Installing and Configuring Active Directory Domain Services 2022
Table of Contents
- Introduction
- System Requirements
- Pre-Installation Configuration
- Installing AD DS Role
- Promoting the Server to Domain Controller
- Post-Installation Configuration
- Testing and Verification
- Best Practices
- Conclusion
1. Introduction
Active Directory Domain Services (AD DS) is the foundation for identity and access management in Windows-based networks. It enables centralized authentication, user and computer management, Group Policy enforcement, and more.
2. System Requirements
Hardware
- Processor: 1.4 GHz 64-bit (x64) processor
- RAM: 2 GB minimum (4 GB+ recommended)
- Disk: 32 GB (more if installing GUI)
- NIC: Static IP preferred
Software
- OS: Windows Server 2022 Standard or Datacenter (Core or Desktop Experience)
- Updates: Latest cumulative updates installed
- Time Sync: NTP configured (important for Kerberos)
3. Pre-Installation Configuration
Step 1: Set a Static IP
New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 192.168.1.10 -PrefixLength 24 -DefaultGateway 192.168.1.1
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses ("192.168.1.10")Step 2: Rename the Server
Rename-Computer -NewName "DC01" -RestartStep 3: Set Time Zone (Optional but recommended)
Set-TimeZone -Name "Arab Standard Time"4. Installing AD DS Role
Option 1: Server Manager
- Open Server Manager → “Manage” → “Add Roles and Features”.
- Select “Role-based or feature-based installation”.
- Choose the local server.
- Under “Server Roles”, check “Active Directory Domain Services”.
- Click Next → Install.
Option 2: PowerShell
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools5. Promoting the Server to a Domain Controller
Scenario: New Forest (e.g., corp.local)
Option 1: Server Manager Wizard
- Click “Promote this server to a domain controller”.
- Select “Add a new forest” → Type
corp.local. - Set DSRM password (Directory Services Restore Mode).
- Leave defaults for DNS and NetBIOS name.
- Paths: Leave default or customize (for DB, log, SYSVOL).
- Review → Validate → Install → Auto-reboot.
Option 2: PowerShell
Install-ADDSForest -DomainName "corp.local" -DomainNetbiosName "CORP" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "StrongP@ssw0rd!" `
-AsPlainText -Force) -InstallDns -Force6. Post-Installation Configuration
Step 1: Verify DNS Installation
Check DNS Zones:
- Forward Lookup Zones →
corp.local - _msdcs.corp.local present
Step 2: Create Organizational Units (OUs)
New-ADOrganizationalUnit -Name "Users" -Path "DC=corp,DC=local"
New-ADOrganizationalUnit -Name "Computers" -Path "DC=corp,DC=local"
Step 3: Create Test User
New-ADUser -Name "Test User" -SamAccountName test.user -AccountPassword (ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force) -Enabled $true -Path "OU=Users,DC=corp,DC=local"
Step 4: Enable Remote Desktop (optional for remote access)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
7. Testing and Verification
– Check Domain Membership
nltest /dsgetdc:corp.local
– Replication Status
repadmin /replsummary
– DNS Tests
nslookup corp.local- Check SRV records in DNS
– Log in from Client Machine
- Join a Windows client to the domain
- Try logging in with
corp\test.user
8. Best Practices
- Use a dedicated GMSA account for services.
- Keep DNS and AD DS roles on same server unless scaling.
- Enable recycle bin for AD recovery:
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target 'corp.local'
- Set up Group Policy Baseline using
gpmc.msc - Plan for backup using Windows Server Backup or third-party tool.
9. Conclusion
You’ve now successfully installed and configured Active Directory Domain Services on Windows Server 2022. This domain controller is the core of your organization’s IT infrastructure, handling identity, access control, and policy enforcement.
