WINDOWS SERVER 2022: INSTALLING ACTIVE DIRECTORY

Microsoft’s Active Directory (AD) offers many global corporations an enterprise-grade Single Sign-On environment.
Knowing how to configure this on the latest version of Windows Server will always benefit any IT professional.
In this article, we will discuss the initial setup of Active Directory.

Note 1: This was set up in a test environment; please always be cautious while working in a production environment.
Note 2: IP addresses listed are from the test environment; please ensure to match your environment.

Prerequisites

Processor

A 1.4 GHz 64-bit processor compatible with the x64 instruction set.
Support NX (no execution) and DEP (Data Execution Prevention).
Supports second-level address translation such as EPT and NPT.

RAM

At least 512MB (if a server with a desktop environment is installed, a minimum of 2GB is needed).
RAM with error-correcting code (ECC).

Storage

PCI Express storage adapter.
Hard disks can have a minimum partition requirement of 32GB.

Network

Any adapter that can use gigabit throughput.
PCI Express compliant adapter.
A card that supports a Pre-Boot Execution Environment (PXE).
A network debugging-enabled card is desirable but not a requirement.

Installation

To install Active Directory, Server 2022 must be installed and fully updated.

After the updates are installed, open the Server Manager application.
Once open, select the Ethernet connection so a static IP address relevant to the environment can be set.

Select the Ethernet adapter and open the Properties.
Under properties, select the TCP/IPv4 and click Properties.

Select the radio button to Use the following IP address.
Specify a free IP address in the network, as well as the subnet mask and correct default gateway, and click OK

Next, select the computer name under the Server Manager to change it.
The server will need a valid name before installing Active Directory.

On the System Properties window that opens, select Change.

Create a meaningful name for the server in our example DC1 and click OK.

Click Ok to acknowledge that the computer needs to be restarted.

Click Restart Now

After restart, the new IP address and computer name are visible when checking the Server Manager.

In the Server Manager, select Manage, and then Add Roles and Features

The wizard will give basic information; click Next.

Select Role-based or feature-based installation and click Next.

Should there be multiple servers in the environment, ensure the correct server is selected and click Next.
Should there only be one server, the above can be ignored. Just click Next.

On the server roles list, select Active Directory Domain Services.

Leave the tick box ticked to Include management tools, and click Add Features.

Active Directory Domain Services will now be ticked. Click Next.

For the Features, click Next with no changes.

The Active Directory Domain Services will make some suggestions that are very important for production environments, namely:
Install a minimum of two domain controllers so users can log in even if there is a server outage.
A Microsoft DNS server must be set up in the network.
Click Next.

Ticking the option to restart automatically for test environments will speed up the installation process. This should be used with caution for production environments.
Click Install.
If the option to restart was selected, click Yes to allow the automatic restart.

Installation of the Active Directory Domain Services will now run.

Once completed, select the option to Promote this server to a domain controller.

As this is a new domain, we will create a new forest.
For the root domain name, it is best to use a subdomain of an existing public FQDN (Fully Qualified Domain Name).
For example, adtest.foldersecurityviewer.com.
Should you not have a public domain, replacing the .com on the end with .local will work for test domains.

When setting up the domain controller for the first time, certain decisions will need to be made.
Forest Functional Level is the minimum Operating System version for all servers in all sub-domains.
Domain Functional Level could be set higher than the Forest level, but not lower.