference in results be if you were to choose the Tree Domain option rather
Question 1 than the Child Domain option?
By default, the wizard configures this domain controller to function as a DNS server. Under
Question 2 what circumstances would it be practical not to configure this domain controller to be a
DNS server?
4. Click Select. A Credentials for deployment operation dialog box appears.
5. In the User name text box, type ADATUM\Administrator, and in the Password text
box, type Pa$$w0rd and click OK. A Select a domain from the forest dialog box appears.
6. Select adatum.com and click OK. The domain name appears in the Parent domain name
field of the Deployment Configuration page.
7. In the New domain name text box, type NY and click Next. The Domain Controller Options page appears
8. In the Password and Confirm Password text boxes, type Pa$$w0rd and click Next. The
DNS Options page appears.
9. Click Next. The Additional Options page appears and, after a brief delay, the NetBIOS
domain name appears in the text box.
10. Click Next. The Paths page appears.
11. Click Next. The Review Options page appears.
12. Click Next. The Prerequisites Check page appears.
13. After the system passes all the prerequisite checks, click Install. The wizard creates the
new domain and configures the server to function as a domain controller.

Exercise 2.4 Creating Computer Objects

Overview In this exercise, you use the Active Directory Users and
Computers console on a newly installed domain controller to
create a computer object.
Mindset Is it always necessary to create computer objects manually?
Comp

1. Log on to the SVR-DC-A computer, which has the Server Manager console open, using the domain
Administrator account and the password Pa$$w0rd. Select Tools > Active Directory Users and Computers.
The Active Directory Users and Computers console appears.
2. In the left pane, expand the adatum.com node, if needed, and select the Computers container.
3. Right-click the Computers container and, from the context menu, click New > Computer. The New
Object – Computer Wizard appears (see Figure below).

4. In the Computer name text box, type SRV-B

5. Under User or group, click Change. The Select User or Group dialog box appears.
6. In the Enter the object name to select text box, type Domain Computers and click OK.
The group appears in the User or group text box.
7. Click OK. The wizard creates the computer object.
 Exercise 2.5 Creating a Single User
Overview In this exercise, you use the Active Directory Users and Computers console on a newly
installed domain controller to create a domain user account.
Mindset How many other ways are there to create a user object?
Completion time 10 minutes

1. On the SVR-DC-A computer, in the Active Directory Users and Computers console, Under adatum.
Select Users  Right Click  New user

.
2. From the Action menu, select New > User. The New Object – User Wizard appears (see Figure below)

3. In the First name text box, type Lori and in the Last name text box, type Kane.
4. In the User logon name text box, type lkane and click Next. The second page of the New Object – User
Wizard appears.
5. In the Password and Confirm password fields, type Pa$$w0rd.
6. Clear the User must change password at next logon check box and click Next. A confirmation page listing
the settings you configured appears.
7. Click Finish. The wizard creates the user object and closes
 Exercise 14.3 Using Active Directory Administrative Center
Overview In this exercise, you use the Active Directory Administrative Center console to create user
and computer objects.
Mindset What can Active Directory Administrative Center do that other tools cannot?
Completion time 10 minutes

1. On the SVR-DC-A computer, in the Server Manager console, select Tools > Active Directory
Administrative Center. The Active Directory Administrative Center console appears.
2. In the left pane, select the adatum (local) node and, in the center pane, double-click the Computers
container. The contents of the Computers container appears in the center pane.
3. In the right pane, select New > Computer. The Create Computer dialog box appears (see Figure below).

4. In the Computer name text box, type Wkstn8.

5. Under Member of, click Add. The Select Groups dialog box appears.
6. In the Enter the object name to select box, type Domain Computers and click OK. The group appears in
the Member Of text box.
7. Click OK. The new object appears in the Computers container.
9. In the left pane, select the adatum (local) node and, in the center pane, double-click the People OU. The
contents of the People container appears in the center pane.
10. In the right pane, select New > User. The Create User dialog box appears (see Figure below).
11. In the First name text box, type Monica, and in the Last name text box, type Brink.
12. In the User SamAccountName Logon text box, type mbrink. In the Password and Confirm password
fields, type Pa$$w0rd.
13. Scroll down and, in the Member of section, click Add. The Select Groups dialog box appears.
14. In the Enter the object name to select text box, type Domain Users and click OK. The group appears in
the Member Of text box.
15. Click OK. The new user object appears in the People OU.