- Windows Server 2016 – Active Directory Setup – Part 1
- Windows Server 2016 – Active Directory Setup – Part 2
- Windows Server 2016 – Active Directory Setup – Part 3
With this series I hope to put my own spin on the well documented process to build an Active Directory Domain Controller from scratch. I’ll of course be using Microsoft Windows Server 2016 for this. I’m going to include tons of screenshots to document the process step-by-step. The new AD domain is going to be VILAB.local which is clearly for my lab. It will be the cornerstone of my lab in terms of authentication, authorization and centralized LDAP domain management. I’ve broken this series into 3 parts as below:
- Part 1 – AD Domain Controller Requirements & Basic Server Configuration
- Part 2 – Adding AD Domain Services Roles & Adding a new Forest
- Part 3 – AD Configuration & Validation
Active Directory Domain Controller Hardware Requirements
Right from the start we have a minor issue here. Microsoft doesn’t list any physical or virtual hardware requirements for an Active Directory Domain Controller. Go ahead and Google it, I’ll wait. You’ll be presented with a ton of non-Microsoft websites giving you the minimum OS hardware requirements for either Windows Server 2008 R2, 2012 R2 or 2016. That’s not very helpful of course. I was personally curious and even dug through TechNet’s Windows Server 2016 Documentation Library for Active Directory Domain Services. This time there is a ton of information regarding AD topologies and design methodologies but again no hardware specifications.
The short answer here is there aren’t any hard and fast requirements for an Active Directory Domain Controller beyond the minimums for installing Windows Server itself. Those requirements are as follows:
- 1.4Ghz 64-bit processor or faster
- 512MB of RAM or greater
- 32GB of disk space or greater
- Ethernet network adapter
So could we build a new Domain Controller and just use these minimums? Sure absolutely, but it really depends on what you’re running on the Domain Controller and how large of an organization it’s supporting. If we’re building a physical Domain Controller then just about any current server should meet the specs above easily. If we’re building a virtual server I have a recommended minimum I use for Domain Controllers:
- 2-Core CPU
- 8GB RAM
- 60GB Thin Provisioned Disk
- VMXNET3 Network Adapter
There are many scenarios where you could certainly need more cores, memory or disk space but for most situations the above should be a pretty good start.
Windows Server 2016 Basic Configuration & Settings
I’ll skip the 4 or 5 click it takes to install Windows Server 2016 as a virtual machine and we’ll jump right into configuring the basic Windows Settings needed before we actually install the roles for Active Directory. I’ve already installed the VMware Tools as well.
First we need to open the Start Menu and then click to open Server Manager.
From Server Manager we click Configure this local server.
On the Local Server Properties page we have links to most of the things we need to change first thing. After each item is configured we’ll be jumping back to this page to move onto the next configuration item.
By clicking on the Computer name or Workgroup we get the System Properties dialog.
Clicking the Change button we get the Computer Name/Domain Changes dialog. Here we change the Computer name to what we want the Domain Controller to be named and click OK. In this case it’s VILAB-DC01. We leave the Workgroup as is since we’ll be creating a new domain/forest in this scenario.
After clicking OK we get another dialog indicating we will need to restart for the changes to be applied.
We then get a second dialog asking if we want to Restart Now or Restart Later. You can restart now or wait until we’ve completed all the changes to reboot.
On the Local System Properties in Server Manager we click Remote Desktop.
This takes us to the Remote tab on System Properties and we click the radio button for Allow remote connections to this computer to enable Remote Desktop.
On the Local System Properties in Server Manager we click on the Ethernet Adapter which brings us to the Network Connections window.
Right-click the Ethernet adapter and click Properties.
From there we click on the IPv4 Properties where we set the IP address, Subnet Mask and Default Gateway. We also set the Preferred and Alternate DNS, but since this is our first Active Directory Domain Controller and it’s our first DNS server we need to set the Preferred DNS to the servers own IP and the Alternate DNS to an external DNS source to get started.
On the Local System Properties in Server Manager we click on the Time Zone which brings us to the Date and Time dialog.
We set the local date, time and time zone as necessary here and click OK.
On the Local System Properties in Server Manager we click on the IE Enhanced Security Configuration
We need to set the Administrators option to Off. This allows Internet Explorer to open webpages without a bunch of crazy prompts for Administrator users.
On the Local System Properties in Server Manager we click on the Feedback & Diagnostics Settings.
Here you should set the Feedback Frequency option to Never and the Diagnostic and usage data to Basic. Windows 10 and Windows Server 2016 send way too much data to Microsoft by default, some of which you can’t even disable. That’s a whole other article though. For now, these two settings are a good start.
On the Local System Properties in Server Manager we click on the Windows Defender option.
Anti-Virus, Anti-Malware and Anti-Intrusion software is definitely recommended and I’ll leave you to determine what’s the best solution for you. I tend to recommend Bitdefender in most cases. For now I recommend to turn off Real-time protection and Cloud-based Protection although it’s not a requirement in this situation.
And finally back on the Local System Properties in Server Manager we click on the Windows Update option.
Clicking the Check for updates button will find all necessary updates. Install any listed updates and reboot the server as necessary. You’ll notice there’s a nice blurb telling you that the Windows 10 Creators Update will be available. This is pretty strange considering we’re on Windows Server 2016 and not Windows 10 and of course there is not a Creators Update for Windows Server 2016. If you click Yes, show me how it won’t do anything at all. What has happened is Microsoft’s two flagship Operating Systems share a significant amount of their codebase and clearly this just slipped through apparently. If it annoys you that much however, you can disable the Windows 10 Creators Update notification easily with a registry edit.
At this point we should have all the prerequisite components configured for Windows Server 2016. Please check out the next article in this series to start installing the Roles needed to build our Active Directory Forest/Domain.