How to Setup a Domain Controller on Windows Server 2022

1. About this Class + Project Tasks: Hi, welcome to Skillshare. My name is Emilia. I'm a tech professional and try and an educator. I love technology and hopefully you do too. And over the next number of lessons in this class, we're gonna be talking about Active Directory and domain controllers. Specifically how to actually build your own domain controller. We're gonna be covering a lot of material over the next three specific lessons Around what is the domain, what is the purpose of a domain? What is Active Directory? What are the differences between the two of these? We'll also cover how to actually download and set up your own Windows Server. Because of course you need Windows Server definitely be installed on a physical server, on a virtual server. That you can actually then promote that server into a domain controller and run Active Directory. Of course. And then last section we're going to cover exactly that. How to set up your own domain controller and how to set up a day and get it up and running. We're not going to cover how to use Active Directory and all the other bits and pieces. We do have a completely separate class for that. You can check that out on my Skillshare page. But what I recommend for you to do is of course, as always, follow along, but you need to go and do this yourself. So as part of this, you need to correct yourself a project. I'm gonna give you some tasks. And these tasks will be going and defining what is the domain and what is Active Directory. You need to understand what a domain and Active Directories understand the differences between H and why they are important in a business. You then need to go and download your own copy of Windows Server. And we're doing this Windows Server 2022. If you're running an early version of Windows Server, that will be fine. We're going to show you how to actually go and get it from the Microsoft website. So you go and do that yourself, download yourself the ISO of Windows Server. You then need to get that ISO audits some sort of bootable media if you're going to install it on a physical server or onto a VMware or Hyper-V or virtualization environments, we can actually build it as a VM and install Windows Server as a VM. Once Windows Server is installed, we're then going to go and get a domain controller setup. So you need to go and do this yourself, go and promote that Windows server to a domain controller installed the roles install the features, definitely get that DC up and run. You're going to need to give a domain name, DNS settings, all of that. And then once that's done, after a few reboots, you're going to open up Active Directory and then your journey begins from there, it actually learning and working in Active Directory. Best thing to do is to have your own computer, your own set of computers, your own lab environment, whether you're doing this at home or in a business. Follow along, let us know in the project section how you're doing and how if you're doing this in a lab environment, in a test environment, why don't you take a photo of it, share it with the class, share it on the project section. And as always, feel free to reach out to me if you have any questions, if you get stuck and if you need any further assistance. That's a little bit about the introduction of what we're gonna be covering in this class. Let's now start talking about domains and Active Directory. 2. What is a Domains and Active Directory: So we're going to put you, Cynthia, are I give you an overview around what a domain is and what is Active Directory. Now, AD specifically is a Microsoft technology. So Microsoft have developed this or anything use across a lot of different organizations. Ad is sort of the, I guess, the foundation that a lot of companies will use when it comes to administering a lot of the networks and all of the security around networks. Now there are others out there that are sort of competing against Active Directory specifically, but AD really is the clear winner, the clear market leader. Knowing Active Directory is almost like foundational if you want to work in IT, if you want to improve in your skills in IT. So AD is essentially a centralized hierarchy, repository of user objects, of all sorts of objects or end-users computers, security groups that essentially used for your network to be able to authenticate against a domain. So it's almost like a gatekeeper to be able to allow a user, e.g. that logs into a computer, it authenticates against the domain and Active Directory and then grants that use the access permissions to specific thing on the network. So all of these objects, user objects, computer objects, server objects, all of this stuff that is inactive directory is actually stored within a domain that sits within Active Directory. So the domain is the central container, the central database where objects authenticate against and all of that process essentially is managed within Active Directory to actually go and configure a domain and a Active Directory environment, it needs to be set up within a domain controller. So you may have heard the term domain controller. So you'll have yourself a Windows Server, e.g. Windows Server 2019. You then convert that Windows Server into a domain controller. And by converting it to a domain controller, you then install a whole bunch of AD tools, Active Directory tools, which then make your domain controller essentially an AD server and Active Directory server with a relevant domain. When you're configuring your domain controller, you allocate a domain to it so you give it a specific name. So domain is essentially just a database. You're going to give it a name. So e.g. my home.com, that becomes your domain. Think about e.g. on the web. Now, you've got an Internet browser and you go to google.com. Or google.com is a domain that is obviously publicly available out on the Internet. Your domain is almost like a private network, domain name that you give within your organization. It can be public as well, but generally your domain within an Active Directory environment is for you internally and all of your objects on your network or your relevant objects on your network, all talk and communicate with your domain and managed all within Active Directory when you are configuring a domain controller, you've also got what's called a forest. So you've got a forest and the domain, we're not gonna go into too much detail here. But essentially I forest is the top level and then the domain is what sits within the forest. So you can have multiple domains within a central force. Now why would you want to do this now if you're in a smaller organization, perhaps a forest with a specific name. So you can still call it my company.com as the firstName. And then the domain inside of it could be my company.com. And that's really just the domain sitting within a forest if you're in a larger organization. So let's say you've got hundreds of thousands and thousands of staff. You may want to have different domains or multiple domains all sitting within a centralized first. So your force is almost like your top level. And then you might have, let's say you've got a forest called my company.com. And within that company, there were actually three sub companies. So let's say in the real-world, you've got a company called google.com. And within Google, there's actually a lot of sub Google companies. There's not just google.com is just the parent company, Well, as a parent company above them. But there's also little sub companies, right? So this is something you have to think about when you're configuring your network because he could have my company i.com, my company b.com, I Company c.com, different staff, different levels of permissions, different computers, and they can't really talk to each other. We really don't want them to talk to each other, but they all sit within the parent company, which is your first. So that's sort of a little bit around the overviews. You can set up what's called domain trust between the domains. You can share resources between all of these sort of stuff. We're getting very, very advanced and you'll probably already lost with what we're talking about forest top-level domain underneath that. And you can have multiple domains within a single forest. Now, what helps me is always to look at a visual diagram of what this looks like. So you can see right here what we're talking about. We should really show you a bit of an overview around the domain controller. And then you've got your Active Directory, your domain, as well as your forest and all of your Active Directory domains sitting within it. So that's really how it works. On a nutshell. It's very, very great and it's foundational. 3. Setup a Windows Server: The great thing about Windows Server is that you can install it in various places. If you're doing this in a real life environment, in a production environment, in a company, e.g. if you're doing this in your home lab, if you're just watching this to learn about it. So then you can put that into practice in a rural business will of course, Where are you going to install Windows Server? You're gonna be installing it either on some form of a physical computer, visible computer or physical Rack Server, a blade server, some sort of physical hardware somewhere, could be in a server and could be in a comms room, could be in a data center somewhere. You could also be installing it within a virtualization environment to some sort of a virtual hypervisor could be running something like VMware. It could be running something like Citrix or Hyper-V by Microsoft, whatever those options, you could also set up as a virtual machine in a virtualization environment. And then you could also be sitting this on the Cloud. So if you're running something like AWS or Microsoft Azure, one of those two, you're going to also be installing it on the Cloud or even Google as well. To regardless of where you're gonna be sticking Windows Server 2022, just be aware that the steps may vary a little bit depending on what you're gonna be doing. This video is going to now focus on how to actually get and download Windows Server 2022, and then how to actually install it and get it running in your environment. Now, for this demo, for the demo that you are looking at here, what I'm gonna be doing is I'm doing this in a virtualization environment. I'm running VMware, so I'm running a VMware ESX Hosts, it's essentially a hypervisor. It's a physical computer that's got ES6 I installed, that is the operating system and then I'm building a VM within it. So what I'm gonna be doing is I'm going to be downloading Windows Server off the Microsoft website completely for free. So you can use a completely for free, for 180 days, for a free trial. But then of course, you're gonna have to go and buy Windows Server if you're going to want to continue to use it. If you're doing this in your home lab for your own testing, then you could build it and then he could go and build another one. And then every time you rebuild a brand new instance, you're gonna get a whole 180 days extra for every instance of Windows Server that you're going to actually go and configure, so just be aware of that. So what we're gonna be doing is we are gonna be downloading the ISO file of Windows Server 2022 off the Microsoft website. And then what you do with that ISO file is completely up to you whether you're going to go and boot that onto a USB stick with it and putting it on a DVD drive and then sticking it into a physical computer and then booting off that. You can boot that physical, physical device, physical computer off the bios. You can say it's Boudin from your USP, which has that ISO in there. And then you can actually install the installation that way. Or in my case, I'm gonna be doing this in VMware where I create a new virtual machine and then point to that VM and actually start the installation that way. So just be aware that I'm doing this in a virtualization environment, but yours may be slightly different, but the main focus of this video is how to get that ISO itself. And then how to actually start the installation and go through the configuration of that virtual machine. So on here on my computer, I've just gone in and said download Windows Server 2022. And you'll see that right at the very top. You've got a winner. So 2.22 on Microsoft Evaluation Center. So I'm going to select right there to say Windows Server 2022 evaluation for 180 days. Now of course, the great thing is you can go and get yourself previous versions of Windows Server. If you do want to try Windows 2019, Windows 2016, even down to Windows 12, Windows 2012, then you can go and download those. You've also got other versions of Hyper-V if you wanted to go and try all of this. This is the great thing about Microsoft, is that they let you fully try a lot of this service software without you having to buy it. You can try before you buy for at least the 180 days. In some instances, you'll see that it says unlimited, which is actually quite cool, but others are 180 days. So there's a few options. You can try Windows Server on Azure. You can create a Windows Server VM in Azure. In Azure, you can download the ISO, you can download the VHD. Now, in our case, we're gonna be looking at downloading the ISO. But if you are running a VMware, sorry, if you are running a Microsoft Azure instance somewhere on your cloud, then you can actually go and try it directly on there. And you are going to have to connect this to Azure environment in some instances. So we're not gonna be covering that in this video, but just be aware that that is a possibility for you. But of course, the whole point of this is we're going to download the ISO itself. So here it is. Download the ISO for Windows Server 2022. And you click on Download. It's not going to ask you some information about the company. Now, it doesn't have to be necessarily the real information if you are going to be using this in a trial in your own home environment. But if you aren't gonna be doing this in a business, then it's best to put it in the right details so that Microsoft at least know that you are downloading a copy of it. And then if you need any support, they've got some of those details already there. So putting your relevant details into here. Then we click on Continue. Once that's been done, you select your relevant language, what language of Windows Server you want to be downloading. I'm going to be getting my English version, select Download, and then that will start to download. You'll see that it's downloading. And right here, Server evil 64 is a 64-bit edition of Windows Server. It's five gig big, so we'll take a little bit of time depending on your internet connection. Once it's downloaded, you'll have that ISO. And then we can continue the next steps. And as I said, we're gonna be doing this in VMware, but the installation of Windows Server is the important part as part of this video, of course, what I wanna do is I want to create a brand new virtual machine. Now in my case, I've got my ISO file that I've just downloaded, and then I need to add this to what's called a datastore, which is the hard-drive space that is detected on my VM or environments, then I can point to it in my VMware environments. Let's just do that very, very quickly. We're going to upload our ISO into our Datastore. We're going to right-click and say Browse. I've already got a folder called ISOS and I'm going to upload my ISO into there with the ISO now uploaded, we're gonna go back to virtual machines and I'm going to create a brand new VM. I'm going to create a new virtual machine and then give it a relevant name. I'm going to call it home demo or three. You see that I've already got another couple. Home demo, O1 and O2 compatibility. The OS version, Windows. Now of course we don't have windows Server 2022 available on this version of ESX psi. So just pick the latest one. It's more just for configuration more than anything else. If you are interested in learning a little bit more about VMware in general, if this is something that's completely new to you, I do have a full length training course available specifically on VMware, so you may want to check that out if you're wanting to learn a little bit more about VMware, specifically how to use ES6 psi, how to get it set up for free, then how to get ESX psi working within a cluster using vCenter and all of the other conflicts. You can check that out if you are interested. I'm going to select the data store where we want that VM to sit. Within. Of course, config up our VM and how much resources do we