Thefartiste – Blog reviews everything Thefartiste.com is a website that reviews and synthesizes knowledge and the most attractive and cheap quality products to our readers.
Introduction
This article helps to Install / setup the active directory environment using windows server 2019 using PowerShell / PowerShell config file .
Prerequisites
- Install Windows server 2019 Standard / Data center on a Hardware.
- Active Directory Topology
- Make sure Active directory ports are open.
- Patch the Server with the latest Windows Updates and hot-fix.
- Assign the static IP address to Domain Controller
- Install Active directory domain services (ADDS) Role on the server.
- Configure ADDS according to requirement.
- Evaluate the windows event logs to validate the health of ADDS installation and configuration
- Configure Service and Performance Monitoring
- ADDS Backup / DR Configuration
Active Directory Topology
In my sample environment, example.com will be the forest root domain. The first domain controller installs on the forest will hold all five FSMO roles. Once additional domain controllers are in place you can place them inapposite locations.
↑ Back to top
Active Directory Port Details
In my sample environment, example.com will be the forest root sphere. The first world accountant installs on the forest will hold all five FSMO roles. Once extra domain controllers are in home you can place them inapposite locations.
active Directory communications constitute of the issue of ports, below table explains ports with its details .
- Active Directory Default Ports
- Active Directory Replication
- Step 1: Login as Local Admin
- Step 2: IP Config
- Step 3: Static IP
- Step 4: Find InterfaceIndex
- Step 5 : DNS
- Step 6: Install AD-DS Role
- Step 7:AD-DS Configuration
- Step 8 : Prompt for the Safe Mode Admin Pass
- Step 9 : Reboot & Login
- Step 11 : Run Get-ADDomainController
- Step 12 : Run Get-ADDomain example.com
- Step 13 : List The AD Forest Details
- Step 14 : Check if DC Sharing The SYSVOL Folder
Active Directory Default Ports
| port | type | description |
| 135 | TCP/UDP | RPC end point plotter |
| 137 | TCP/UDP | NetBIOS name service |
| 138 | UDP | NetBIOS datagram service |
| 139 | transmission control protocol | NetBIOS session service |
| 445 | TCP/UDP | SMB over IP ( Microsoft-DS ) |
| 389 | TCP/ UDP | LDAP |
| 636 | transmission control protocol | LDAP over SSL |
| 3268 | transmission control protocol | ball-shaped catalog LDAP |
| 3269 | transmission control protocol | global catalogue LDAP over SSL |
| 88 | TCP/ UDP | Kerberos |
| 53 | TCP/ UDP | DNS |
| 1512 | TCP/ UDP | WINS resolution |
| 42 | TCP/ UDP | WINS replication |
| Dynamically-assigned ports, unless restricted | transmission control protocol | RPC |
Active Directory Replication
| port | type | description |
| 135 | transmission control protocol | RPC end point plotter |
| 389 | TCP/UDP | LDAP |
| 636 | transmission control protocol | LDAP over SSL |
| 3268 | transmission control protocol | global catalog LDAP |
| 3269 | transmission control protocol | global catalog LDAP over SSL |
| 53 | TCP/UDP | DNS |
| 88 | TCP/UDP | Kerberos |
| 445 | transmission control protocol | SMB over IP ( Microsoft-DS ) |
| RPC | transmission control protocol | Dynamically-assigned ports ( unless restricted ) |
Active Directory Authentication
| port | character | description |
| 445 | TCP/UDP | SMB over IP ( Microsoft-DS ) |
| 88 | TCP/UDP | Kerberos |
| 389 | UDP | LDAP |
| 53 | TCP/UDP | DNS |
| RPC | transmission control protocol | Dynamically-assigned ports ( unless restricted ) |
↑ Back to top
Installation Steps
Step 1: Login as Local Admin
To start the shape, log in to Windows server 2019 waiter as the local administrator .
Step 2: IP Config
We already changed the name of the server to a meaningful one. then need to check the IP config. in my initial shape, it shows DHCP IP .
We need to change it to electrostatic first, with PowerShell
Step 3: Static IP
To set the static IP, we can use below PowerShell command .
New-NetIPAddress` -InterfaceIndex4-IPAddress192.168.61.100-PrefixLength24DefaultGateway192.168.61.2`
notice : here we assigned IP based on my network prerequisite. Hence use the IP address according to your infrastructure .
Step 4: Find InterfaceIndex
In above, InterfaceIndex can find using Get-NetIPAddress command .
Step 5 : DNS
next step is to set DNS Ip addresses. The primary district of columbia besides going to act as DC so we need to set it as the prefer DNS. We can do this using below command .
Set-DnsClientServerAddress -InterfaceIndex4-ServerAddresses ("192.168.61.100","8.8.8.8")
After config, we can verify it using ipconfig /all .
