====== Your First Domain Controller ======

See also: **[[networking:windows:active_directory:domain_controller_no2|Additional Domain Controllers]]**

See also: **[[networking:windows:active_directory:ad_password_complexity|Active Directory Password Management]]**

===== Windows Server 2016 =====

https://ittutorials.net/microsoft/windows-server-2016/setting-up-active-directory-ad-in-windows-server-2016/

==== Prerequisites ====

  - Configure **host name**
  - Configure networking with a **static IP**
  - Verify **Windows is activated**

Using the **Server Manager**:

    - Install the **Active Directory Domain Services** role
    - Install **DNS Server** role 
    - Install the **.NET Framework 3.5 and .NET Framework 4.6** features
    - Select **Promote this server to a domain controller** once the installation finishes
    - Most SMB admins can **accept the defaults for most options**
    - Choose an AD **domain name**
      * Microsoft recommends using **fully qualified DNS subdomains** like ''corp.yourinternetdomain.tld''
      * You'll use the **first part** as the 'short' (NETBIOS) domain name like ''corp''
    - SMB admins can generally **Ignore the DNS delegation warning**

{{ :networking:windows:active_directory:first_dc_server_mgr_00_add_role.png?300 |Server Manager}}
{{ :networking:windows:active_directory:first_dc_server_mgr_01_add_role_wizard.png?700 |Add Role Wizard}}
{{ :networking:windows:active_directory:first_dc_server_mgr_02_add_role_local_server.png?700 |Select Local Server}}
{{ :networking:windows:active_directory:first_dc_server_mgr_03_add_role_adds.png?700 |Select ADDS Role}}
{{ :networking:windows:active_directory:first_dc_server_mgr_04_add_role_adds_selected.png?350 |Confirm Features Needed by ADDS Role}}
{{ :networking:windows:active_directory:first_dc_server_mgr_05_add_features.png?700 |Select .Net 3.5 Feature}}
{{ :networking:windows:active_directory:first_dc_server_mgr_07_adds_locations.png?700 |Accept Default Paths}}
{{ :networking:windows:active_directory:first_dc_server_mgr_08_adds_prerequisite_check.png?700 |Click Install to Continue}}
{{ :networking:windows:active_directory:first_dc_server_mgr_09_adds_new_forest.png?700 |Create a new Forest for the New Domain}}
{{ :networking:windows:active_directory:first_dc_server_mgr_10_adds_options.png?700 |Set Your Restore Mode Password}}
{{ :networking:windows:active_directory:first_dc_server_mgr_11_adds_promote.png?700 |Promote Your New DC}}
{{ :networking:windows:active_directory:first_dc_server_mgr_12_adds_short_name.png?700 |Choose the Short (NETBIOS) Directory Name}}
{{ :networking:windows:active_directory:first_dc_server_mgr_13_adds_warning.png?700 |Ignore the DNS Delegation Warning}}

===== Configuration =====

==== Users and Groups ====

  * Create users and groups
    * ''Active Directory Users and Computers'' (ADUC)
  * Manage group policy
    * **Start -> Run -> gpmc.msc**
  * Edit local policy
    * **Start -> Run -> gpedit.msc**

==== Timekeeping ====

See: **[[networking:windows:windows_time|Windows Timekeeping Configuration]]**

==== Home Directories ====

See: **[[networking:windows:active_directory:home_directories|Windows Home Directories]]**

==== Shared Printers ====

See: **[[networking:windows:printer_shared|Shared Printers]]**

==== Login Script ====

See: **[[networking:windows:logon_script|Login Scripts]]**

==== Roaming Profiles ====

See: **[[networking:windows:active_directory:roaming_profiles|Roaming Profiles]]**

==== Folder Redirection ====

See: **[[networking:windows:active_directory:folder_redirection|Folder Redirection]]**

==== Group Policy ====

See: **[[networking:windows:active_directory:group_policy|Windows Group Policy]]**

and: **[[networking:windows:active_directory:group_policy_printers|Install Network Printers Automatically at Login using Group Policy]]**