want to give it? So we're going to say, we'll leave it as oldest and one CPU. We're gonna give it full gig of RAM. And now I'm going to actually go and select right down here my ISO. And I go and pointed at ISO that I just literally downloaded. In my case, I've got a separate ice or heat of Windows Server 2022. Here it is. Select that one. Happy with that next summary of what's going to happen and we can select Finish. So that has now created the shell here it is over here. Home demo or three. And now we're going to right-click on it and say power on. We'll now do is we're now going to go and console into it so I can see what's going on. I'm going to open it in a new tab. If you're saying something like this and you are going to be presented with a Windows Server Setup screen. He got, he got the logo. This is great. It means that we're in a good position. It means that the VMware environment or whatever environment you're using has detected that ISO and is mounted that I saw on that computer. And now we can install the actual installation of Windows Server itself. So the installation is gonna be pretty straightforward. If you're ever familiar with installing Windows 781011, the steps aren't gonna be too different in this case, where it gets a little bit more complicated from a server perspective. Once you're actually in the Windows Server and understanding some of the differences with a Windows Server compared to a Windows clients. So we're just gonna go and set up all of our standard stuff in here, our language, our time currency, so we can click on, continue on next if you're happy with that, install, now, know what version you're gonna be running now there's a couple of different options or four options in total. One is a standard evaluation, the other one is a data center evaluation. And then you've got a couple which it says desktop experience. And what these are, these are, if you read it right, standard edition. This is the recommended. This option emits most of the Windows graphical environment managing with the command prompt or PowerShell. So this is where you have to be a little bit more up-to-date with the command line, with the PowerShell and with the Admin Center, it's going to minimize any of the fancy graphical user interface that is available in commonly with Windows Server or any sort of Windows operating system. You've got data center, which of course is a little bit more advanced, has a lot more options available. But the version that we are going to be demoing here is the desktop experience where it's going to install some additional features. So you can actually use it with a standard keyboard and mouse. And there's a graphical user interface as opposed to just command line. But either way, if you are somebody who's gonna be administering Windows Server in some extent, it is good to understand the command line. I understand PowerShell because it will make your life easy as an administrator if you can trigger certain actions over the command line. So we're going to select Data Center evaluation desktop experience, and select Next. If you're happy with those terms and conditions, you can read those. I'm not going to select custom install Microsoft Server Operating System. Here is my disk, so I've allocated a 40 gig disk. And of course, if you're in your VMware environment, if you're Citrix, whatever, you can actually change, you can make this bigger before you even get commenced. You can make it smaller. It's really up to you if you're running on a physical computer, if you're running on the cloud somewhere, that is the disk size that's gonna be there. But at the moment, you will see that it is unallocated. Nothing has really happened. There hasn't been a partition set up, it hasn't been formatted. So we're just going to select that disk, right in that state, in that state and select Next, that will then create the partition and will then format it. And then the installation will commence. Alright, that is, they are done. Now, it's starting to do all of the preliminary setup steps to start installing our Windows Server operating system. And then once this is done, your actual server, your VM, whatever it may be, we'll reboot a few times and then we're going to be presented with a login screen when we start the configuration of our Windows Server were then presented with a space. We need to add your password. Now this is an administrator. So by default this is the username is administrator, and this is gonna be the password. And Reese entered the password, making sure that is very, very secure. This is the god right. This is essentially full rights to this Windows Server. So you want to make sure that it is going to be secure. Even if you are going to be connecting these windows server to a domain, to Active Directory, which I hope that you will, because we're gonna be covering Active Directory in how to use all of that in future videos. But if you are going to be doing that, make sure that you still set up a very, very secure password because he can bypass Active Directory and login with this administrative. So do make it very complex, very secure. And now we login. We have Windows server configured, it's now downloaded, it's now installed. So before we even start building a domain controller and all of those other settings, we need to learn a little bit more about where our Windows Server, including how to do some basic configuration. So we need to set the host name. We just had an IP address where to go and do some other configurations. Because ultimately, yes, I'm here connected to a VMware environment and I'm consulting, essentially just opening up a console to these VM. Ideally, you want to be able to remote into it using your remote desktop connection. So we're going to show you how to actually get that setup as well. So you can actually manage it and actually set it up a little. 