Active Directory (AD) has been a staple of Windows-based networks since Microsoft integrated it into Windows 2000 Server. AD is based on the Lightweight Directory Access Protocol (LDAP), and it provides authentication, authorization, and accounting capabilities on a network. It’s also a repository for all sorts of key information: Computer and user accounts, security and distribution groups, and even configuration information of products such as Microsoft Exchange all live within Active Directory. Put simply, if you’re an organization with more than just a few users and you use Windows, you’ll want AD. In this article, I’ll walk you though installing the Active Directory domain services role on Windows Server 2012. I’ll even show you how to install AD domain services within PowerShell with a simple one-liner.
Active Directory is grouped into forests and trees. This structure makes perfect sense and is analogous to a real forest with real trees. When AD is first configured, a domain tree is created. This also creates the forest by default. At this point it’s a forest of one tree only, but it’s still a forest. This first domain tree is appropriately known as the Forest Root Domain. The Forest and the Forest Root Domain share the same name.
The workhorses of AD are Domain Controllers (DC). These are the servers in which the Active Directory database resides. DCs come in two main flavors: a standard Domain Controller or a Global Catalog Domain Controller. A standard DC contains the AD information for just the domain tree of which it’s a member. A Global Catalog (GC), on the other hand, contains the AD information for all domain trees in the entire forest. There must be at least one GC in every domain tree.
In AD, Flexible Single Master Operations (FSMO) roles define that DC, or DCs, perform certain critical forest and domain wide functions. There are five roles: Schema Master, Domain Naming Master, Infrastructure Master, Relative ID (RID) Master, and PDC Emulator. When creating the first domain controller within a new forest, this DC will host all five roles. However, the roles can be transferred to different DCs after they’re created. For a more in-depth discussion of FSMO roles check out Flash Denning’s great Petri article on the subject, “Understanding FSMO Roles in Server 2008 Active Directory“.
Each new Windows Server version since Windows 2000 Server has introduced new and improved AD functionality. Windows Server 2012 is no exception. The AD Recycle Bin now has a graphical user interface making it easier than ever to recover deleted AD objects. There’s also a shiny new GUI for Fine-Grained Password Policies enabling IT pros to dial-in their organization’s password requirements. The DC creation process has been improved and it’s now even possible to join computers to an AD domain from across the Internet using DirectAccess. Active Directory really does keep getting better with age.
The first step on the road to implementing Active Directory on Windows Server 2012 is installing the Active Directory Domain Services Role.
It’s possible to close the wizard and let it continue working in the background. I prefer to leave it open, lest I be tempted to use the server for other tasks that might accidentally derail the installation.
Once the wizard is complete, the server still needs promoted to an Active Directory Domain Controller. It’s possible to move right into this step from the wizard confirmation screen by clicking the link to Promote this server to a domain controller.
One of the great benefits of Windows Server 2012 is how well PowerShell is integrated. PowerShell is, excuse the pun, more powerful than ever. For example, everything completed by the wizard above is easily done from within PowerShell with a simple one-liner. Here’s how.
The AD DS role will install and the server will reboot if necessary. Believe it or not, that’s it. That’s all there is to it. I bet you wish I told you this right from the get-go, huh?
Watch for a future Petri article where I’ll walk you through promoting a server with the AD DS role installed to a domain controller, creating a brand spankin’ new AD forest along the way. I’ll show you how to complete the process both via the GUI and from within PowerShell. Isn’t Windows Server 2012 great?