Last Updated on December 26, 2022 by Mathew Diekhake
It’s possible to set up a local domain controller on a Microsoft server to have a server computer. A local domain controller can be set up within a Windows domain.
A domain, in Microsoft’s sense of the word, can make it possible for the one account to gain access to many computer resources, all from the one username and password combination. Some of those resources include managed Group Policies, change number of rights for Group Policies, have all Group Policies through a domain, and so forth.
Most good operating systems offer something similar, but the term “local domain” is unique to the Microsoft Windows operating system, so whenever you hear it you know to think Windows.
How to Install Windows Server 2016
1. You’ll need to install Windows Server 2016 before you can start setting up your local domain controller. You can download the Windows Server 2016 from the Microsoft website.
2. It’s possible to install the Windows Server 2016 on a virtual server or a physical machine. Those of you who are choosing to go down the virtual machine route will need to select the “ISO file” from the install media option on the downloading page. On the other hand, everyone using a physical machine should choose the the option to “Create DVD” or “Flash install media.” instead.
3. Once it’s downloaded, boot up the Windows Server 2016 from the installation media. Before the operating system boots up, you’ll see a message asking you to enter your product key. You can find that generic product key information from the “Preinstall information” available from the downloads page. Once you’ve entered the product key into the available field, click on the “Next” button in the bottom right corner of the window.
4. The next window asks you what “Operating system you want to install” and it’ll have the available ones for you to choose from within the field beneath where it says that. Highlight the Windows Server version you can see in that field by clicking on it once and then click on the “Next” button at the bottom of the window.
5. It’ll now run through a standard Windows operating system installation. Follow all the usual steps that you can see on your computer’s display and enter any information requests before it goes any further, making sure you don’t set up things differently to how you would want them as well. You’ll eventually get to the part where you need to enter a username and password for your account. Once you’ve filled those in, click on the “Finish” button in the bottom right corner.
6. You’ll now see a blank screen, likely with today’s’ date and the current time on it as well, known as the lock screen. Press the CTRL+ALT+DEL keys on your keyboard, enter the password and then sign in to your new account.
How to Setup Windows Server 2016
1. The first thing you’ll notice is your computer’s display has a screen resolution that likely isn’t looking very good for you since the default resolution is 1024 X 768, coupled with a 4:3 aspect ratio. To change it, minimize the dashboard and then click on the “Display Settings.” Windows will then give you a message suggesting that “This app can’t open,” when in fact it can if you just click on the “Close” button. Now you can start changing the resolution and aspect ratio to the one that fits your computer’s display properly.
2. Open the dashboard again, that you had just minimized before to get to the Display Settings, and then click on the “Local Server” link from the left side pane. Look where it says “Last checked for updates” and then click on the link that says “Never.” Now run the Windows Update to make sure that your Windows Server 2016 is up to date with the latest software (this part is critical so don’t skip it).
3. The last thing you’ll need to do during the set up process is to set a static IP address. You can get a dynamic IP address assigned to this by selecting an IP outside the DHCP IP pool. You can check your router settings to find out the IP pool it used by default and then go from there.
Setup Active Directory Domain Controller
1. Click on “Manage” from the top right corner and then click on the “Add Roles and Features” link from the menu.
2. It’ll show you a bunch of stuff for you to read in the Before you begin section. Have a quick read and take it all in before clicking on the “Next” button located at the bottom of the window.
3. It should now be on ‘Installation type” from the left side pane. Select the “Role-based or feature-based installation” option from the right side pane by moving the checkmark so that it is next to that option. Click on the “Next” button at the bottom of the window when you’re ready to continue.
4. Check that it’s on “Server selection” from the left side pane now and then put a checkmark next to the “Select a server from the server pool” option and check that your server is listed beneath it before clicking on the “Next” button at the bottom of the window once more.
5. It should now be on “Server Roles” from the left side pane. In the right side pane for that, find the “Active Directory Domain Services” option and click on it. A new pop-up window opens once you do, and there’s an “Add features” button at the bottom of it that you need to click on next.
6. Click on the “Next” button at the bottom of the window again.
7. It’ll now show you the list of features. Click on the “Next” button at the bottom of the window again, without having made any adjustments.
8. It now shows you the “Active Directory Domain Services” window. Click on the “Next” button at the bottom of the window once again.
9. The Confirmation option should now be selected in the left side pane. Click on the “Install” button from the right side pane to start the installation. (You’ll now see a close button at the bottom of the window that you can click if you want to close the window and the installation will continue to run in the background until it’ finished.)