4. Building a DC (Domain Controller) for AD: Data domain. You can't really have computers talking to each other in a meaningful way. So we're going to be setting up a number of computers, of course, on a network. In a real-life network, you want all those computers to be able to talk, communicate with each other, communicate with a domain, communicate with Active Directory, centrally manage users and groups and servers and everything, all from Active Directory. Push out group policies against these computers, use DNS, dhcp, all of these technologies. But the foundational component is active directory, setting up a domain. And of course you do that with what's called a domain controller. Essentially, the domain controller is what controls your domain. Now, you've built your Windows Server 2022. We've allocated it a specific name. We've already have given it a DC name so that we know this is gonna be for our domain controller. We've given it a irrelevant IP address. Now we're going to go and actually set up the role and the feature to convert this Windows Server, which at the moment is not doing anything. We convert it and make it into a domain controller. So what we're gonna do is we're going to open up our server manager on our Windows Server right over here. It's in our Start Menu and Server Manager. And we're going to now select, Add Roles and Features, and click on that. Next, we're gonna do role-based or feature-based installation. We're gonna do it on this server. Remember that you can do this on other service or e.g. if you want to go and install some particular role or feature or domain controller role on another server. You can actually go and search for it and add it to a server pool and do it that way. But we're just doing it on our standard one here. Now this is where we actually go and configure the server role. So this is essentially where you install the software, think about it as an additional feature, additional software and an add-on that you add to the server to actually have the ability to now act as a domain controller to create a domain and have the Active Directory environment all configured. But the one we're primarily looking at is the second one. The other ones can be used for different purposes. Once you've set up an initial Active Directory Domain Environment and they get a lot more advanced. They're not gonna be covered in this course, but they can do a lot of additional features in terms of connecting things together, managing certificates, doing all these other great things. But that's for another session. Here is add features that are required for Active Directory Domain Services. So if you remember, this is the area where you're adding server roles and features. The role is our Active Directory Domain Services. But then it's saying, hey, if you want to install Active Directory Domain Services, you also need to install all of these features with it. Because without these features and you're not gonna get the best, you're not gonna be able to have this thing working the way that it should. So along with the Active Directory role, The Domain Services role is going to go and add group policy management. So here we are already in preparation for a future video where we're gonna be talking about Group Policies. Here you are preparing that by actually installing the Group Policy Management feature into your domain controller and some other remote server tools, AD DS, etc, in there. So you want to include management tools if applicable. Yeah, we'll take that when I click on Next, click on Next. So Active Directory Domain Services or AD DS for short, stores information about users, computers, and other devices on the network. It helps administrators securely manage this information and facilitates resources sharing, collaboration between users. There's a couple of things he didn't note to help ensure that users can still log onto the network. In the case of a server outage, install a minimum of two domain controllers for a domain. Now we talked about this previously. I recommend more than one domain controller because if your primary domain controller goes down, you're going to have a problem. Remember that your domain controller using Active Directory in your domain, your computers and other devices on your network. I gonna be authenticated. They're gonna be bound to these Active Directory domain controller. If your domain controller goes down, becomes offline, someone accidentally disconnected or powers it down or whatever. Then these devices, these users will not be able to login to their computers. They won't be able to authenticate against the domain controller. So it's very important that you have more than one, because if you have more than one, if your first one goes down, then computers can still talk to the second one. If you're in a larger organization, it's not uncommon that you'll have pools of domain controllers if you're in an organization that has multiple states or it's in multiple countries, then you're going to have domain controllers specifically set up in different regions, perhaps around the world that all talk to each other. And they're all part of a pool of domain controllers. Because that is the best way to make sure that