Installing Active Directory

Domain Services (AD DS) and

domain joint on Windows Server
2019
A Step-by-Step Guide
 Introduction to Active Directory
Domain Services

• AD DS stores directory information and

manages interactions between users and
domains.
• Provides centralized user, computer, and
resource management.
• Enhances network security and simplifies
network administration.
 Pre-Installation Requirements
1. Ensure the system meets Windows Server
2019 requirements.
2. Verify necessary permissions (Administrator
rights).
3. Configure IP Address, computer name, and
time zone settings (static IP recommended).
4. Adjust the time zone of the Windows server.
 Step 1: Installing AD DS Role

1. Open Server Manager.

2. Select 'Add Roles and Features'.
3. Choose the Active Directory Domain Services
role.
 Step 2: Promoting Server to
Domain Controller

1. After installing AD DS, click 'Promote this

server to a domain controller'.
2. Choose 'Add a new forest' for a new domain
or add to an existing domain.
Domain vs Forest
 Step 3: Completing Configuration
Wizard

5. Set domain and forest functional levels

(usually Windows Server 2016 or higher).
6. Configure the Directory Services Restore
Mode (DSRM) password.
7. Review the options and complete the
installation.
 Post-Installation Tasks

1. Verify AD DS installation using Server

Manager.
2. Test domain login and create initial user
accounts.
3. Set up organizational units (OUs) as needed.
 Troubleshooting Tips

• Check error logs in Server Manager if issues

occur.
• Common errors: DNS configuration,
insufficient permissions, network connectivity.
ADDS Configuration Choices Definition:
• Global Catalog (GC):
is a data storage source containing partial
representations of objects found in a multi-domain
Active Directory Domain Services forest
• Forest function level:
The minimum version of the Windows server can be
accepted at a side forest level to run as domain control.
• Domain function level:
The minimum version of the Windows server can be
accepted at the site domain level to run as a domain
environment.
 ADDS Configuration Choices Definition:
• Directory Services Restore Mode (DSRM):
is a Safe Mode boot option for Windows
Server domain controllers. DSRM enables an administrator
to repair, recover, or restore an Active Directory (AD)
database.
• DNS delegation:
the process by which a parent DNS zone indicates to
DNS resolvers that it has delegated the authority for a DNS
subzone (or child zone) to a different set of DNS servers
 ADDS Configuration Choices Definition:
• NTDS (Windows NT Directory Services):
is the directory service used by Microsoft Windows NT to
locate, manage, and organize network resources. The NTDS.
dit file contains a database that stores the Active Directory
data (including users, groups, security descriptors, and
password hashes).
• The SYSVOL folders:
is a set file system with a read-only option that provides a
default Active Directory location for files that must be
replicated throughout a domain, including Group Policy
objects (GPOs), startup and shutdown scripts, and logon and
logoff scripts.
Joint Computer to Domain:
Introduction

• Joining a computer to an Active Directory

domain centralizes security and management.
• Domain-joined computers benefit from
centralized authentication and Group Policy
management.
 Pre-Configuration Requirements

1. Ensure you have domain administrator or

relevant permissions to join computers to the
domain.
2. Confirm that DNS settings point to the
domain controller's IP.
3. Verify network connectivity to the domain
controller.
 Step 1: Access System Properties

1. Right-click 'This PC' > select 'Properties' > click

'Change settings' under Computer Name.
2. In the 'System Properties' window, click the
'Change' button to rename the computer or join
a domain.
 Step 2: Enter Domain Name and
Credentials

1. Select 'Domain' and enter the domain name

(e.g., example.com).
2. Provide domain administrator credentials
when prompted.
3. Click 'OK' and a welcome message should
confirm successful domain join.
 AAA: Authentication,
Authorization, and Accounting

•Authentication - Identifying users

•Authorization - Determining access rights
•Accounting - Logging activities

Objective:
AAA secures system access by verifying identities,
assigning permissions, and tracking user actions.
 What is Authentication?
•Authentication is the process of verifying the
identity of a user, device, or system.
•Purpose:
validate a user's identity before allowing
access.
•Examples:
1-Password Login
2- Biometric Verification (fingerprint, facial
recognition)
3- Two-factor authentication (2FA) (e.g., text
code or app prompt)
 What is Authorization?
•Authorization specifies what authenticated
users are permitted to do.
•Purpose:
Determines "What can you access?" once
identity is confirmed.
•Examples:
1- Access to specific files
2- Permissions in a system (e.g., admin vs.
viewer roles)
3- Network resource access (e.g., printers,
databases)
 What is Accounting?
•Accounting logs the actions of users and tracks
resource usage.
•Purpose:
Answers "What did you do?" to monitor
and audit user activities.
•Examples:
1- Logging login and logout times
2- Recording access to files or resources
3- Generating usage reports for auditing
 How AAA Works Together
•Steps:
1 - Authentication verifies the user's identity.
2 - Authorization provides permissions based on the
identity.
3 - Accounting tracks and logs the user's activities.
Example: Logging into a secure website
1.Authentication: The user enters a password.
2.Authorization: The system assigns access to certain
pages.
3.Accounting: The user’s actions on each page are
logged.
 Why AAA is Important

•Security:
Protects systems from unauthorized access.
•Control:
Allows admins to assign permissions based
on roles.
•Auditability:
Creates logs for monitoring, auditing, and
compliance.
 Step 3: Restart the Computer

• Restart the computer to apply the domain join

settings.
• Log in using a domain user account to verify
the domain join.
 Post-Configuration Tasks

• Verify the domain join in the 'System

Properties' > 'Computer Name' tab.
• Test domain login with different user accounts
to ensure accessibility.
• Update Group Policies (if required) with
'gpupdate /force' command.
 Troubleshooting Common Issues

• DNS Configuration: Ensure DNS is set to the

domain controller IP.
• Network Connectivity: Test connection to the
domain controller using ping.
• Permissions: Verify that the domain
credentials have permission to join
computers.