Installing Active Directory
To deploy Active Directory Domain Services on a local Server 2012 machine,
launch Server Manager and select “Add roles and features” in the
“Configure this local server” area of the dashboard.
Select “Role-based or feature-based installation,” and click Next.
Then select the local server (or the server to which you want to deploy
AD DS) as the destination server. Choose Active Directory Domain
Services. (See Figure 1.)
There are several features and tools that you are required to
install along with AD DS. These features are listed, and you are given
the option to install them as well. To do so, click “Add features,” then
click Next.
You can opt to install additional features, or just click Next
once again to begin the installation process (Figure 2).
After a successful install, Server Manager’s notification prompts
you to “Promote this server to a domain controller,” as shown in Figure 3.
Note
Of course, you don’t want to just start adding servers as domain
controllers (DCs) in a network. Most readers will probably already
have DCs deployed. You can certainly add Server 2012 as a physical or
virtual DC, or as a read-only DC for security purposes. Before
promoting any new Server 2012 deployments to DCs, consider your
existing infrastructure and what role Server 2012 should play.
You have several options to promote to a DC. You can use the GUI
or PowerShell. There’s some confusion about whether or not Microsoft has
eliminated the Dcpromo command system that administrators have long
used to promote servers to DCs.
Dcpromo can still be executed in Server 2012. You run the command
by pointing to an answer file, using the dcpromo.exe command in the command prompt. The
answer file is a text file you create with specific fields that will
customize an unattended DC promotion based on the configuration needed
for your particular organization.
Promoting DCs using Dcpromo and an answer file is necessary only
if an organization already has in-place automation for creating DCs or
for infrastructures that need to deploy large numbers of DCs. For
smaller organizations, using the DC install and promotion capabilities
within Server Manager is easier and more efficient because you have less
chance of syntax errors than with creating answer files. For those
comfortable with scripting, PowerShell also provides a good alternative
for creating and promoting servers as DCs.
The Active Directory Administrative Center allows you to add a
DC to an existing domain, add a new domain to an existing forest, or add a new forest. To set up an entirely new domain without
an existing forest, select “Add a new forest,” as shown in Figure 4. You must specify a root domain name,
in the form of <domainname>.com or
<domainname>.net, for example, or whatever
top-level domain (TLD) ending is designated for your
organization.
Next, you have to select the forest and domain’s functional level. The functional level you select
depends on whether you have an existing AD domain or forest and which
servers you are running. For instance, if your infrastructure has Server
2003 servers, you may keep the forest or domain level set at Windows
2003 until all DCs are upgraded to Server 2008 or 2008 R2.
Server 2012 can be set to Server 2012 AD, Server 2008 R2, Server
2008, or Server 2003 functional levels. If the DC is going to also function as a global catalog server, or as a read-only DC, you can
select those capabilities in this step as well. It is important to
ensure that adding a new DC does not execute an unplanned upgrade of the
functional level of the domain, so read all of the wizard text closely
when joining an existing domain.
Finally, in the next screen (Figure 5), you can also set
the Directory Services Restore Mode (DSRM) password.
Before final installation, a prerequisites check is automatically
run to ensure that there are no issues with the AD install (Figure 6).
After a successful install, AD DS is listed in the dashboard, as
shown in Figure 7.