Step 6: Install AD-DS Role
Before the AD configuration process, we need to install the AD-DS Role in the given server. In regulate to do that we can use the Following command .
Install-WindowsFeature –Name AD-Domain-Services –IncludeManagementTools`
eminence : boot is not required to complete the function serve installations .
now we have the AD-DS function installed, the adjacent step is to proceed with the configuration
Step 7:AD-DS Configuration
Below is the power-shell configuration file / script for configuring the ADDS .
Install-ADDSForest `
-DomainName
"example.com"
`
-CreateDnsDelegation:$false `
-DatabasePath
"C:\Windows\NTDS"
`
-DomainMode
"7" `
-DomainNetbiosName
"example" `
-ForestMode
"7" `
-InstallDns:$true `
-LogPath
"C:\Windows\NTDS"
`
-NoRebootOnCompletion:$True `
-SysvolPath
"C:\Windows\SYSVOL"
`
-Force:$true
Following explain the Power-Shell arguments and what it will do. Install-WindowsFeature
This cmdlet will allow to install windows function, function services or windows feature in la ocal server or remote server. It is similar to using windows waiter coach to install those .
IncludeManagementTools
This cmdlet will allow to install windows character, role services or windows feature in local server or remote server. It is exchangeable to using windows server coach to install those .
This will install the management tools for the choose character service .
This cmdlet will allow to setup a newfangled active directory afforest .
- DomainName: This parameter defines the FQDN for the active directory domain.
- CreateDnsDelegation Using this parameter can define whether to create DNS delegation that reference active directory integrated DNS.
- DatabasePath; this parameter will use to define the folder path to store the active directory database file (Ntds.dit).
- DomainMode: This parameter will specify the active directory domain functional level. In above I have used mode 7 which is windows server 2016. Windows Server 2019 doesn’t have separate domain functional level.
- DomainNetbiosName This defines the NetBIOS name for the forest root domain.
- ForestMode; This parameter will specify the active directory forest functional level. In above I have used mode 7 which is windows server 2016. Windows Server 2016 doesn’t have separate forest functional level.
- InstallDns: Using this can specify whether DNS role need to install with the active directory domain controller. For new forest, it is the default requirement to set it to $true.
- LogPath: Log path can use to specify the location to save domain log files.
- SysvolPath
- SysvolPath | This is to define the SYSVOL folder path. Default location for it will be C:\Windows
- NoRebootOnCompletion: By default, the system will restart the server after domain controller configuration. using this command can prevent the automatic system restart.
- Force: This parameter will force command to execute by ignoring the warning. It is typical for the system to pass the warning about best practices and recommendations.
Step 8 : Prompt for the Safe Mode Admin Pass
After executing the command it will prompt for the Safe Mode Administrator Password. This is to use in Directory Services Restore Mode (DSRM).
After executing the command it will prompt for the Safe Mode Administrator Password. This is to use in Directory Services Restore Mode ( DSRM ). Make certain to use the complex password ( According to windows password complexity recommendations ). failure to do sol will stop the shape .
Step 9 : Reboot & Login
When configuration complete, reboot the domain controller and log back in as domain administrator.
Step
10 : Confirm the Installation
To confirm the successful installation of the services.
Get-Service adws,kdc,netlogon,dns
When shape complete, reboot the sphere restrainer and log back in angstrom sphere administrator.To confirm the successful facility of the services. Above command will list down the condition of the active directory related services running on the world restrainer .
Step 11 : Run Get-ADDomainController
It will list down all the configuration details of the domain controller.
Step 12 : Run Get-ADDomain example.com
It will list down all the shape details of the domain control. It will list down the details about the active directory knowledge domain.
Read more: How to register as a VIP in GTA Online
Step 13 : List The AD Forest Details
same way Get-ADForest example.com will list down the active directory forest details .
Step 14 : Check if DC Sharing The SYSVOL Folder
Get-smbshare SYSVOL will show if the world restrainer sharing the SYSVOL folder .
↑ Back to top
Conclusion
As we can see AD DS components are installed and configured successfully. This marks the end of this post. Please feel free to rate this article.
References
↑ Back to top
Glossary
| Item | Description |
| SYSVOL | SYSTEM VOLUME |
| DC | Domain Controller |
| AD DS | Active Directory Domain Services |
| DNS | Domain Name System |
| FQDN | Fully Qualified Domain Name |
| DSRM | Directory Services Restore Mode |
KDC |
Key Distribution Center |
| LDAP | Lightweight Directory Access Protocol |
| NTDS | NT Directory Services |
| IP | Internet Protocol |
| FSMO | Flexible Single-Master Operation |
↑ Back to top
Other Languages
As we can see AD DS components are installed and configured successfully. This marks the end of this post. Please feel barren to pace this article .
