Deploying an Active Directory server 2025

information technology August 12, 2024



Best Practices for Deploying an Active Directory server 2025 


It's not as simple as it seems to set up an ideal Active Directory (AD) that will last. Not only must you consider the organization's current situation, but you also need to make plans for any future adjustments. I'll walk you through the fundamentals of configuring an Active Directory to help you get started.


  • Planning 

  1. Install Prerequisites  ( Hardware Requirements, Software Requirements, static IP and DNS configuration  )  
  2. Planning out your AD deployment thoroughly is vital before you begin the installation procedure (naming conventions count of domain controllers,  replication plan  users and group structures)
  3.  Roles and Features Configuration ( server roles, group management structures) 
  4.  Security setting Configuration   (auditing, password complexity, account policies)
  5. maintainer plan ( backup plan, Disaster recovery plan, track AD performance plan)


Configure the Basic setting before configuring the active directory 

  • Change computer Name - naming convention helps in quickly identifying the server, location and number                                                                                                                                          (Example -JKTECHHUB-DC01, DCSVR-02 , HODC-01 ,TESTDR-DC01, TESTADC_03 )


  • Click to the change the name 






  •       Type the server name and then ok 





  • Click Ok then popup restart box then click ok   




  • Enable Remote Desktop: By default, remote desktop is disabled. To access it, click Remote Desktop. A dialogue box will then appear



  • To approve the remote desktop connection, click the Allow dialogue box. 



  • then allow this computer permission to connect remotely. 




  • Assign IP Address  
Select "Internet Protocol Version 4 (TCP / IPv4)" in the list of protocols in the appearing window and click "Properties".





  • Add a planned static IP address and DNS server IP.


  • Install the latest update (before configuring AD )



  • Turn off IE Enhanced Security Setting   
 



  • Change Time Zone 



  • To set the correct time zone on your server based on your location, then ok 



  • Activate the windows 



  Install and Configure Active Directory Server   2025 


  • In the start menu select  Server Manager








  • Click Manage and then click Add Role and Features






  • Then Popup  adds role and Features wizard windows, Click Next 





  • Automatically select the installation type “Role-based or feature-based installation”, and click on “Next”.





  • Configure your Server Selection and Roles you have to select your server from the “server pool” and then click  Next.





  • You can now see several server roles here. Select the roles that are necessary for your deployment. We are currently implementing basic features for Active Directory installation and configuration. Thus, all I'm doing is choosing "Active Directory Domain Services." Click "Add Features" after leaving the settings as they are.

  • Even if you choose not to use the service, the DNS server will install itself in the AD Primary Domain Controller (PDC).

  • click the active directory and domain service 



  • On the Server Roles page, choose "Active Directory Domain Services." A window requesting that you add features that are necessary for Active Directory Domain Services will appear; click "Add Features" and then "Next"
















  • Go to the features page and select "Next." This page doesn't need to be changed.





  • Click "Next" on the AD DS page. This page is just for information.




  • It verifies each chosen component that is necessary for the AD DS role. If necessary, it would also advise automatically restarting the destination server.



  • this console shows the installation in progress 



  • Click on this icon and select Promote this server to a domain controller



  • The "Active Directory Domain Configuration Wizard" window will open as a result. Three options are available in the "Deployment Operation" section. "Add a new forest," "Add a new domain to an existing forest," and "Add a domain controller to an existing domain.

  • We must choose "Add a new forest" and provide the domain name because we are creating a new forest. Future blogs will cover the other two alternatives.





  • Select Domain & Forest Functional Level
The capabilities available within Active Directory Domain Services (AD DS) domains or forests are defined by functional levels. They also decide which versions of Windows Server operating systems you are allowed to use on domain controllers inside a forest or domain.

Note: Which OS systems you can operate on workstations and member servers connected to the domain or forest are independent of functional levels. If you have older domain controllers in your domain or forest, then you should only select older options.

We are currently building a new domain so you can choose any feature at the highest level.


On the screen, there is a brief explanation of these terms. These terms will be clarified later.

  • Active Directory (AD) object backups and recoveries are the exclusive domain of DSRM (Directory Services Restore Mode). Passwords can be added in the DSRM section. The command NTDSUTIL is in charge of it.
  • A full copy of all AD object attributes and a partial copy of all other domains' object attributes are stored in Global Catalog.
  • RODC: A RODC contains all database objects and characteristics, with the exception of account passwords. Where security is a top priority, it is used. For Primary Domain Controller, this option is disabled; however, it is enabled for other DCs.




  • The error below, which reads, "A delegation for this DNS server cannot be created," may probably appear to you. This is normal. The wizard is unable to establish a delegation for the sub-domain (jkXXXXX )and is attempting to get in touch with the nameservers for the domain (jkxxxxx)  that I entered. If you can resolve names inside your domain without the assistance of computers connected to the network, you are able to ignore this message.





  • Simply said, this page displays the NetBIOS domain name. Compared to the FQDN, this 16-byte identifier provides a friendlier method to identify the domain and the computers on it.
  • There is nothing to change, so click Next


  • Your active directory files, including Group Policy files, domain security information, logon scripts, and more, are stored in this repository. This folder is used when you have multiple domain controllers (DCs) and it replicates your active directory data between them.

  • Unless you would rather have them on different disks for performance, you don't need to change any of these settings.   Click Next,



'
  • The program then shows you a summary of your Active Directory configuration. Then Next 





  • The list of required checks will be reviewed on the next page. A few security alerts as well as a DNS delegation caution ought to appear. When you get a notification at the top stating that all required checks were successful, click to install 





  • Following the installation process, it will restart automatically.



  • You will see the login screen once it is finished.



Most important PowerShell Commands

  • checking to see if the installation of Active Directory was completed well

  • Get-Service adws,kdc,netlogon,dns


  • Get-ADDomainController



Get-ADDomain jktechhub.online




information technology

Posted by information technology

Post a Comment

0 Comments