Skip to content

18 building domain control

  1. Some important information :

Active Directory Domain Service (ADDS)

This image illustrates the structural concept of connecting devices to a domain:

Adding a Role (ADD): The first step is to install the Active Directory Domain Services role, then begin the configuration process.

Domain Controller (DC): This represents the primary server that manages the domain. Here, it's called the PDC (Primary Domain Controller) and holds a test domain such as Test.local.

Switch: The diagram shows that the server and client devices are connected through a central "switch" to facilitate data exchange.

Joining a Domain: This shows the process by which a device transitions from WorkGroup mode to Domain Join mode, becoming managed by the server.

Forest & Functional Levels :

This image illustrates advanced forest and domain management concepts:

Forest Function Level (FFL): This is the minimum version of Windows Server that the forest accepts for a domain controller to function.

Domain Functional Level (DFL): If a domain's level is higher than the forest level, any child domain must meet this requirement.

Upgrade Rule: A domain can be raised (Up) normally, but it cannot be lowered (Down) once it has been upgraded.

Hierarchical Structure:

Forest Root Domain: This is the first domain created in the forest (e.g., Vodafone.local).

Parent Domain: Primary domains (e.g., Egypt, USA, Ger).

Child Domain: Subdomains (e.g., Naser City).

Domain Controller Capabilities

Domain Name System (DNS):\ It is essential for translating domain names into IP addresses within the domain.

Global Catalog (GC):

  • It is a component of the Active Directory database.

  • It contains partial information about every object within the entire forest, such as Organizational Units (OUs), Users, and Groups.

Directory Services Restore Mode (DSRM)

DSRM Password: This is the password for the local administrator account (Local Admin).

Usage: It is used when performing a data restore or backup recovery.

Access Method: This mode is accessed by pressing the F8 key during system startup to enter Repair Mode.

AD DataBase :

The components of data storage within the system are described below:

NTDS (.dit): The primary database file located at C:\Windows\NTDS. It is divided into a database folder and a log folder.

SYSVOL: A folder created automatically by the system. It contains policies and scripts and has "read-only" permissions for all objects within the domain.

  1. Steps to install and configure Active Directory Domain Services (AD DS) :

Add Role

How to start installing the service itself through Server Manager:

  • Select installation type: Choose the installation type.\ In this step, “Role-based or feature-based installation” is selected :

Select destination server:

  • Select the target server (in the image, a server named PDC is shown) :

Select server roles :

  • This is the most important part, where you specify the Active Directory Domain Services. A sub-dialogue appears asking you to add the required features (Add Features) to support this role :

next and next and next

Active Directory Domain Services:

  • An introductory page explaining the role of AD DS in network management :

Installation progress: Shows the installation process progress until completion (Done Add Role) .

  1. Configure Active Directory

After the role is established, the next step is to upgrade the server to a "Domain Controller":

Upgrade (Promote): Begin by clicking the yellow exclamation mark in Server Manager and selecting "Promote this server to a domain controller" :

Deployment Configuration: Select "Add a new forest" and name the domain (in the example: aas.local ) :

Domain Controller Options: Specify Functional Levels and enter a Service Recovery Password (DSRM). Note that the DNS server and Global Catalog options are enabled.

DNS Options: A note about DNS delegation appears :

We need this when the child delegates DNS authority to the parents. But here we will click next.

Additional Options: Check the NetBIOS name (shown in the example as AAS):

Paths: Specify the paths to the database and log (NTDS) and the SYSVOL folder :

Review Options & Installation: Review all settings and then begin the final installation :

Restart

  1. Final Stage (Done) Login Screen:

  2. A screenshot of the Windows lock screen appears with the new username in the domain format: AAS\Administrator :

✅ Restart: The guide concludes with Restart and DONE YA BRO to indicate successful completion.