Russell Smith, the Editorial Director at Petri IT Knowledgebase, has over two decades of hands-on experience in IT, in both small business settings and government IT infrastructure projects. Russell started writing for Windows IT Pro Magazine in t...
There is an updated version of this article here: How to Add a Domain Controller to an Existing Domain
Windows Server 2022 doesn’t include any significant changes to Active Directory (AD). But you will want to use it going forwards for your new domain controllers because of the improved security it provides over earlier versions of Windows Server.
There are two ways for system administrators to promote Windows Server 2022 to domain controller (DC). The first is using Server Manager, which has been the standard way to add, or ‘promote’ as is more commonly referred to, Windows Server 2022 as a DC. The second way, and easier way in my opinion, is to use PowerShell.
Whichever method you choose, adding Windows Server 2022 as a DC involves two main steps:
But it’s also noting that there are some prerequisites that you should meet before promote windows server 2022 to domain controller. For instance, the server should be assigned a static IP address. And it’s also worth making sure that the server name is something relevant, like DC1, so that it can easily be identified.
Before we install AD DS, let’s make sure we meet the basic prerequisites for a DC in Windows Server 2022.
We’ll start by renaming the server.
Rename-Computer -NewName DC1
Once the server has rebooted, we can configure the network adapter with a static IP address. On my network, I will assign a static IP address of 192.168.1.10/24 and the default gateway is 192.168.1.1.
New-NetIPAddress –IPAddress 192.168.1.10 -DefaultGateway 192.168.1.1 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex
Set-DNSClientServerAddress –InterfaceIndex (Get-NetAdapter).InterfaceIndex –ServerAddresses 192.168.1.10
The next step is to install the AD DS server role. It’s easy to do using the Install-WindowsFeature cmdlet as shown below.
Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools
Once the AD DS server role is installed, you’ll get a message in the PowerShell window. The Success column should read True.
If you’d prefer to install AD DS the hard way, here is a step-by-step guide using Server Manager.
Let’s deal with the server’s name and IP address first.
Now let’s set a static IP address.
On my network, I will assign a static IP address of 192.168.1.10, subnet mask of 255.255.255.0, and the default gateway is 192.168.1.1.
The first DC in your domain will also be a DNS server. The Active Directory Domain Services Configuration Wizard will automatically configure a DNS server for you.
Now let’s install the AD DS server role.
In this example, we will add Windows Server 2022 as a domain controller in a new forest and domain. Before you continue, you should decide on a Fully Qualified Domain Name (FQDN) for your domain. I’m going to use ad.contoso.com in this example. Where ‘ad’ is the name of my new domain and contoso.com is the top-level domain (TLD). You should make sure that you own the public TLD. In this example, I should own the contoso.com domain name. AD in the FQDN defines my internal DNS namespace for Active Directory.
To configure Windows Server 2022 as a domain controller, run Install-ADDSForest as shown in the example below. Replace ad.contoso.com with your chosen FQDN. DomainNetBIOSName is usually set to the part of your FQDN that identifies your internal AD DNS namespace. So, the part that comes to the left of the first period. In this case, ‘ad’.
Install-ADDSForest -DomainName ad.contoso.com -DomainNetBIOSName AD -InstallDNS
You should note that Install-ADDSForest is only used when you are installing the first domain controller in a new AD forest. Install-ADDSDomain and Install-ADDSDomainController are used respectively to create a new domain in an existing forest and install a new DC in an existing AD domain.
DomainName and DomainNetBIOSName are the only two compulsory parameters for the Install-ADDSForest cmdlet. If you want to explore what other options you can configure, run the command line below:
Get-Help Install-ADDSForest
When you run the Install-ADDSForest cmdlet, you’ll be prompted to enter a password for Directory Services Restore Mode (DSRM). Or Safe Mode password as it’s sometimes referred to. Enter a password and confirm it when prompted.
You’ll then see a message:
The target server will be configured as a domain controller and restarted when this operation is complete.
Do you want to continue with this operation?
Type y in the PowerShell window and press ENTER to confirm that you want to configure the server as a domain controller.
As AD is configured, you’ll see some yellow warnings appear in the PowerShell window. They are normal and you can safely ignore them. The server will automatically reboot. Once Windows Server has rebooted, you will need to log in with the domain administrator account. The domain administrator account is assigned the same password as the built-in administrator account.
On the sign-in page, type administrator in the User name field. Type the password for the administrator account, which is the same as the password for the previous built-in administrator account, and press ENTER.
And that is it! You are now logged in to your AD domain’s first domain controller. You can access Server Manager from the Start menu. In Server Manager, click the Tools menu and then select Active Directory Users and Computers to start managing your domain.
Now that the AD DS role is installed in Windows Server 2022, you can configure your first AD domain controller. Let’s go back to Server Manager and start the configuration.
You should make sure that you own the public top-level domain name (TLD). In this example, I should own the contoso.com domain name. AD in the FQDN defines my internal DNS namespace for Active Directory.
The wizard will run some prerequisite checks to make sure AD can be installed on the server. Hopefully your server will pass the checks and you can continue installing AD. It’s normal to get a few warnings as you can see in the image below. You will not be able to proceed with the install if the server fails the prerequisite checks.
Once Windows Server has rebooted, you will need to log in with the domain administrator account. The domain administrator account is assigned the same password as the built-in administrator account.
And that is it! You are now logged in to your AD domain’s first domain controller.
To promote Windows Server 2022 to domain controller, you need a minimum of 2GHz processor, 2GB RAM (16GB recommended), 32GB disk space, and a network adapter capable of at least 1Gbps. The server must also be running Windows Server 2022 Standard or Datacenter edition.
Yes, you can promote Windows Server 2022 to domain controller in an existing forest that contains older versions, but the forest functional level must be at least Windows Server 2016 to ensure compatibility and proper functionality.
Before you promote Windows Server 2022 to domain controller, ensure you have a full system backup of any existing domain controllers, export and document current DNS settings, and create a system state backup to enable recovery if needed.
After promoting Windows Server 2022 to domain controller, implement LDAPS encryption, configure Windows Defender, enable audit logging, set up password policies, and configure Windows Firewall with specific rules for domain controller traffic.
Common issues when promoting Windows Server 2022 to domain controller include DNS configuration errors, network connectivity problems, insufficient permissions, schema compatibility issues, and problems with existing domain controller replication.
Related Article: