ACTIVE DIRECTORY DOMAIN SERVICES
Environment Overview
Active Directory Domain Services (AD DS) is a directory service developed by Microsoft that runs on Windows Server. It provides centralized management of users, computers, and other network resources within an organization. AD DS stores information about these resources in a structured database and allows administrators to control access, enforce security policies, and manage permissions from a central location. When a user logs into a network, AD DS authenticates their credentials and determines what resources they are authorized to access.
AD DS organizes network objects into domains, organizational units, and groups to simplify administration and improve security. It uses domain controllers to handle authentication requests and apply group policies, such as password requirements, software installation rules, and system restrictions. By offering centralized identity management and single sign-on capabilities, AD DS improves operational efficiency and strengthens network security in enterprise, educational, and government environments.
This Lab tutorial covers the complete installation and configuration of Active Directory Domain Services (AD DS) on a Windows Server. All procedures below apply to the following environment:
| Parameter | Value |
| Domain Name (FQDN) | vmorecloud.com |
| Server Hostname | server |
| Server FQDN | server.vmorecloud.com |
| Static IP Address | 192.168.248.134 |
| Default Gateway | 192.168.248.2 |
| Preferred DNS | 192.168.248.134 (self) |
| Alternate DNS | 127.0.0.1 |
| Forest/Domain Level | Windows Server 2025 (or higher) |
| NetBIOS Name | VMORECLOUD |
2. Pre-Installation: Configure Static IP & DNS
Before promoting the server to a Domain Controller, you must configure a static IP address and set the DNS to point to itself. This is critical — AD DS relies on DNS.
To manually assign a static IP address, follow these steps:
- Open Network Connections.
- Right-click your network adapter and select Properties.
- Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
- Choose “Use the following IP address.”
- Enter the required values:
- IP address: (e.g., 192.168.248.134)
- Subnet mask: (e.g., 255.255.255.0)
- Default gateway: (e.g., 192.168.248.2)
- Under “Use the following DNS server addresses,” enter:
- Preferred DNS server
- Alternate DNS server (if provided)
- Click OK, then Close to apply the settings.
2.1 Set Static IP Address (GUI)
| Parameter | Value |
| IP Address | 192.168.248.134 |
| Subnet Mask | 255.255.255.0 |
| Default Gateway | 192.168.248.2 |
| Preferred DNS Server | 192.168.248.134 |
| Alternate DNS Server | 127.0.0.1 |
2.2 Set Static IP Address (PowerShell)
type the following commands in PowerShell on Windows Server to configure a static IP address and DNS settings for a network adapter. Alternatively, open PowerShell as Administrator and run:
| View available network adapters Get-NetAdapter Replace ‘Ethernet0’ with your actual adapter name New-NetIPAddress -InterfaceAlias “Ethernet0” -IPAddress 192.168.248.134-PrefixLength 24 ` -DefaultGateway 192.168.248.2 Set-DnsClientServerAddress -InterfaceAlias “Ethernet0” ` -ServerAddresses 192.168.248.134,127.0.0.1 |
2.3 Set Server Name
Confirm the server name is set to ‘server’ before installing AD DS. Use PowerShell:
| Check current hostname hostname Rename the computer (replace with your desired name) Rename-Computer -NewName “server” -Force -Restart |
ⓘ The server will restart. Reconnect and verify with ‘hostname’ before proceeding.
3. Install the AD DS Role
3.1 Via Server Manager (GUI)
| 1 | Open Server Manager → Dashboard → click Add roles and features. |
| 2 | Click Next on the Before You Begin page. |
| 3 | Select Role-based or feature-based installation → Next. |
| 4 | Select the local server (server.vmorecloud.com) → Next. |
| 5 | Check Active Directory Domain Services from the roles list. |
| 6 | When prompted to add required features, click Add Features → Next → Next → Next. |
| 7 | On the Confirmation page, optionally check Restart the destination server automatically if required, then click Install. |
| 8 | Wait for installation to complete. Do NOT close the wizard — a promotion link will appear. |
3.2 Via PowerShell
| Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools |
ⓘ After the command completes, verify with: Get-WindowsFeature AD-Domain-Services
4. Promote Server to Domain Controller
4.1 Via Server Manager (GUI)
| 1 | In Server Manager, click the flag icon (notifications) at the top → click Promote this server to a domain controller. |
| 2 | In the Deployment Configuration window, select Add a new forest. |
| 3 | In the Root domain name field, enter: vmorecloud.com → Next. |
| 4 | On Domain Controller Options: set Forest functional level and Domain functional level to Windows Server 2016 (or your version). Ensure Domain Name System (DNS) server and Global Catalog (GC) are checked. |
| 5 | Enter and confirm a strong Directory Services Restore Mode (DSRM) password → Next. |
| 6 | On DNS Options, ignore the delegation warning → Next. |
| 7 | NetBIOS name will auto-populate as VMORECLOUD → Next. |
| 8 | Leave default paths for NTDS, SYSVOL and Log folders → Next. |
| 9 | Review the summary on the Review Options page → Next. |
| 10 | The Prerequisites Check will run. If all checks pass (warnings are acceptable), click Install. |
| 11 | The server will automatically restart. After restart, log in as VMORECLOUD\Administrator. |
4.2 Via PowerShell
| Import-Module ADDSDeployment Install-ADDSForest \ -DomainName ‘vmorecloud.com’ \ -DomainNetbiosName ‘VMORECLOUD’ \ -ForestMode ‘WinThreshold’ \ -DomainMode ‘WinThreshold’ \ -InstallDns \ -DatabasePath ‘C:\Windows\NTDS’ \ -SysvolPath ‘C:\Windows\SYSVOL’ \ -LogPath ‘C:\Windows\NTDS’ \ -NoRebootOnCompletion:$false \ -Force # You will be prompted for SafeModeAdministratorPassword (DSRM password) |
5. Post-Installation Verification
After the server restarts, log in as VMORECLOUD\Administrator and run the following verification checks:
| # 1. Confirm AD DS is running Get-Service adws, dns, kdc, netlogon | Select-Object Name, Status # 2. Confirm Domain information Get-ADDomain # 3. Confirm Forest information Get-ADForest # 4. Confirm Domain Controller Get-ADDomainController # 5. Test DNS resolution Resolve-DnsName vmorecloud.com Resolve-DnsName server.vmorecloud.com # 6. Test AD replication (single DC, should show no errors) dcdiag /test:replications # 7. Full domain diagnostics dcdiag /v # 8. Netlogon test nltest /dsgetdc:vmorecloud.com |
5.1 Expected Services Status
| Parameter | Value |
| ADWS (AD Web Services) | Running |
| DNS Server | Running |
| KDC (Kerberos) | Running |
| Netlogon | Running |
| DFSR (Replication) | Running |
6. DNS Configuration Check
AD DS installs a DNS Server automatically. Verify the key DNS records exist using DNS Manager or PowerShell:
| # List all DNS zones Get-DnsServerZone # Check vmorecloud.com zone records Get-DnsServerResourceRecord -ZoneName ‘vmorecloud.com’ # Verify _msdcs zone (critical for AD) Get-DnsServerResourceRecord -ZoneName ‘_msdcs.vmorecloud.com’ # Test SRV records (Kerberos & LDAP) Resolve-DnsName _kerberos._tcp.vmorecloud.com -Type SRV Resolve-DnsName _ldap._tcp.vmorecloud.com -Type SRV |
ⓘ The DNS zone vmorecloud.com and _msdcs.vmorecloud.com must both exist and contain SRV records for AD to function properly.
7. Create Organizational Units & Users
7.1 Create Organizational Unit (OU)
| # Create a top-level OU New-ADOrganizationalUnit -Name ‘vmorecloud_Users’ \ -Path ‘DC=vmorecloud,DC=com’ \ -ProtectedFromAccidentalDeletion $true |
7.2 Create a Domain User
| New-ADUser \ -Name ‘John Doe’ \ -GivenName ‘John’ \ -Surname ‘Doe’ \ -SamAccountName ‘jdoe’ \ -UserPrincipalName ‘jdoe@vmorecloud.com’ \ -Path ‘OU=vmorecloud_Users,DC=vmorecloud,DC=com’ \ -AccountPassword (ConvertTo-SecureString ‘P@ssw0rd123!’ -AsPlainText -Force) \ -Enabled $true |
8. Common Issues & Troubleshooting
| Issue | Resolution |
| DNS delegation warning during promotion | This is expected and can be safely ignored in a single-domain lab environment. |
| DCdiag DNS test fails | Ensure Preferred DNS is set to 192.168.248.134 (itself) and DNS Server service is running. |
| Cannot log in as VMORECLOUD\Administrator | Use the full UPN format: administrator@vmorecloud.com or ensure VMORECLOUD domain name is correct. |
| Netlogon service not starting | Run ‘nltest /sc_verify:vmorecloud.com’ and check Event Viewer → System for Netlogon errors. |
| AD DS promotion fails at prerequisites | Check Event Viewer → Server Manager → %temp% for detailed logs. Most common cause is DNS misconfiguration. |
| Time synchronization issues | Run: w32tm /resync /force — AD Kerberos requires <5 min time skew. |
9. Quick Reference Summary
| Parameter | Value |
| Domain FQDN | vmorecloud.com |
| Domain NetBIOS | VMORECLOUD |
| DC FQDN | server.vmorecloud.com |
| DC IP Address | 192.168.248.134 |
| Default Gateway | 192.168.248.2 |
| DNS Server | 192.168.248.134 (self) |
| DSRM Password | (set during promotion — store securely) |
| Default Admin Login | VMORECLOUD\Administrator |
| Admin UPN Login | administrator@vmorecloud.com |
| NTDS Database | C:\Windows\NTDS |
| SYSVOL Path | C:\Windows\SYSVOL |
ⓘ Keep this document and the DSRM password in a secure location. The DSRM password is required for AD recovery operations.