systems can stay operational. That's the first point. The second point is AD DS requires a DNS server to be installed on the network. If you do not have a Danish server installed, you will be prompted to install the DNS server role on this machine. Now, future video, we're gonna be talking about DNS. We're gonna be showing you DNS. We're gonna be talking about some of the DNS records. What is DNS useful? Now we haven't talked about that yet. But here, very similarly to group policy, where it's going to be pre-configured during some of the Group Policy features and the installation software that it needs. It will also do the same thing here for your DNS server. So if this is the first domain controller that you're building and there is no DNS server already existing on your network somewhere, then this is where actually install your first DNS server. So it'll install the software, the features needed for DNS so that in a future video when we are talking about DNS, those roles are already installed and they are ready to go. Now the last point there is around Azure Active Directory, which is a separate online account, can provide simplified identity, identity and access management. We won't cover that in this course, that's for another course, but this one is specifically focused here on our on-premise building the domain controller within your home or office environment. So we're going to select Next. It's always good to take this, restart the destination server automatically for quiet and we can click on Install. Now that role will start to get installed, the features will start to get installed and if it needs a reboot, it will reboot. Your Windows Server. Installation has now finished. We can now click on Close. You see that now on the very far left in the navigation area, you've got dashboard, you got local server, and you got all server, you got file server, and your AD DS. So these two things were added as part of our installation. Part of adding these roles and features, you've now got these additional little areas here that have been added to our Windows Server. The first one here of course, being our AD DS. So this is now an AD services. It's got a overview. This is the server. It's online. Looks good. And then the bottom is some events talking about this thing called dfs. Dfs is something that we won't cover in this course, but essentially, it's something around File Services. Where you have a file server, you have multiple file services, and then you can sort of share some resources and make it easier to manage file server services using this protocol called DFS. But we'll cover that in another course. Either way, you've got this little warning at the very top up here saying configuration required for Active Directory Domain Services. Now this is in regards to that promotion that we were just talking about. So we can click on more tasks. And you'll see that it says additional steps are required to make this machinery domain controller. Here is a little summary of the task. Now, we can click on promote this server to a domain controller. Now there are three options available to us. Really depends on what the configuration state of your domain is in a network. So the first option here is add a domain controller to an existing domain, added domain to an existing forest, and add a new forest. Now add a domain controller to an existing domain. So this is in the event the first two, do you have some sort of a domain already in existence in an organization? So let's say you're doing this in a lab environment or in a real life company, then you've got to ask yourself the question is a domain already there? If there is a domain already there, then you don't need to go and configure a brand new domain or a brand new forest. We'll talk about these in a little bit. You don't have to do that because there's already something there. So you may want to just add your domain controller to an existing domain. Or you can do an add a new domain to an existing forest. So if there's already something in existence, then there are the options that you pick. If there's nothing in existence, if you're configuring a domain here from scratch, something completely brand new, then you do what's called add a new forest. They're essentially a force in the domain there. A little bit similar, but a forest is the parent level. The forest is at the very, very top level. And then there's a domain that sits within the forest. So one forest can have multiple domains. You could have Domain one domain to domain three, and they all sit under one single forest. So when we actually select, Add a new forest, you're creating the forest with a name. And you're creating the domain within that forest with a particular name. Or it could be the exactly the same name. That forest could be called the same thing as the domain. So what this is saying is added domain controller to an existing domain. Well, this is saying there's an existing domain out there which is part of a forest, but we're not talking about just the domain. We want to add a new domain controller because you want to give that domain, maybe an additional domain controller for better redundancy for failover so that if one domain controller fails, There's another one that you could be doing that the second option is to add a new domain to an existing forest. Maybe there's already a forest there. And there's already maybe one or more domains that exist in your organization. But you want to create a another domain. That's what you would do here. You would say, I want