Thursday, 1 November 2012

How to setup a Windows Server 2008R2 Domain Controller


Domain is one of the most important concept in a Windows network. A domain is a collection of user and computer accounts that are grouped together so that they can be centrally managed using a Domain controller. A domain controller is a server which hold the 'Active Directory Domain Service (AD DS)' role in a network. Once you promote a Windows server as a domain controller it can be used for controlling and managing the whole domain in a centralized location. The domain controller will provide a single sign-on to various servers and services inside a domain. Also users and computers can be granted with access permissions. Group policy is one of the most important feature in AD DS that controls the working environment of user accounts and computer accounts. Group policy provides centralized management and configuration of operating systems, applications and user's setting in active directory environment. While you setup a domain controller, a DNS server will also get configured along with the AD DS. DNS server is one of the most important service in a network that will serve the computers with its name resolution functionality.

  • Server should be configured with a static IP address.
  •  Appropriate DNS configuration should be there, if there is no DNS server in your network put the loop-back address as the DNS server address in TCP/IP configuration.
  • Computer must be connected in a network.
Promoting Windows Server 2008R2 as Domain controller
1. Log on to windows server 2008R2 computer as an administrator.
Click Start > Run

Type 'dcpromo' and click OK

2. Now AD DS binaries will start installing on your server. Wait for the installation to get finished.

3. Now the Active Directory Domain Services Installation wizard will open up. Tick the Use advanced mode installation check box and click next.

4. On the Operating system compatibility windows, read the information and click Next.

5. On 'Choose a Deployment Configuration' window select 'Create a new domain in a new forest' since we are going to configure the first domain server in this network, click Next

6. On this windows you can name the domain that you are going to create. In this example I am naming it as '' Type the fully qualified domain name that you wish to use and click Next.

7. On the Domain NETBIOS name wizard leave it as default and click Next. In our example it is MATHEW
8. On the forest functional level wizard choose the functional level that you wish to use and click next. In this example I am choosing 'Windows Server 2008 R2'. You can see the details about each functional level available on the box below. Click Next.

9. On the Additional Domain Controller Option tick the DNS server option and click Next. Here you can find that the Global catalog option is ticked and grayed out. This is because Global catalog is installed by default while you configure first domain controller in a network.

10. Safely ignore the DNS warning wizard and click Yes to continue.
11. Now the wizard will ask you to choose a location for Database, Log Files and SYSVOL. The best practice is to choose a location which is other than the System volume to store these files. Click Next
12. Choose a Directory services restore mode administrator password. Make sure that you are providing a password other than the administrator password. This password is used for recovering AD in case of any disaster. Click Next

13. On the Summary window review the settings and Click next.

14. Once you click Next the wizard will configure Active Directory Domain Services on your Server. It is better to tick the Reboot on completion check box to reboot the server automatically to finish the Installation.

15. After the reboot go to Start > Administrative Tools > Active Directory Users and computers where you will find the domain that you have created. In our example you can find '' in Active Directory Users and computers.

Additional Information
1. To find out the roles Installed along with AD DS
You can use the command 'netdom query fsmo' to find out the roles installed along with the Active Directory Domain Services. Below is the screen-shot which shows the output of the command.
You can visit "How to transfer FSMO Roles in 2008R2to know more about fsmo roles and how to transfer these roles to another DC in the same domain.

2. DNS Server Snap-In after the fresh installation

Here you can find the DNS Manager snap-in after a fresh Installation.

3. Default Domain Policy of after the fresh Installation of AD DS.

You can find the screen-shots of the default domain policy after the installation of AD DS. Refer Figure 1 and Figure 2:
Figure 1:

Figure 2:
To know more about group policy visit 

While we configure a Domain Controller in a network it is better to configure an additional domain controller to improve the reliablility and availability of the network services. The Additional Domain Controller will serve the client machines in case of any failure of the Primary Domain Controller. I will explian how to configure an Additional Domain Controller latter in my Blogs.

1 comment:

  1. Hi ,

    This is Denny, the creator of this free automated employee
    provisioning/termination app-- Z-hire. I wrote this app for the TechNet community a year ago.

    Since you run a very informative blog, I would like your help
    spread the word. Since my application is free, i need supporters from the
    community. It would means a lot if you can help.

    Here is a link to my app