Configuring a combination Domain Controller, DNS server, and DHCP server
The directory structure that Microsoft networks use to house their users and computer accounts is called Active Directory (AD), and the directory information is controlled and managed by Domain Controller (DC) servers. Two other server roles that almost always go hand-in-hand with Active Directory are DNS and DHCP, and in many networks these three roles are combined on each server where they reside. A lot of small businesses have always made do with a single server containing all three of these roles, but in recent years, virtualization has become so easy that almost everyone runs at least two DCs, for redundancy purposes. And if you are going to have two DCs, you may as well put the DNS and DHCP roles on them both to make those services redundant as well. But I'm getting ahead of myself. For this recipe, let's get started building these services by installing the roles and configuring them for the first time: the first DC/DNS/DHCP server in our network.
Getting ready
The only prerequisite here is an online Windows Server 2016 that we can use. We want it to be plugged into a network and have a static IP address assigned so that as you add new computers to this network, they have a way of communicating with the domain we are about to create. Also, make sure to set the hostname of the server now. Once you create a domain on this controller, you will not be able to change the name at a later date.
How to do it…
Let's configure our first DC/DNS/DHCP server by performing the following set of instructions:
Add the roles all at once. To do this, open up Server Manager and click on your link to add some new roles to this server. Now check all three: Active Directory Domain Services, DHCP Server, and DNS Server:
When you click on Active Directory Domain Services, you will be prompted whether you want to install some supporting items. Go ahead and click on the Add Features button to allow this:
You are going to click Next through the following few screens. We don't have to add any additional features, so you can read and click through the informational screens that tell you about these new roles.
Once satisfied with the installation summary, press the Install button on the last page of the wizard.
Following installation, your progress summary screen shows a window with a couple of links on it. They are Promote this server to a domain controller and Complete DHCP configuration. We are going to click on the first link to promote this machine to be a DC.
Now we are taken into the configuration of our DC. Since this is the very first DC in our entire network, we choose the option Add a new forest. At this point, we also have to specify a name for our root domain.
Tip
It is very important to choose a root domain name that you like and that makes sense for your installation. Whatever you enter here will more than likely be your domain name forever and always!!
This might be a good opportunity for a little side-bar of definitions and explanations. You can think of a forest as the top level of your Active Directory structure. Within that forest, you are setting up a domain, which is the container within your forest that contains your user, computer, and other accounts that will be joined to the domain. You can contain multiple domains within a forest, and multiple forests can share information and talk to each other by using something called a trust.
You can see that I have named my domain MYDOMAIN.LOCAL. The .local is important to discuss for a minute. It is really just a common specification that many companies use to clarify that this domain is an internal network, not a public one. However, I could have just as easily named it CONTOSO.COM, or JORDAN.PRIV, or many different things.
Another practice that I see often is for companies to use the same domain name inside their network as they do publicly. So basically, whatever their website ends in, that is their public domain name. You could certainly set up the internal domain name to be the same. This practice is commonly referred to as split-brain DNS. It used to be something that Microsoft warned against doing, but many companies do it this way, and all of the technology has evolved around this so that the Microsoft networking parts and pieces will all work just fine with split-brain DNS these days, though it does usually take additional consideration when setting up any new piece of technology.
Tip
Once last important note: it is not recommended to set up your domain as a single label name, for example, if I had called it just MYDOMAIN. While this is technically possible, it presents many problems down the road and is not recommended by Microsoft.
On the Domain Controller Options screen, you can choose to lower the functional level of your forest or domain, but this is not recommended unless you have a specific reason to do so. You must also specify a DSRM password on this screen in case it is ever needed for recovery. You will receive a DNS Options warning message on the next page. This is normal, because we are turning on the first DC and DNS server in our environment.
The following two screens for NetBIOS and Paths can be left as the default unless you have a reason to change their settings.
Once you have reviewed the installation plan, go for it! There may be some informational and warning messages that show themselves, but you should see a green check mark telling you All prerequisite checks passed successfully, which means you are ready to proceed. When the server is finished being promoted to a DC, it will have to restart.
Following the restart, you will have noticed that you are now forced to log in to the server as a domain account. Once a server has been promoted to a DC, it no longer contains local user accounts on the system. All logins to the server from this point forward will have to be user accounts within the domain. Go ahead and log in as such.
Inside Server Manager you will have a notification up top to Complete DHCP configuration. Go ahead and click on that.
You don't have to specify anything in this wizard. Simply click through the steps.
How it works…
Configuring your first DC is essential to having a successful Microsoft Windows network. Now that the roles are installed for AD, DNS, and DHCP, we have the core infrastructure in place to start joining computers to the domain, adding users to the network, and shuttling around some network traffic! Each of these technologies has enough depth to warrant their own book, so there is no way that we can cover everything here. I hope that this tutorial will get you comfortable with enabling these system-critical functions in your own network. Having the ability to create a network from scratch is priceless ammunition to a server administrator.
See also
It is also possible to install Active Directory on your DCs through the use of PowerShell. Since we are discussing the use of PowerShell throughout this book to start utilizing it for some day-to-day tasks, make sure to check out the following links and try doing it this way on the next DC that you want to create: