Installing Active Directory role on Windows Server
Installation of AD DS role
Authorisation of DHCP server on domain
Testing name resolution via FQDN
Getting AD domain information
Installation of AD DS role
Let’s install the directory service role, so that we can create a domain and promote winsrv-1 to domain controller.
PS > Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Active Directory Domain Services, Group P...
Install-ADDSForest -DomainName "ad.georgetech.co.uk" -DomainNetbiosName "ad" -InstallDns -Force
Authorisation of DHCP server on domain
We will need to authorise the DHCP server on winsrv-1 for it to allow to distribute IP addresses to computers such as winsrv-2 in the newly created domain ad.georgetech.co.uk:
PS > [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
winsrv-1.ad.georgetech.co.uk
PS > Add-DhcpServerInDC -DnsName "winsrv-1.ad.georgetech.co.uk" -IPAddress "172.16.1.1"
We will add the DNS server option to the scope 172.16.1.0, since winsrv-1 has the DNS server role installed:
Set-DhcpServerv4OptionValue -ScopeId "172.16.1.0" -OptionId 6 -Value "172.16.1.1"
We can now bounce the network adapter on winsrv-2, so that it can get the new DNS setting.
PS > Disable-NetAdapter "Ethernet0"
Confirm
Are you sure you want to perform this action?
Disable-NetAdapter 'Ethernet0'
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
PS > Enable-NetAdapter "Ethernet0"
PS > Get-DnsClientServerAddress
InterfaceAlias Interface Address ServerAddresses
Index Family
-------------- --------- ------- ---------------
Ethernet0 5 IPv4 {172.16.1.1}
Testing name resolution via FQDN
We can ping the server via its short winsrv-1 and fully qualified domain name winsrv-1.ad.georgetech.co.uk:
PS > Test-NetConnection winsrv-1
ComputerName : winsrv-1
RemoteAddress : 172.16.1.1
InterfaceAlias : Ethernet0
SourceAddress : 172.16.1.10
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
PS > Test-NetConnection winsrv-1.ad.georgetech.co.uk
ComputerName : winsrv-1.ad.georgetech.co.uk
RemoteAddress : 172.16.1.1
InterfaceAlias : Ethernet0
SourceAddress : 172.16.1.10
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
Getting AD domain information
To get information on the newly created domain, we can use Get-ADDomain.
It will tell us:
- DNSRoot:
ad.georgetech.co.uk- This is the DNS name of the Active Directory domain. - DomainMode:
Windows2016Domain- This specifies the functional level of the domain. It indicates that the domain is operating at a Windows Server 2016 level, which determines the features and capabilities available within the domain. - Forest:
ad.georgetech.co.uk- In a single-domain forest, the forest root domain is the same as the domain itself. This indicates thatad.georgetech.co.ukis the root of the Active Directory forest. - DeletedObjectsContainer:
CN=Deleted Objects,DC=ad,DC=georgetech,DC=co,DC=uk- This is the DN of the container where deleted Active Directory objects are moved for a period before being permanently removed. - PDCEmulator:
winsrv-1.ad.georgetech.co.uk- This is the FQDN of the domain controller holding the Primary Domain Controller (PDC) Emulator FSMO role. This role is crucial for password changes, account lockout policies, and time synchronization. - UsersContainer:
CN=Users,DC=ad,DC=georgetech,DC=co,DC=uk- This is the DN of the default container where user accounts are created within this domain. - ComputersContainer:
CN=Computers,DC=ad,DC=georgetech,DC=co,DC=uk- This is the distinguished name (DN) of the default container where computer accounts are created within this domain.
PS > Get-ADDomain
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=ad,DC=georgetech,DC=co,DC=uk
DeletedObjectsContainer : CN=Deleted Objects,DC=ad,DC=georgetech,DC=co,DC=uk
DistinguishedName : DC=ad,DC=georgetech,DC=co,DC=uk
DNSRoot : ad.georgetech.co.uk
DomainControllersContainer : OU=Domain Controllers,DC=ad,DC=georgetech,DC=co,DC=uk
DomainMode : Windows2016Domain
DomainSID : S-1-5-21-284798044-4147256589-3138032021
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=ad,DC=georgetech,DC=co,DC=uk
Forest : ad.georgetech.co.uk
InfrastructureMaster : winsrv-1.ad.georgetech.co.uk
LastLogonReplicationInterval :
LinkedGroupPolicyObjects : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ad,DC=georgetech,DC=co,DC=uk}
LostAndFoundContainer : CN=LostAndFound,DC=ad,DC=georgetech,DC=co,DC=uk
ManagedBy :
Name : ad
NetBIOSName : ad
ObjectClass : domainDNS
ObjectGUID : faf9cbaa-d30c-47e1-b6a7-a839465c73e4
ParentDomain :
PDCEmulator : winsrv-1.ad.georgetech.co.uk
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=ad,DC=georgetech,DC=co,DC=uk
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {winsrv-1.ad.georgetech.co.uk}
RIDMaster : winsrv-1.ad.georgetech.co.uk
SubordinateReferences : {DC=ForestDnsZones,DC=ad,DC=georgetech,DC=co,DC=uk, DC=DomainDnsZones,DC=ad,DC=georgetech,DC=co,DC=uk, CN=Configuration,DC=ad,DC=georgetech,DC=co,DC=uk}
SystemsContainer : CN=System,DC=ad,DC=georgetech,DC=co,DC=uk
UsersContainer : CN=Users,DC=ad,DC=georgetech,DC=co,DC=uk