to add a brand new domain, but it's part of an existing forest that already exists in the environment. Of course, in the case of this demo, we're showing you how to do this from scratch. So we're going to select, Add a new forest, specify the domain information for this operation. So what is the root domain name? What do you want this domain to be called? Because now we get into the configuration component, think about the relevant domain name. Now this is a domain name that should not be changed. Do not change your domain once you've named it. So everything, every computer you're going to have P co1.domain.com. So that domain is going to be something that is for you. Could be Domain dot local, could be another extension there as well. Give yourself a relevant domain name. I'm doing this in a demo, so I'm going to call it home demo.com. That is the domain that I'm going to be giving out. Now this is completely different to domains out on the Internet. If you're familiar with, when you have to go and configure a domain, the figure to www dot Emilio Aguinaldo dotnet, which is my website e.g. well, that's a domain that I went and registered. I went to accompany and said I want that domain. And they gave me that domain and then I've built a website and that's the domain that it's sitting on. That's one thing. But this is now an internal domain, a domain that is just for you and for your business. It's not connected to the external world at all. It can be, but it's not connected in this time, in this case, to the external Internet at all. It's completely internal. So we're gonna be calling mine home demo.com. But of course you give it your relevant name, make sure that you give it a strong unique name, something that you will not want to be changing later on. And then we click on next. We then go to an area here called functional levels. Now what is a functional level? So let's say you've got a pool of domain controllers and they're all part of a domain. And the functional level is 2016. Well, what this means is that your domain controller that you're building, let's say you add a brand new domain controller to a domain. It needs to be on at least a functional level of 2016 and upwards, it needs to be, which means it needs to be a domain controller that is at least running Windows Server 2016. If you go and build yourself a Windows Server 2008 or a Windows Server 2012. And that is a domain controller. And you want to add a 2012 domain controller to a domain that he's running Windows Server 2016 or higher. It will not work because the functional level for your forest, of all for your domain. Remember that the forest is the top-level domain sits within the forest. These are the levels, the minimum levels that are available. If you're thinking in the future, we'll look maybe I do want to add some earlier versions of Windows Server. Then maybe you want to say the functional level of my forest. Maybe I want it to be Windows Server 2008. So now I can actually get a Windows Server 2008 or a server 2012 domain controller and add it to my functional level. But then you also lose some benefits that are going to be coming with later versions of these functional levels. So if you're very confident that 2016, every domain controller you're ever going to build an add to this forest or domain is going to be at least 2016, then you don't have to worry about it. You could leave it as is and let it do its thing. Now, specified domain controller cake capabilities is a few things here. You can add this DNS, which we've talked about. So it's going to add the DNS and also a global catalog. The global catalog, something that's gonna be used quite a fair bit. You're going to do lookups of this global catalog. And it's gonna be used by devices on your network to get names, to get authentication, all of that within your domain itself. So you want to make sure that those two are ticked. Now, we type in that directory services, Restore Mode password. This is a very important password. In the event that in the future you need to do some troubleshooting, you need to do some restoration activities. This is a different password to the password that we've set when you configure your server, make this a very, very strong secure password. Note it down somewhere, should only be known really by domain administrators. And make it very, very strong to go and put that one in. Do you wanna do any DNS delegation with at the moment, we don't really have anything set up. So I'm going to just leave that as is. We're not gonna do anything there, verify their net bios name. Now this isn't used commonly as much anymore, but if you're using computers on your network that are slightly older than maybe the net bios time they want to be kept. And by default it's found the net bios name, which is the same as my domain, which is home demo. We're happy with that. Specify the location of your AD DS database log files. And Cisco, very, very important that you know where these are going to be going. These are gonna be needed for you to do any. If you're gonna go into advanced troubleshooting, if you want to do any restoration. If you wanted to learn around backups and restoring your actual domain controller, needs to know where these are. Now, you can store these locally on your own server to, on the server that we're building. You can say, well, look, store these files on here. It's not uncommon for servers to have multiple disks potentially. And a disk could be stored like it could be shared on that server from a SAN or from an S. You could have some