Promote a Server to a Domain Controller

Paul Hill

February 18, 2021

In this lesson you are going to learn how to promote a server to a domain controller. This procedure is something you will complete after successfully installing the AD DS Server role.

If you haven’t done that yet, click here to learn how to install the AD DS server role.

Promote this server to a Domain controller

Step 1. Open Server Manager

Open Server Manager by clicking the Windows button and clicking Server Manager or by searching for Server Manager.

Step 2. Launch DC promotion wizard from Notification Flag

Select the notification flag, then Promote this server to a domain controller:

Step 3. Select the Deployment Operation

The next screen will ask you to specify if you want to join an existing domain, add a new domain to an existing forest or add a new forest. Since we are installing the first domain controller in our network, we will need to choose the last option.

Click Add a new forest. Enter your desired domain name (mine will be ad.serveracademy.com) and click Next:

Step 4. Configure Domain Controller Options

Domain and Forest Functional Level

Select the desired forest and domain functional level. The default options will work fine in our scenario. 

If this is a new domain you should select the highest available option. You should only choose older options if you have older domain controllers in your domain or forest.

Specify Domain Controller Capabilities

The default opens for your first domain controller are DNS and GC (Global Catalog). This are required for the first domain controller installation in your domain unless you have a separate DNS server installed.

We do not, so we are going to go with those settings.

Specify the Directory Services Restore Mode (DSRM) password

The DSRM password is used when you launch the domain controller into DSRM mode. One example of when you will do this is when you need to restore a system state backup of the server.

For my lab environments I always use the same passwords so I am going to enter that here. You should use a secure password that you save somewhere in case of a critical failure of your server.

Click Next:

Step 5. Configure the DNS Options

On the DNS options page you will most likely see a warning for DNS Delegation not being created. This error means that the server cannot create a DNS delegation for the DNS zone “above you”.

In our case, it’s trying to create a DNS delegation in serveracademy.com for ad.serveracademy.com. The DNS for serveracademy.com is handled by CloudFlare, a non-windows DNS server that my server has no permissions for.

This is why we see this warning message. We can safely ignore it because we don’t need the public DNS to work with our local active directory domain.

Click Next:

Step 6. Additional Options

This page simply shows the NetBIOS domain name. This is a 16-byte name that is a more friendlier way of identifying the domain and computers on the domain than the FQDN (fully qualified domain name, ad.serveracademy.com).

No changes are needed, so click Next:

Step 7. Paths

The next screen allows you to modify the Paths for your domain controller. I will briefly explain what each folder is:

Database Folder

This is where your Active Directory database (ntds.dit) is stored.

Log files Folder

Just like it sounds – your Active Directory logs will also be stored here.

Sysvol Folder

This is a repository for your active directory files like Group Policy files, domain security info, logon scripts and more. When you have multiple domain controllers, this is the folder that replicates your active directory data between your DCs.

You don’t need to modify any of these settings unless you prefer to place them on separate disks for performance. In our lab environment this is not needed. Click Next:

Step 8. Review Options

The next page will allow you to review the options you configured and even view a PowerShell script (click View Script) with the same options you configured. This could be useful if you plan on promoting several domain controllers.

Review the settings and click Next:

Step 9. Prerequisites Check

The next page will run through a list of prerequisite checks. You should see a few security notifications and a warning for the DNS delegation. Look for a message at the top that indicates all prerequisites checks passed successfully, then click Install:

Conclusion

The installation can take up to 30 minutes depending on the resources your server has available. During the installation the server will reboot, when it’s complete you will be brought to the login screen:

Here you should see the NETBios name of your domain (in my case, AD) followed by your administrator username.

That’s it! Now you’ve successfully promoted your server to a domain controller. Great job!

In next weeks lesson you are going to learn how to create Active Directory user accounts.

Blogpostctadesktop

Sign up free and start learning today!

Practice on REAL servers, learn from our video lessons, interact with the Server Academy community!

More from our blog

How to Become a Hacker

By Paul Hill | October 15, 2022

Becoming a hacker can be an exciting and rewarding six-figure job. Any product that uses digital technology is a potential target to be hacked – that means not just computers and phones but also your car, thermostats, garage door openers, smart coffee machines, and any other smart home device. That is why ethical/white hat hackers…

System Administrator Salary in 2022

By Ricardo P | August 27, 2022

Before deciding to become a System Administrator full-time, you might ask yourself, what is the system administrator salary and what can you expect? And, it is reasonable to research if becoming a System Administrator full-time will be a lucrative career. But the answer is that it all depends on your education, certifications, skills, location, and…

How to Easily Automate Tasks with PowerShell

By Ricardo P | July 1, 2022

You might know PowerShell as the improved command prompt version of Microsoft Windows, but PowerShell is more than that. It is also a scripting language that can be used for automation, and in this article we’ll show you how to automate tasks with PowerShell.

Assign License to a User using Licensing Group

By Jefferd Facundo | March 13, 2022

In this lesson, we will go through the steps on how to add user(s) to a licensing group in your Microsoft 365 tenant. Step 1: Access Microsoft Admin Center to manage the user’s license. On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email…

Running Message Trace in Exchange Admin Center

By Jefferd Facundo | February 5, 2022

In this tutorial, you will learn how to run a message trace using Exchange Admin Center to track any messages that was not delivered correctly or simply getting the status of the message sent or supposed to be received by the user(s). Step 1. Log in to Exchange Admin Center for Exchange Online. On your…

How to Create a Licensing Group in Microsoft 365 Tenant

By Jefferd Facundo | February 4, 2022

In this lesson, we will go through the steps on how to Create a Licensing Group in your Microsoft 365 tenant. Step 1: Access Azure Active Directory On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email format and then enter your password on…

Windows Cyber Security – STIGs for Beginners

By Paul Hill | February 1, 2022

This tutorial will show you how you can get started learning the technical side of Cyber Security for Windows environments. This tutorial is going to show you how to use STIGs (Security Technical Implementation Guides) to identify low, medium and high vulnerabilities and patch them in your Windows Environments. What is a STIG? A STIG…

Creating Mail Flow Rules

By Jefferd Facundo | January 19, 2022

In the lesson you will access the Exchange Admin Center for Exchange Online and create a mail flow rule that checks for sensitive information in emails sent from inside your organization. Step 1. Log in to Exchange Admin Center for Exchange Online. On your browser, login to Microsoft 365 Admin Portal via https://admin.microsoft.com On the…

How to run SQL Commands from PowerShell

By Paul Hill | July 23, 2021

If you want to run SQL commands from your PowerShell terminal you can do so by simply installing the SQLServer module with the command below: You will be prompted to install from an untrusted source. Type “A” to accept and install the module. Once it is complete you can see all the new commands you…

Adding Multiple Cloud Users to Microsoft 365 tenant.

By Jefferd Facundo | July 18, 2021

In this lesson, you will learn how to import multiple cloud users to your Microsoft 365 tenant. If you want to learn about getting started with Microsoft 365, click here. Step 1. Create your users’ information into CSV file using the given template in your tenant. On your browser, login to Microsoft 365 Admin Portal…