Setting Up Active Directory Network From Scratch
Contents
Contents
Introduction
This blog post will show step by step how to setup a basic Active Directory network. The network will consist of four computers, two servers and two clients. There will be a Domain Controller, a DHCP server, a central management station, and of course a desktop for the clients. This can all be seen in the diagram below.
The purpose of the central management desktop for the administrator to easily manage multiple servers at once. The servers in this network will all be Core installs without a desktop. It will be possible to manage these servers in Server Manager remotely. Remote Powershell sessions can also be established to remote servers.
The chosen operating system for the servers (dc and dhcp) will be Windows Server 2019 Core, it can be either Standard or Datacenter. For the client side (manage and client) Windows 10 Enterprise LTSC will be used. Below can be seen a chart that shows the networking configuration of each computer. Please note that the default gateway is not listed in this chart, but will have the IP address of 10.0.0.1 /24.
| Computer | IP Address | Default Gateway | DNS |
|---|---|---|---|
| dc.contoso.net | 10.0.0.10/24 | 10.0.0.1 | 127.0.0.1 |
| dhcp.contoso.net | 10.0.0.11/24 | 10.0.0.1 | 10.0.0.10 |
| manage.contoso.net | 10.0.0.12/24 | 10.0.0.1 | 10.0.0.10 |
| client.contoso.net | 10.0.0.101/24 | 10.0.0.1 | 10.0.0.10 |
This blog post will be split into the following sections:
- Creating a Domain Controller
- Setting up Management Station
- Creating a DHCP Server
- Connecting a Client
Creating a Domain Controller
First the Domain Controller will be configured, then the Domain Services role will be installed on this server. The Domain Services role is what provides directory service functionality.
Rename Server
Begin by renaming a server to what the role will be. We will use the Powershell command Rename-Computer to set the hostname to dc. Don’t forget to restart the server in order to it to take effect.
Set Static IP Address
Next we will need to set a static IP address on the server. Use the command Get-NetAdapter to list all network interfaces. The most important information here is the Name and interface index, either of these can be used to reference a network interface in other commands.
Set a static IP address of 10.0.0.10 using the New-NetIPAddress command.
[comment]:
A DNS server will also have to be set using the Set-DnsClientServerAddress command. Set this to your favorite DNS server. When a domain will be created on the Domain Controller this DNS server will be used as the forwarder in the DNS.
[comment]:
Install Active Directory Domain Services Feature
Now the Domain Services feature must be installed along with DNS.
Create Forest
After the installation a new forest will need to be created, use the Install-ADDSForest in order to create one. Please note that the current password you are using for the local Administrator account on the server will be used for the domain Administrator account.
In other words, when you login as CONTOSO\Administrator the password you must use is the one you typed in when installing the current server. This can of course be changed later on.
This may take a bit of time to complete, after it is finished it will restart the server. At that point everythig is configured and ready to go.
Setting up Management Station
In this section we will setup a central management desktop that will be used to manage the servers.
Setting up Machine
Just like with the Domain Controller begin by renaming the hostname of this computer to manage.
Next set a static IP address to 10.0.0.12.
After configure the DNS so that it points to the Domain Controller.
Joining Domain
Before joining the domain check that the machine can resolve the domain name, you can do this by pinging contoso.net. The result should be the IP address of the Domain Controller.
Next use the Add-Computer Powershell command to add this computer to the domain.
After this computer restarts logon using the Administrator domain account. Please note, when using the Administrator username the computer will assume you want to login locally. In order to logon as a domain account append the domain, CONTOSO, in front of the username.
Installing Remote System Administration Tools
Once logged in the Remote System Administration Tools must be installed. There are many different ones, everything from managing DNS to virtual machines on Hyper-V. You can run Get-WindowsCapability -Name RSAT* -Online to view a list.
However, to make things simple I will install all of them. You can go through the list and pick what you need, or run the command below to install everything.
Managing Remotely
Inside Server Manager you can add a server that you wish to manage remotely.
Any server you add will show up on the main page.
Remote Powershell sessions can also be created using the Enter-PSSession command.
Creating a DHCP Server
Now a DHCP server will be created in order to provide a client desktop with an IP address.
Setting up Machine
Just like the last two times, rename the computer to dhcp.
Set a static IP address of 10.0.0.11.
Set the DNS server to point to the Domain Controller.
Joining Domain
Once again, join the server to the domain.
On your remote management desktop you can also see the list of computers in the Active Directory Users and Computers tool (dsa.msc).
Install DHCP Feature
Install the DHCP feature on the server. Note the commands in this subsection are being run from manage.contoso.net, the central management station.
In order for a DHCP server to function in Active Directory it must be authorized. In order to do this use the Add-DhcpServerInDC command.
The Get-DhcpServerInDc command can be used to view all the authorized DHCP servers.
Another option is to click the notification that shows up in Server Manager and perform the authorization there.
If you used the Powershell command to authorize the DHCP server this notification in Server Manager will not disappear, you will have to enter it and choose the skip option.
Creating DHCP Scope
Now in order to provide DHCP services to the network a scope must be creatd. This can be done using the DHCP GUI managemnt tool, however, I will use Powershell.
The following will use the Add-DhcpServer4Scope command to create a scope, and the Set-DhcpServer4OptionValue command will be used to set options on the scope.
Connecting a Client
This section will show a client being joined to the Domain. The actons performed will be the same as in the previous sections.
Check IP Configuration
Once the client is in the network it should receive an IP from the DHCP server.
Confirm that the domain name can resolve.
Join Domain
Now add the computer to the domain.