In this step-by-step Screencast we demonstrate how to install Active Directory Domain Services and promote a Windows 2012 domain controller in a new forest/domain. The whole process goes through two phases:
– Adding the Active Directory Domain Services (AD DS) role
– Configuring (promoting) the server as a domain controller
As you will see, adding the AD DS role simply installs the required binaries. You don’t have to proceed right away with configuring the machine as a domain controller. This is especially useful if you need to update packages or if you are pre-staging a Domain Controller for a remote office. To keep things simple, we will cover this scenario in a separate screencast.
The second phase is promoting the server with the installed AD DS role as a Windows 2012 Domain Controller. It is important to know that DCPROMO.exe is deprecated and doesn’t come with a GUI anymore. While you can still use it for unattended installations, Microsoft discourages its use. The recommended approach is to use:
– The Graphical User Interface (GUI) – Server Manager
– Powershell – the ADDSDeployment module
In this Screencast we demonstrate the AD DS installation and DC promotion using the GUI – Server Manager. Some of its important new features that we outline are:
– Server manager allows you to install roles (including AD DS) on the local and on remote Windows 2012 Servers.
– Server Manager launches a separate non-child process on the local machine where the role is installed. Closing the results window does not terminate the task and you can open again the results page if/when needed.
– The graphical interface – server manager, provides the option to export the configuration which you are using, when installing roles or features to an XML file. You can use this file later as a template, when installing roles and features in PowerShell.
– In a similar way, Server Manager generates automatically a PowerShell script, when promoting a Server as a Windows 2012 Domain Controller. You can save this script as a template when promoting a Domain Controller in PowerShell.
Validating the promotion is an important part of the Windows 2012 Domain Controller installation and we cover this process in the last step of the Screencast. In addition, we demonstrate how to run the new AD DS Best Practice Analyzer and troubleshoot some of the most common detected errors and warnings:
– [Error] The primary domain controller (PDC) emulator operations master in this forest is not configured to correctly synchronize time from a valid time source. Fig 1
Fig 1 [Error] The primary domain controller (PDC) emulator operations master in this forest is not configured to correctly synchronize time from a valid time source.
– [Warning] All OUs in this domain should be protected from accidental deletion. Fig 2
Fig 2 [Warning] All OUs in this domain should be protected from accidental deletion.
For your convenience, we have published the text file with the commands which we are using in the Screencast here .