From Server to Domain Controller, Promoting to a Domain Controller on Windows Server 2022

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys today we're going to go check out installing active directory domain Services onto a new server inside our environment and be able to connect that to our existing active directory environment so let's get straight into it with a whiteboard demo and then an actual demonstration of how to do this on Windows Server [Music] 2022 so let's just jump straight here into the Whiteboard let's start off with what is active directory directory or at least in the context of onsite um active directory is an authentication Service and the way that active directory functions is you have these things called active directory domains now an active directory domain might be something like contoso.com and this is an authentication space so inside this domain what we're going to have is we're going to have individual objects so we might have for example users like we might have Bob we might have Tracy these individual people and these people like Bob and Tracy are actually going to have user accounts that exist inside this identity space we might also actually have devices so we might have servers and we might have computers these computers might be for example laptops or desktops inside the environment and these things are also going to be part of this authentication space as well there is a concept called active directory joining and by joining a server or joining a computer to an active directory domain they are going to end up with an account inside active directory here and we also then have control of them within this spatial context what we can do at this point then is we can take people like Bob over here and Bob can come along and can log into a computer with his account account or Tracy can log into a computer with her account as long as they have permission to do that now this is kind of The Logical diagram here but what's actually running this inside let's just get rid of some of this for the moment technically all that a domain actually is in this context is a big database it's actually a database that's called ntds.dit it's actually a flat file database so technically it's a really big text file it's a technology that goes back a number of years goes back all the way through the Unix days all the way back towards main frames but to actually run this thing we have a specialist selection of computers that are actually called domain controllers or DCS each of these domain controllers actually hold a copy of this specialized database this database that actually contains all the accounts and all the details for how active directory works and functions so let's just take Bob over here move him across say if Bob wants to go and log in and authenticate to a computer that he wants to use well for that to actually work one of these domain controllers actually has to respond to that request Bob has to essentially pass his username and password to the computer and the computer can go and check that against the domain controller and against the database whether Bob's username and password is correct and he also has the authentication ability to go and log into that machine so this database here is very very critical it means that if any of these domain controllers go down or if all of your domain controllers go down you're going to be in a very big world of hurt because everything is going to break so what we have is we have what's known as a multimaster system and in this case it means that on a simplistic level each of these domain controllers talk to each other and they all make a copy of that database between each other meaning that if a record or if a user for example like Bob gets updated in any one of these databases that data is then going to be replicated to each of the other databases in the environment so that if one of these computers should go down it doesn't matter we've still got some that are actually still running with that same database so what we're going to do today is we're actually going to create a new computer over here in fact we're going to have Windows Server installed onto a machine and then we're going to make that that server into a domain controller and actually connect it into an existing environment that's already got domain controllers on there because we want at least three probably even more in large companies domain controllers across the infrastructure to make sure that we're protecting ourselves from server failure here so let's get straight into the demo and have a look at installing active directory domain Services onto an existing server in our environment and converting it to a domain controller so we're over here on a computer this is just a standard Windows Server we can see if we go and run server manager on here there's nothing actually running on this at the moment on this local server we have just got it called SCA adm1 uh it's connected already to an existing domain called Koso but it's not actually a domain controller yet if I go and look at adds here on server manager on this computer I can see that is a domain controller running but it's running on a different server it's called dc1 what I want to do is I want to actually install um the active directory information onto this computer I can do this in a number of different ways but what I'm going to do is I'm going to go and pick up uh Windows Powershell here and we're going to actually install this via Powershell the command's very simple we're just going to do install Windows feature name ad domain services and we're going to make sure that it's installing on this computer SE a svr1 that's it that's going to make not well sorry this is not going to make this a domain controller just yet but what this is going to do is it's going to install the features we need for it to become a domain controller so once this is actually installed we still have to actually go and configure the options to connect it into the infrastructure okay we can now see that this is actually completed on its installation and I should have the active directory domain service is available and ready to actually configure so let's go and just run another command here just to check that's definitely installed if we do get