Installing Active Directory Domain Services Role on Windows Server 2012
Active Directory (AD) has been a staple of Windows-based networks since Microsoft integrated it into Windows 2000 Server. AD is based on the Lightweight Directory Access Protocol (LDAP), and it provides authentication, authorization, and accounting capabilities on a network. It’s also a repository for all sorts of key information: Computer and user accounts, security and distribution groups, and even configuration information of products such as Microsoft Exchange all live within Active Directory. Put simply, if you’re an organization with more than just a few users and you use Windows, you’ll want AD. In this article, I’ll walk you though installing the Active Directory domain services role on Windows Server 2012. I’ll even show you how to install AD domain services within PowerShell with a simple one-liner.
Active Directory, Forests, and Trees
Active Directory is grouped into forests and trees. This structure makes perfect sense and is analogous to a real forest with real trees. When AD is first configured, a domain tree is created. This also creates the forest by default. At this point it’s a forest of one tree only, but it’s still a forest. This first domain tree is appropriately known as the Forest Root Domain. The Forest and the Forest Root Domain share the same name.
The workhorses of AD are Domain Controllers (DC). These are the servers in which the Active Directory database resides. DCs come in two main flavors: a standard Domain Controller or a Global Catalog Domain Controller. A standard DC contains the AD information for just the domain tree of which it’s a member. A Global Catalog (GC), on the other hand, contains the AD information for all domain trees in the entire forest. There must be at least one GC in every domain tree.
In AD, Flexible Single Master Operations (FSMO) roles define that DC, or DCs, perform certain critical forest and domain wide functions. There are five roles: Schema Master, Domain Naming Master, Infrastructure Master, Relative ID (RID) Master, and PDC Emulator. When creating the first domain controller within a new forest, this DC will host all five roles. However, the roles can be transferred to different DCs after they’re created. For a more in-depth discussion of FSMO roles check out Flash Denning’s great Petri article on the subject, “Understanding FSMO Roles in Server 2008 Active Directory“.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Windows Server 2012 and Active Directory Improvements
Each new Windows Server version since Windows 2000 Server has introduced new and improved AD functionality. Windows Server 2012 is no exception. The AD Recycle Bin now has a graphical user interface making it easier than ever to recover deleted AD objects. There’s also a shiny new GUI for Fine-Grained Password Policies enabling IT pros to dial-in their organization’s password requirements. The DC creation process has been improved and it’s now even possible to join computers to an AD domain from across the Internet using DirectAccess. Active Directory really does keep getting better with age.
How to Install the AD Domain Services Role
The first step on the road to implementing Active Directory on Windows Server 2012 is installing the Active Directory Domain Services Role.
- Login using an account that’s a member of the local administrator’s group.
- Open Server Manager.
- In the left-most pane of Server Manager, click Local Server.
- Click the Manage menu, then click Add Roles and Features.
- You’ll find yourself on the Before You Begin page of the Add Roles and Features Wizard. Click Next.
- On the Installation Type page, click the radio button next to Role-based or Feature-based installation.
- Click Next.
- When the Server Selection page appears, verify that the radio button for Server Selection is checked and that the name of the server being worked on is displayed and highlighted.
- When the list of Server Roles is displayed, find and select the checkbox for Active Directory Domain Services. This is the only selection necessary. Once this role is selected, you’ll be prompted to add features that are required for Active Directory Domain Services. All prerequisites will be added automatically.
- Click the Add Features button.
- Click Next.
- Click Next on the Features screen. Notice that the Group Policy Management feature is selected by default.
- The Active Directory Domain Services screen is worth giving a quick read. Take special note of the DNS Server requirement. The good news is if there isn’t a DNS server configured on the network, the current server will have the role added. No muss, no fuss.
- When finished reading, click Next.
- The confirmation screen will remind you one last time of everything that’s about to take place. I suggest selecting the checkbox for Restart the destination server automatically if required. Be aware that this will allow restarts without any further notification. I think of it as the set-it-and-forget-it option. Click Yes to confirm.
- If preferred, clear this checkbox and reboot manually after the AD Role finishes installing.
- Click the Install button to get the show on the road.
It’s possible to close the wizard and let it continue working in the background. I prefer to leave it open, lest I be tempted to use the server for other tasks that might accidentally derail the installation.
Once the wizard is complete, the server still needs promoted to an Active Directory Domain Controller. It’s possible to move right into this step from the wizard confirmation screen by clicking the link to Promote this server to a domain controller.
Installing the AD Domain Services Role Using PowerShell
One of the great benefits of Windows Server 2012 is how well PowerShell is integrated. PowerShell is, excuse the pun, more powerful than ever. For example, everything completed by the wizard above is easily done from within PowerShell with a simple one-liner. Here’s how.
- Log on to the server as an administrator.
- Open an elevated PowerShell prompt by right-clicking the PowerShell icon and selecting Run as Administrator.
- Type Install-WindowsFeature AD-Domain-Services –IncludeManagementTools and then press Enter.
The AD DS role will install and the server will reboot if necessary. Believe it or not, that’s it. That’s all there is to it. I bet you wish I told you this right from the get-go, huh?
Watch for a future Petri article where I’ll walk you through promoting a server with the AD DS role installed to a domain controller, creating a brand spankin’ new AD forest along the way. I’ll show you how to complete the process both via the GUI and from within PowerShell. Isn’t Windows Server 2012 great?