Once our server has rebooted with the roles and features added, we need to then configure them.
Firstly open Server Manger, select the Warning sign, and then “Promote this Server to a domain controller”
We will be running through creating our Domain and Domain controller.
Select “Add a new Forest”
Then give our Domain a root name.
Type in a DSRM Password. Directory Service Restore Mode is a safe boot mode for Domain Controllers. This allows an administrator to repair or recover to repair an Active Directory DB.
Skip over the DNS option.
NetBIOS name for our domain, I shortened Windows.Local to just WIN.
The config will run through a list of pre reqs.
Select next, then the configuration will run through the installation, once it has installed the server will reboot.
Now we have a Domain Controller and a Domain.
Make sure you log into the server as your domain admin, the account you created the domain with, will be elevated to domain administrators. So, log in with our Domain suffix
Your local admin password.
Next Let’s set up our DHCP.
Select Server Manager and then Complete DHCP configuration
Make sure the administrator is in the DHCP Admin and DHCP Users groups. You can do this from Active Directory for Users and Computers.
The configuration will then run through authorising the DC and finish setting up the role.
Now we need to create a new scope.
Go back to the Server Manager and select DHCP
Expand our authorised server:
Right Click > new scope. Give it a Name
If you wanted to go down the road of segmenting your Network into different Scopes go ahead, I’m just going to create a standard one for now.
Add in your IP address range
Select Next, then we need to add in any Exclusions we have.
The DC will automatically be within this Exclusion scope, but we are going to add our Default gateway and XenServer Hosts also. If there is anything else on your network like shared file storage devices, wifi extenders, sky boxes, etc. Add them in here, I’m going to leave this like that, the devices on my network don’t require static IPs. So, everything else I want DHCP to assign the IP address to.
Next on lease time
We want to configure the Scope potions now:
Ensure your default gateway is correct
DNS Server is correct
Skip WINS Server, as it is not required.
Yes, lets activate the scope now.
DHCP should now be registered and handing out IP address on your network. Further configuration may be required here as your router usually is set to hand out IP addresses, this feature can usually be disabled.
The only thing we need to do right now is to make sure the DNS Reverse lookup zone is created. So open DNS, Expand the DC. Right click Reverse Lookup Zone, select New Zone
Select the Zone type as Primary
Select All DNS Servers running on Domain controllers in this Domain
Select IPv4 Reverse Look up Zone
Put in your network ID, as it says this is the portion of the IP Address that belongs to this zone. As we have one primary of 192.168.0.xxx then that is what we put, obviously if you were using 10.1.0.xxx then 10.1.0 wold go there.
We won’t be using this feature but select Allow Only Secure dynamic updates.
Let is configure and complete.
Now we should have our DC within the reverse lookup Zone.
Next we want to update the Default Domain Policy and disable the Windows Firewall:
Open the Group Policy Management Console, Select the Default Domain Policy:
Right click and select Edit. Browse to Computer Management, Policies, Windows Settings, Security settings, Windows Firewall and Advanced Security.
Right Click and Edit the setting. Then turn the firewall state for each profile off:
We should now have set up our Domain, with a Domain Controller. Configured DHCP and DNS ready to progress the implementation of our environment.