Ivy Consultants Inc.

Consulting Services for Security, Networking, Wi-Fi and Windows Server

In this article, I show you how to install your first Windows Server 2019 Active Directory (AD) domain controller (DC). We’ll be using Server Manager to install and configure AD, so you’ll need to be running a version of Windows Server 2019 that includes the Desktop Experience server role. Alternatively, you can set up AD in Windows Server 2019 Server Core using Server Manager running on a remote device.

There are two steps to installing AD in Windows Server 2019. The first is to install the Active Directory Domain Services (AD DS) server role. The second step is to configure your server as a domain controller. An AD domain must have at least one DC. Your server will be the first DC in a new AD forest and domain.

To complete the instructions below, you will need to have an account with administrator privileges in Windows Server 2019.

Configure a static IP address

Before you configure AD on your server, you should make sure that the server’s network adapter has been assigned a valid static IP address on your local network.

  • Log in to Windows Server 2019 with a local administrator account.
  • Right click the network icon in the system tray in the bottom right of the taskbar and click Open Network & Internet settings.
  • In the left pane of the Settings app, click Ethernet under Network & Internet.
  • In the right pane under Related settings, click Change adapter options.

In the Network Connections window, right click your server’s network adapter and select Properties from the menu.

In the Ethernet Properties dialog, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  • In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog, check Use the following IP address. You’ll need to fill out the following three fields: IP address, Subnet mask, Default gateway.

Your DC will need to communicate with other devices on the local network, so it’s important to speak to whoever oversees your network and get them to provide you with a static IP address that isn’t already in use. On my network, I will assign a static IP address of 192.168.1.10, subnet mask of 255.255.255.0, and the default gateway is 192.168.1.1.

Check Use the following DNS server addresses. Set Preferred DNS server to the same IP address that you assign Windows Server. So, in my example, I will use 192.168.1.10. Click OK when you’re done.

The first DC in your domain will also be a DNS server. The Active Directory Domain Services Configuration Wizard will automatically configure a DNS server for you.

  • Close the Ethernet Properties dialog, Network Connections window, and the Settings app.

Name your server

Make sure you assign a name to your server that reflects its new role. Something like DC1 might be good.

  • In Server Manager, click Local Server in the left pane.
  • In the Properties section on the right, click your server’s computer name to the right of the Computer name
  • In the System Properties dialog, click the Change button on the Computer Name tab.
  • In the Computer Name/Domain Changes dialog, type a name for your server in the Computer name field and click OK.

You’ll be prompted to restart the server. Click OK and then click Close in the System Properties dialog.

  • Click Restart Now in the popup dialog.

Install the Active Directory Domain Services role

Let’s get started with installing and configuring AD.

  • Log in to Windows Server 2019 with a local administrator account.
  • Server Manager should open by default. If it doesn’t, click the Start menu and find Server Manager in the list of installed apps and click it.
  • In Server Manager, click the Manage menu in the top-right corner and select Add Roles and Features from the menu.
  • In the Add Roles and Features Wizard, click Next on the Before You Begin screen.
  • On the Installation Type screen, make sure that Role-based or feature-based installation is selected and click Next.

On the Server Selection screen, make sure that your Windows Server is selected in the list and click Next.

  • On the Server Roles screen, check Active Directory Domain Services in the list of roles.
  • In the Add Roles and Features Wizard popup dialog, make sure that Include management tools (if applicable) is checked and then click Add Features.
  • Click Next on the Server Roles screen to continue.
  • Click Next on the Features screen.
  • Read the information on the AD DS screen and click Next.
  • Now click Install on the Confirmation screen.
  • When the installation is complete, click Close in the Add Roles and Features Wizard.

Configure Active Directory in Windows Server 2019

Now that the AD DS role is installed in Windows Server 2019, you can configure your first AD domain controller. Let’s go back to Server Manager and start the configuration.

  • Back in Server Manager, you should see a yellow exclamation mark by the notifications flag in the top-right corner. Click it and then click Promote this server to a domain controller.
  • In the Active Directory Domain Services Configuration Wizard dialog, check Add a new forest under Select the deployment operation.
  • In the Root domain name box, type the Fully Qualified Domain Name (FQDN) for your new AD forest. I’m going to use contoso.com for my AD domain name. Click Next to continue.

You should make sure that you own the public top-level domain name (TLD). In this example, I should own the contoso.com domain name. AD in the FQDN defines my internal DNS namespace for Active Directory.

  • On the Domain Controller Options screen, type and confirm a Directory Services Restore Mode (DSRM) password. You will need this if you want to restore AD from backup. Click Next to continue.
  • On the DNS Options screen, you can safely ignore the delegation warning and click Next.
  • On the Additional Options screen, click Next to accept the assigned NetBIOS name.
  • Click Next again on the Paths screen to accept the default database, log files, and SYSVOL folder locations.
  • Now click Next on the Review Options screen.

The wizard will run some prerequisite checks to make sure AD can be installed on the server. Hopefully your server will pass the checks and you can continue installing AD. It’s normal to get a few warnings as you can see in the image below. You will not be able to proceed with the install if the server fails the prerequisite checks.

  • Now click Install to configure AD on the server. The server will automatically reboot to complete the install process.

Once Windows Server has rebooted, you will need to log in with the domain administrator account. The domain administrator account is assigned the same password as the built-in administrator account.

  • On the sign-in page, type administrator in the User name Type the password for the administrator account, which is the same as the password for the previous built-in administrator account, and press ENTER.

And that is it! You are now logged in to your AD domain’s first domain controller. In Server Manager, you can click the Tools menu and then select Active Directory Users and Computers to start managing your domain