Installing Active Directory Domain Services in Server Manage

Installing Active Directory Domain Services through Server Manager is the standard deployment method for Windows Server systems with a graphical user interface.

(Tip) Before you begin, assign the server a static IP address and set its preferred DNS server to its own address. This is the most common source of errors for a new domain controller.

Installing the Active Directory Domain Services role

First, open the Server Manager. Select "Add Roles and Features" from the "Manage" section or from the main page of the manager.

The "Add Roles and Features Wizard" will open. Use it to install the AD DS role. Skip the first stage "Before you begin" and click "Next" right away.

On the "Installation Type" page, leave the default "Role-based or feature-based installation" option selected and click "Next".

On the "Server Selection" page, select the server on which you want to install the AD DS role. Multiple servers can appear in this list and can be managed centrally from a single console. The role can also be installed on an offline virtual hard disk (VHD). For this example, select your local server. Then click "Next".

On the "Server Roles" page, select "Active Directory Domain Services" from the list of available roles. Then click "Next".

Next, confirm the installation of the additional features required for AD DS by clicking "Add Features".

On the "Features" page, you can add other features if you need them. If you do not need anything else, click "Next" right away.

The "Active Directory Domain Services" page is informative. Click "Next".

On the "Confirmation" page, review the selection and click "Install".

After confirmation, you will see a window with the progress of the role installation.

When the installation is complete, click the notification flag with a warning icon next to the "Manage" menu on the Server Manager main page.

(Info) Installing the role only adds the Active Directory Domain Services binaries to the server. It does not create a domain, and the server does not restart at this point. To create the domain, continue to the second stage and promote the server to a domain controller.

Promoting the server to a domain controller

Select "Promote this server to a domain controller".

The "Active Directory Domain Services Configuration Wizard" window opens.

On the "Deployment Configuration" tab, choose the deployment operation, select "Add a new forest", and enter the root domain name for your organization. The name cannot be a single word, so it must contain at least one dot, for example corp.example.com. The domain name must be unique on your network. It is strongly recommended to use a subdomain of a public domain that you already control, such as corp.example.com or ad.company.com. Once the name is specified, click "Next".

(Warning) Avoid the .local suffix and other invented top-level zones for a new domain. Microsoft has advised against this since 2012, because .local conflicts with multicast DNS (mDNS/Bonjour) used by macOS, Linux, and many network devices, which can cause name resolution problems. Use a subdomain of a domain you control instead, for example corp.example.com.

On the "Domain Controller Options" tab, leave the default options selected and enter the Directory Services Restore Mode password. After that, click "Next".

The "DNS Options" page appears next. Click "Next". You can ignore the warning shown here, as the parent DNS zone does not exist yet for a new forest.

On the "Additional Options" tab, verify the NetBIOS domain name and change it if necessary. By default it is taken from the first part of the domain name, for example CORP from corp.example.com, and in most cases you can leave it as is.

On the "Paths" tab, you can leave the default location of the Active Directory system folders. Click "Next".

On the "Review Options" page, review the settings that have been specified and will be applied. If the settings are correct, click "Next".

The last step before the installation is the "Prerequisites Check". If any errors appear at this stage, go back to the previous steps and correct them. Warnings do not always prevent the installation, but they should be reviewed before you proceed. Click "Install".

AD DS configuration will now be applied.

When the promotion is finished, the server restarts automatically to apply the changes. After the server comes back online, the domain controller is ready for use, and you can sign in using domain credentials. From here you can start creating users, computers, and group policies.