Active Directory Windows Server

AD DS installation and configuration - BTS SIO SISR

← Previous Home Next →

Objective

Deploy an Active Directory domain controller on Windows Server 2019/2022 to centralise authentication, Group Policy Objects (GPOs) and network resource management.

Prerequisites

Full Procedure

Step 1: Static IP configuration

  1. Control Panel → Network and Internet → Network and Sharing Center
  2. Change adapter settings
  3. Right-click on the network adapter → Properties
  4. Internet Protocol Version 4 (TCP/IPv4) → Properties
  5. Configuration:
    • IP address: 192.168.1.10
    • Subnet mask: 255.255.255.0
    • Gateway: 192.168.1.1
    • Preferred DNS: 127.0.0.1 (itself after DC promotion)
    • Alternate DNS: 8.8.8.8

Step 2: Rename the server

  1. Right-click This PC → Properties
  2. Change settings → Change
  3. Computer name: SRV-DC01
  4. Restart

Step 3: Install the AD DS role

Via Server Manager (GUI)

  1. Server Manager → Manage → Add Roles and Features
  2. Installation type: Role-based or feature-based installation
  3. Select the local server
  4. Roles: check Active Directory Domain Services
  5. Add required features
  6. Next → Next → Install

Via PowerShell (alternative)

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Step 4: Promote to domain controller

  1. After AD DS installation, click the yellow flag in Server Manager
  2. Click "Promote this server to a domain controller"

Deployment configuration

Domain controller options

DSRM (Directory Services Restore Mode): Restore mode in case of AD problems. This password is critical!

DNS options

Additional options

Paths

Prerequisites check

The server restarts automatically after installation.

Step 5: Post-installation verification

Domain login

Log in with: GRP3\Administrator

AD administration tools

DNS test

nslookup grp3.local

Should return the DC's IP address

User and OU Management

Creating Organisational Units (OUs)

  1. Open Active Directory Users and Computers
  2. Right-click on grp3.local → New → Organizational Unit
  3. Create the following OUs:
    • Users
    • Computers
    • Groups
    • ServiceAccounts

Creating users

  1. Right-click on OU=Users → New → User
  2. Fill in the form:
    • First name: Jean
    • Last name: Dupont
    • Login name: jdupont
  3. Set a password
  4. Options:
    • User must change password at next logon
    • Password never expires (not recommended)

Creating groups

  1. Right-click on OU=Groups → New → Group
  2. Group name: GRP_Utilisateurs_Nextcloud
  3. Scope: Global
  4. Type: Security

Add members to the group:

  1. Double-click on the group
  2. Members tab
  3. Add → Enter "jdupont" → OK

Group Policy Objects (GPOs)

Creating a simple GPO

  1. Open Group Policy Management
  2. Expand Forest → Domains → grp3.local
  3. Right-click on Group Policy Objects → New
  4. Name: GPO_Securite_Postes

Configuring the GPO

  1. Right-click on the GPO → Edit
  2. Example settings:
    • Computer Configuration → Policies → Windows Settings → Security Settings → Account Policies → Password Policy
      • Minimum length: 12 characters
      • Maximum password age: 90 days
      • Complexity: Enabled

Linking the GPO

  1. Right-click on OU=Computers → Link an Existing GPO
  2. Select GPO_Securite_Postes

Immediate GPO application

On a client workstation:

gpupdate /force

Joining a workstation to the domain

From a Windows 10/11 workstation

  1. Configure the workstation DNS: 192.168.1.10 (DC IP)
  2. Right-click This PC → Properties
  3. Advanced system settings → Computer Name → Change
  4. Member of: Domain
  5. Enter: grp3.local
  6. Enter domain administrator credentials
  7. Restart

Domain login

On the login screen, select Other user and log in with:

Key Points for the BTS Oral