Windows feature uh computer name SE I need to change that command around when playing with po shell make sure you've got your dashes in place just to have a look at all of the stuff that's installed on here if we scroll up we should be able to see uh here we go active directory domain services with an X against it that's nicely installed for us that's great so what we want to do now is we want to actually go in and go and start to work with SCA svr1 and get this thing configured so it's going to become an adds um um an active directory domain controller so if I go back into my server manager you'll notice up here I have a little notification if I click on this notification I need to do some post deployment configuration for my domain controller it says here promote This Server to a domain controller now some of you guys may have done this process before back on older computers and you may have done this through an old option called DC promo if you actually do DC promo here uh DC promo does actually still exist for uh automating this process but ever since Windows Server 2016 DC promo was retired from actually promoting a domain controller and we have to use this wizard instead so what I'm going to do is I'm just going to add this domain controller to an existing domain we're going to add it to contoso.com down here um we're going to use the existing credential so we're going to use the administrator trator I will need the administrator account of the domain to be able to add this in let's click next on that one now there are a few options down here that we might need now most of these options you can select as default but just to point these out there for example domain name server we don't need this to be a domain name server if we've already got domain name servers or DNS servers inside our environment so I can actually untick that one um if you don't have DNS servers or you want more DNS servers for a dcy you can leave that connected as well that's fine Global catalog servers the difference with a global catalog servers if you have lots of domain controllers inside multiple different forests Global catalog servers know where they all are but when you start getting into very very large environments and you might have offices in London offices in New York York offices in Paris what you might find is that replicating the active directory database between all of those offices becomes rather inefficient so there's a concept of a global catalog server which means that in each of those offices New York London or Paris the global catalog server knows where everything else is and can redirect it so in New York for example you're mostly going to be authenticating to the New York servers but say for example you did need to actually make an authentication to a server in France in Paris then what would happen is the global catalog server would have information about the stuff in Paris and it could actually redirect that information not everything needs to be a global catalog server but I'm going to leave it ticked in this place the readon domain controller is very important in a multimaster environment a domain controller itself can both read and write all of the records on its database the readon domain controller was a feature that was brought in in Windows Server 2008 R2 and the feature was supposed to be for servers that are put into a physically insecure location maybe it would be actually on site maybe it would actually be in for example a retail location where somebody could pick up and walk out with that server we would also heavily encrypt that with things like bit Locker so we don't need to do this on a normal day-to-day basis the directory Services restore mode password is very very important and you shouldn't lose this one this allows us to actually do restores from tapes and restores from backups um and should probably be set at the same password for your other domain main controllers as well if we want to actually replicate an existing copy of the database we could install it from media but we' need to drop that out of an existing domain controller um I'm just going to leave this to replicate from any domain controller it's going to pick the most efficient one possible these database locations are 99% of the time don't need to be changed these are the locations where the database for active directory is going to be stored only switch these if you absolutely need to uh for most scenarios you can leave those as defaults this is actually going to create underneath here a Powershell script that it's going to send into the system so you can actually take that Powershell script and use this for future installations if you want to but that's all that this wizard has done it's just basically built a Powershell script for me so I'm going to click next and I'm going to click install here and I'm going to wait for this to actually promote itself to a domain controller it might take a few minutes to do a few moments later okay this server is now successfully configured as a domain controller I can close this down what I can also do today is I can go and have a look at tools and I can go and look at active directory users and computers so this is actually going to essentially show me the contents of that database across my machines and what I can see down here is if I go into domain controllers I now have sead dc1 and SCA svr1 that have actually become domain controllers inside my environment I don't need to subselect either of these my computers are just going to use used the most available one at the time and both of these are actually currently set as Global cataloges as well so what has actually happened is we have taken an existing server made it into a domain controller or installed software promoted it and added it to an existing domain ready for use I hope you enjoyed this tutorial for how to actually convert a server into a domain controller and you'll join me next time for some more quick tutorials on Windows Server 2022 and you know the routine # like And subscribe and I hope you enjoyed this video and we'll join me next time goodbye

Info

Channel: Mike in the Cloud

Views: 783

Rating: undefined out of 5

Keywords:

Id: 97nVgIQww-I

Channel Id: undefined

Length: 13min 1sec (781 seconds)

Published: Thu Mar 21 2024