Windows Server 2016 – Active Directory Setup – Part 1

This entry is part 1 of 3 in the series Windows Server 2016 - Active Directory Setup

 

Active Directory Setup

With this series I hope to put my own spin on the well documented process to build an Active Directory Domain Controller from scratch.  I’ll of course be using Microsoft Windows Server 2016 for this.  I’m going to include tons of screenshots to document the process step-by-step.  The new AD domain is going to be VILAB.local which is clearly for my lab.  It will be the cornerstone of my lab in terms of authentication, authorization and centralized LDAP domain management.  I’ve broken this series into 3 parts as below:

Active Directory Domain Controller Hardware Requirements

Right from the start we have a minor issue here.  Microsoft doesn’t list any physical or virtual hardware requirements for an Active Directory Domain Controller.  Go ahead and Google it, I’ll wait.  You’ll be presented with a ton of non-Microsoft websites giving you the minimum OS hardware requirements for either Windows Server 2008 R2, 2012 R2 or 2016.   That’s not very helpful of course.  I was personally curious and even dug through TechNet’s Windows Server 2016 Documentation Library for Active Directory Domain Services.  This time there is a ton of information regarding AD topologies and design methodologies but again no hardware specifications.

The short answer here is there aren’t any hard and fast requirements for an Active Directory Domain Controller beyond the minimums for installing Windows Server itself.  Those requirements are as follows:

  • 1.4Ghz 64-bit processor or faster
  • 512MB of RAM or greater
  • 32GB of disk space or greater
  • Ethernet network adapter

So could we build a new Domain Controller and just use these minimums?  Sure absolutely, but it really depends on what you’re running on the Domain Controller and how large of an organization it’s supporting.  If we’re building a physical Domain Controller then just about any current server should meet the specs above easily.  If we’re building a virtual server I have a recommended minimum I use for Domain Controllers:

  • 2-Core CPU
  • 8GB RAM
  • 60GB Thin Provisioned Disk
  • VMXNET3 Network Adapter

There are many scenarios where you could certainly need more cores, memory or disk space but for most situations the above should be a pretty good start.

 Windows Server 2016 Basic Configuration & Settings

I’ll skip the 4 or 5 click it takes to install Windows Server 2016 as a virtual machine and we’ll jump right into configuring the basic Windows Settings needed before we actually install the roles for Active Directory.  I’ve already installed the VMware Tools as well.

First we need to open the Start Menu and then click to open Server Manager.

Active Directory Setup

From Server Manager we click Configure this local server.

Active Directory Setup

On the Local Server Properties page we have links to most of the things we need to change first thing.  After each item is configured we’ll be jumping back to this page to move onto the next configuration item.

Active Directory Setup

By clicking on the Computer name or Workgroup we get the System Properties dialog.

Active Directory Setup

Clicking the Change button we get the Computer Name/Domain Changes dialog.  Here we change the Computer name to what we want the Domain Controller to be named and click OK.  In this case it’s VILAB-DC01.  We leave the Workgroup as is since we’ll be creating a new domain/forest in this scenario.

Active Directory Setup

After clicking OK we get another dialog indicating we will need to restart for the changes to be applied.

Active Directory Setup

We then get a second dialog asking if we want to Restart Now or Restart Later.  You can restart now or wait until we’ve completed all the changes to reboot.

Active Directory Setup

On the Local System Properties in Server Manager we click Remote Desktop.

Active Directory Setup

This takes us to the Remote tab on System Properties and we click the radio button for Allow remote connections to this computer to enable Remote Desktop.

Active Directory Setup

On the Local System Properties in Server Manager we click on the Ethernet Adapter which brings us to the Network Connections window.

Active Directory Setup

Right-click the Ethernet adapter and click Properties.

Active Directory Setup

From there we click on the IPv4 Properties where we set the IP address, Subnet Mask and Default Gateway.  We also set the Preferred and Alternate DNS, but since this is our first Active Directory Domain Controller and it’s our first DNS server we need to set the Preferred DNS to the servers own IP and the Alternate DNS to an external DNS source to get started.

Active Directory Setup

On the Local System Properties in Server Manager we click on the Time Zone which brings us to the Date and Time dialog.

Active Directory Setup

We set the local date, time and time zone as necessary here and click OK.

Active Directory Setup

On the Local System Properties in Server Manager we click on the IE Enhanced Security Configuration

Active Directory Setup

We need to set the Administrators option to Off.  This allows Internet Explorer to open webpages without a bunch of crazy prompts for Administrator users.

Active Directory Setup

On the Local System Properties in Server Manager we click on the Feedback & Diagnostics Settings.

Active Directory Setup

Here you should set the Feedback Frequency option to Never and the Diagnostic and usage data to Basic.  Windows 10 and Windows Server 2016 send way too much data to Microsoft by default, some of which you can’t even disable.  That’s a whole other article though.  For now, these two settings are a good start.

Active Directory Setup

On the Local System Properties in Server Manager we click on the Windows Defender option.

Active Directory Setup

Anti-Virus, Anti-Malware and Anti-Intrusion software is definitely recommended and I’ll leave you to determine what’s the best solution for you.  I tend to recommend Bitdefender in most cases.  For now I recommend to turn off Real-time protection and Cloud-based Protection although it’s not a requirement in this situation.

Active Directory Setup

And finally back on the Local System Properties in Server Manager we click on the Windows Update option.

Active Directory Setup

Clicking the Check for updates button will find all necessary updates.  Install any listed updates and reboot the server as necessary.  You’ll notice there’s a nice blurb telling you that the Windows 10 Creators Update will be available.  This is pretty strange considering we’re on Windows Server 2016 and not Windows 10 and of course there is not a Creators Update for Windows Server 2016.  If you click Yes, show me how it won’t do anything at all.  What has happened is Microsoft’s two flagship Operating Systems share a significant amount of their codebase and clearly this just slipped through apparently.  If it annoys you that much however, you can disable the Windows 10 Creators Update notification easily with a registry edit.

Active Directory Setup

At this point we should have all the prerequisite components configured for Windows Server 2016.  Please check out the next article in this series to start installing the Roles needed to build our Active Directory Forest/Domain.

Series NavigationWindows Server 2016 – Active Directory Setup – Part 2 >>

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.