How to Create a Domain
1. There will now be a yellow exclamation triangle in the top right corner, just to the left of the “Manage” link. Click on the yellow triangle and then click on the link that says “Promote this server to a domain controller,” which is a link you’ll see after the installation has completed and succeeded.
2. It’ll then open up to the Deployment Configuration, as shown by the link in the left pane side. Leave it there and click on the “Add a new forest” option from the right side pane. Make sure you add the “Root domain name” in the available field directly below and then click on the “Next” button at the bottom of the window.
3. It then opens up the Domain Controller Options, as shown in the left side pane. Now look in the right side pane for the available fields to enter a DSRM password. This is the password that you will need should something go wrong and you one day need to run a restore of the Directory Services. In other words, make sure you fill this password in and make sure it’s field in with digits that you know you’ll remember. Without it you’ll wind up in a world of trouble should you ever need it, Click on the “Next” button at the bottom of the window once the password has been set.
4. It’ll now open up to the DNS Options, and you’ll see a warning message from the right side pane. Don’t worry about this warning as it’s one that you can completely ignore. Just leave everything there and click on the “Next” button at the bottom of the window to continue.
5. The Additional Options page is now open on your screen. Check that the NetBIOS domain name is correct—it should read the prefix of your local domain name. For example, if my domain name were consuming.tech, the prefix would be “consuming.” Click on the “Next” button when you’ve verified this is accurate.
6. It now shows you a few default paths from the right side pane. There’s no need to change anything you see from here. Click on the “Next” button at the bottom of the window to continue.
7. It now opens up the review Settings so you can review everything you’ve done. Click on the “Next” button when you’re ready to continue.
8. When the Prerequisites Check page opens, look in the right side pane and make sure that you can see a green tick next to where it says “All prerequisite checks passed successfully. Click ‘Install’ to begin installation.”
9. A message will now pop-up on the computer’s display, letting you know that “You are about to be signed out.” Click on the “Close” button and wait for the Windows server to restart automatically as it needs to reboot before you can continue.
10. You’ll now see the sign-in screen once the computer boots back up. In the bottom right corner is a symbol letting you know that you currently have no network, easily identifiable by hovering the mouse cursor over it or by clicking on it if you must. To fix this, you need to change it back to your default gateway. You can find this information in your Internet Protocol Version Properties dialog box if you need it.
11. Test it out by opening up a web browser and trying to load a website before continuing. By default the webpages will be blocked by the Enhanced Security Configuration, though you’ll easily get around this because it brings up a pop-up window letting you know about the issue, and that window has a small “Add” button that you need to click on to add the webpage to the list of websites you’d like to be allowed.
How to Add Users to Active Directory
1. Click on the “Tools” link from the top right corner, followed by “Active Directory Users and Computers” to add users who will then be allowed to sign in. (Each user needs to be added manually before they can sign in.)
2. From the left side pane, click on your domain name so that it expands and then click on the “Users” folder, followed by the “New User” button located in the menu—it looks like the picture of a person’s upper body, a couple of icons to the right of the question mark box.
3. Fill in all the details for your new user, including the name and so forth in the available fields and then click on the “Next” button at the bottom of the window.
4. Make sure that the “Password never expires” checkbox is checked and then type the password that user desires into the available field, and confirm that same password by typing it again in the available field for that as well. Now click on the “Next” button at the bottom of the window to continue.
5. Click on the “Finish” button after checking that the details you entered are correct and the new user will then be added.
6. You’ll now see that user you just created in the right side pane if you still have the “Users” folder selected from the Active Directory Users and Computers window. You can now right-click on that user’s name and then click on the “Properties” link from the context menu. It’s in here where you can choose to make that user a member of the administrators or something else by navigating to the Member of > Add, and then typing or selecting “Administrators” in the available field under where it says “Enter the object names to select.” Once you’re done, click on the “OK” button and then it’ll be saved. (Note that you need to create all user account, including one for yourself. You’ll want to give yourself the administrative permissions or to one of the accounts that you create so at least one user has them.)
7. Once you’ve created an account for yourself, you can always sign in to your computer using those same credentials. Likewise, the accounts you create for other users will be available to use from the sign-in screen as well.
You might also be interested in:
- How to Open Context Menu for Taskbar Icons in Windows 10
- How to Add/Remove Locations for Search Index in Windows 10
- How to Set CPU Process Priority for Applications in Windows 10
- How to Encrypt Single Files and Folders in Windows 10
You can subscribe to our RSS, follow us on Twitter or like our Facebook page to keep on consuming more tech.