external media connected to it. You may want to point these to a different location and have some separate backup set up. So I would recommend my personal recommendation is you have your C Drive for all of your main installation. But then perhaps you have some separate D or E or F drives in there that are mapped. How you're sharing those is up to you whether that's from a SAN or arenas. But then you store these in a different path, in a different location. Make sure that you've got relevant backups in place to back this stuff up as well, because these files are gonna be very, very important. So you can see a full summary of what's going to happen. And the great thing is you can actually see your script if you're big into PowerShell and you wanna know well what's happening right here behind the scenes. Let's view a script here. If you want to use PowerShell, then you can run that command right there, throw it into PowerShell, press Enter, and it'll do the same thing as what we're doing here with the graphical user interface. If you're happy with all of that, we can click on Next doing some prerequisites. So it's needing to validate before AD is installed on this computer. Now have a look at these. I would note these down. You don't have to fix them right now. If there are any crosses, big red crosses, then you're going to have to go and fix those before you continue. But these are more advisory. So it's saying that a Windows Server 2022 domain controller have a default for the security settings names. So it's essentially a vulnerability that's been identified. Go and read up on this KB article, familiarize yourself with what's going on and frightened and try to fix them. The second one is around our DNS. So delegation with this DNS can not be created because the authoritative parent zone cannot be found or does not run Windows Server. And that's fine because this is something completely brand new, but there's no action required just yet. There's also a notification saying that if you click on install, the server automatically reboots at the end of the promotion operation. If you're happy with all of that, take note of these advisories, I'd maybe take a screenshot or copy and paste this because you can have to come back to it and have a look at those at some point. But everything else has passed or prerequisite checks have passed successfully. So we can now click on install. Now you'll see that it says home demo, forward slash administrative. So essentially identified the domain itself, which is really nice. And if I go to other user, you may have seen this before. But down the very bottom you'll see it says sign-in to and he says home demos was actually identified, that it is part of the domain and essentially the domain controller is our first item that has added itself to a new domain called home demo. So you could add the username and password in here. But at the moment, of course, we haven't even opened up Active Directory. We haven't configured any users or anything like that. So let's just log back into the local administrator with the standard parser that we set up previously. Now we've got a domain controller now sit up and promoted. If we go into our start menu, we've now got an area under Windows administrative tools. If I click on that, you'll see that there's now additional software in their Active Directory Admin Center domains and trusts modules for Windows PowerShell is what it says. And sites and services and users and computers. So you can open up what's familiar to some people would be the sinkhole users and computers. And this is essentially the home location where you're gonna go and configure a whole bunch of stuff specific to your domain. You will see that it now says Active Directory Users and Computers. And it's part of this Windows, windows Server D CO1 dot home demo. 5. It's now your turn: You should now know what a domain is, what Active Directory is. You should now know how to actually download your own copy of Windows Server, how to install it, and then how to promote and install all the features to get a domain controller up and running, and get Active Directory up and running. So now it's your turn if you haven't already been following along, go and read what some of these videos. Then go and do this yourself on your own computer, your laptop, your desktop, your server, in your home, in your work, in your own lab environment. Let us know what sort of environment you're gonna be doing this on. But then go and actually set this up all yourself. So in the project section, let us know how you're doing. Go into find a domain defined what Active Directory is. Let us know what the differences are. Going download. You'll Windows Server yourself off the internet, off the Microsoft website, completely free to use for a 180 day trial. And then go and set up that server that you've just installed as a domain controller. And of course, because it's domain controller, you're going to be creating a domain and Active Directory along with it. So go and do that all yourself. Let us know, keep in touch, maybe take some photos of your lab uploaded to your project and then let us know as you are going through each individual step. But that's it for this training class if you want to learn more about Active Directory now that you've built your environment, I do have a whole dedicated class on Active Directory, so you can go check that out anyway. Thank you so much for tuning in for this class. My name is Emilia, I love tech and hopefully you do too, and we'll see you next time.