Site icon RDR-IT

Windows Server 2022: Installation of an Active Directory domain controller

In this first tutorial dedicated to Windows Server 2022, I will show you how to install an Active Directory domain controller.

Si vous débutez avec les services Active Directory, je vous invite à suivre le cours j’ai créé avant :

In this tutorial, here is what we will see:

Before starting, you should know that Windows Server 2022 does not provide a new level of forest and domain functionality, so we remain on a Windows Server 2016 level.

Windows Server 2022 also does not bring a schema update, which is a first, the highest schema version is 88 which arrived with Windows Server 2019.

Si vous êtes habitué à l’installation de contrôleur de domaine, il n’y a pas réellement d’évolution par rapport à Windows Serveur 2019 ou 2016.

Prerequisites before installing the AD DS role

Before launching the role installation wizard you must:

If you add a Windows Server domain controller to an existing environment, you must also:

Installing the AD DS role on Windows Server 2022

From the server manager, click on Add roles and features 1.

When the wizard starts, click on the Next 1 button.

Type of installation choose Installation based on a role or a feature 1 then click on Next 2.

Select the server 1 where the AD DS role will be installed and click the Next button 2.

In the list of roles, check the box for AD DS 1.

Confirm the addition of the administration consoles by clicking on Add features 1.

Now that the AD DS role is selected, click Next 1.

Skip the functionalities by clicking on the Next 1 button.

A summary of Active Directory Domain Services is displayed, click Next 1.

Confirm the installation of the AD DS role by clicking Install 1.

Wait during the installation …

Once the installation, exit the wizard by clicking on Close 1.

From Server Manager, we can see that AD DS role 1 is installed and action is required 2 to promote the server as a Domain Controller.

If you want to save “time”, it is possible to install the AD DS role with PowerShell using the command below:
Install-windowsfeature -name AD-Domain-Services –IncludeManagementTools

Create a new Active Directory domain by promoting the first domain controller

In this part, we will see how to create an Active Directory environment with the promotion of the first domain controller.

In production, it is recommended to have at least 2 domain controllers.

From the server manager, click on the notification icon then on Promote this server to a domain controller 2 to start the wizard.

The promotion wizard starts, before Windows Server 2012, we used the dcpromo.exe command

Select the operation: Add a new forest 1 then enter the domain root name 2 and click on Next 3.

The root name must be composed of a tld (Top Level Domain) public or not (.lan, .corp, .com …) and a name which can be that of your company for example.

The domain does not have to be registered.

For practical reasons, we avoid using a public domain that we use, such as that of the company’s Internet site.

Also take into account, that this name will be used for user logon in the form login@domain.tld

If you want users to open their session with their email address, it is possible to add a UPN suffix later, which allows you to have login@domain-public.com

Enter a password for Directory Services Restore Mode 1 and click Next 2.

The DSRM password must imperatively be noted somewhere, it allows you to connect to the server if the AD DS services no longer work and to allow a repair.

The DNS server role is installed on the domain controller, which is normal, a lot of Active Directory services rely on DNS records, which allows the client to find domain controllers.

On the screenshot, we can see that the functional level is Windows Server 2016.

Skip the DNS options by clicking Next 1.

The DNS delegation warning message can be ignored because we are not going to publish the Active Directory environment to the Internet.

Once the NETBIOS name is generated 1, click Next 2.

The NETBIOS name is still used primarily for compatibility reasons.

To learn more about NETBIOS : NetBIOS – Wikipedia

The wizard suggests changing the NTDS and SYSVOL directories, generally, the default directories are used. Click on Next 1.

An option summary is displayed, verify the information then click Next 1.

The wizard will check the configuration, if no blocking error is detected, start the creation of the domain (forest) by clicking on Install 1.

Wait during the installation … at the end of the installation, the server restarts and will be a domain controller.

Once the server has restarted, connect with the password of the Administrator account of the server, on the capture, we can that the login is now NOM_NETBIOS \ administrator.

The server is now a domain controller, it can be seen through the server manager.

If you also look at the IP configuration, you can see the DNS server is configured on itself DNS server.

A domain controller no longer has its local user database (SAM), to add users, you must now go through the Active Directory Users and Computers console.

For security reasons, it is recommended not to use the Administrator account, you must now create a dedicated user who will be a member of the Domain Admins group.

To join computers to the domain, they must have the domain controller as their DNS server, and so that the computers can go to the Internet, it is advisable to configure a DNS forwarder.

In addition to the course on Active Directory that I advised you at the beginning of this tutorial, if you are new to AD DS, I invite you to read this tutorial: Active Directory: installation and configuration of a domain controller

Now that you are ready, we will see how to add a controller to ensure the redundancy of Active Directory services.

Add a Windows Server 2022 Active Directory domain controller to an existing domain

For the installation of the AD DS role, I let you reread the beginning of the tutorial.

Before launching the Active Directory services configuration wizard, we will make sure that the server resolves the domain.

From a command prompt, ping the domain.

From the notification area, start the wizard by clicking on Promote this server to a domain controller 1.

When the wizard is launched, let select: Add a domain controller to an existing domain 1 and click on the Modify button 2 to indicate an account that is a member of the Domain Admins group.

Enter the username (DOMAIN \ login or login@domain.tld) 1 then the password 2 and click OK 3.

Reminder: in the event of a schema version upgrade (existing domain controller prior to Windows Server 2019), the account indicated must be a member of the Company Administrators and Schema Administrators group. Once the operation is complete, the account will need to be removed from the groups.

If the information is correct, the domain is automatically added 1, click on Next 2.

If the domain is not added, click on the Select button to choose it.

In the Domain controller options part, check the box DNS server (Domain Name System) 1 then enter the DSRM password 2 and click Next 3.

Check that the Global Catalog (GC) box is checked. In a single-domain environment, the recommendation is to leave all domain controllers with the Global Catalog option.

More information here: What is a Global Catalog (GC)? – Definition from Techopedia

In the DNS options, uncheck the Update DNS delegation 1 box and click Next 2.

Skip the installation options by clicking Next 1.

If necessary, change the default folders, otherwise click on Next 1.

A summary of the options is displayed, click Next 1 after viewing them.

Once the checks have been validated, click on the Install button 1.

Wait during the promotion, after restarting the server will be domain controller.

After the restart, log on with an account that is a member of the Domain Admins group.

The server is a domain controller and a member of it:

From the Active Directory Users and Computer console, the server is located in the Domain Controllers organizational unit.

At the configuration level, if the DNS role has been added, the DNS server points to the address 127.0.0.1.


You now know how to install the AD DS role, configure an Active Directory domain and add a domain controller with Windows Server 2022.

If you are familiar with the AD DS role on earlier versions of Windows Server, Windows Server 2022 does not add anything new to configuring and administering an On-premise Active Directory environment.

Exit mobile version