AcadeNice/Lab_AD_Complet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Lab_AD_Complet/docs/etudiant/en/02-dc-promotion.md
Corentin 8e1b06e090 Initial lab release: Docker-based Active Directory lab 
Complete Active Directory teaching environment based on dockurr/windows:
- Windows Server domain controller, Windows 11 client, Debian 12 client
- docker-compose orchestration, env-driven configuration
- Bilingual documentation (FR + EN) for students
- Dual approach (GUI + PowerShell) in every procedure
- Instructor course plan and reference scripts
- RDP launcher scripts for Linux, macOS and Windows

Made by AcadéNice - https://acadenice.fr/
2026-04-17 11:29:49 +02:00

2.8 KiB
Raw Permalink Blame History

Promoting the server to a domain controller

Goal: turn the freshly installed Windows Server into the first DC of a new Active Directory forest. We also install the DNS role, required by AD.

What we create

An Active Directory forest is a logical structure containing one or more domains. Here we create:

  • a new forest with the configured domain at its root (corp.lab by default)
  • a first domain controller (DC01) hosting the AD database and DNS

A DC is critical: it handles authentication, GPOs, internal DNS. Production setups use at least two for redundancy. One is enough for this lab.

Preparation

Rename the machine first. Once promoted, a DC cannot be renamed without being demoted.

GUI

  1. Settings > System > About > Rename this PC (or Win + Pause > "Change settings")
  2. New name: DC01
  3. Restart

PowerShell

Rename-Computer -NewName "DC01" -Restart

If Rename-Computer refuses authentication on a fresh install, use the GUI or the registry approach (see troubleshooting.md).

Install the roles

After the reboot, open a session as Administrator.

GUI

  1. Open Server Manager
  2. Manage > Add Roles and Features
  3. Select:
    • AD DS
    • DNS Server
  4. Leave defaults, install
  5. When done, click the warning flag > Promote this server to a domain controller

PowerShell

Install-WindowsFeature -Name AD-Domain-Services, DNS -IncludeManagementTools

Promote to domain controller

GUI

  1. In the AD DS configuration wizard:
  2. Add a new forest > Root name: corp.lab
  3. Functional levels: keep the suggested value
  4. Check DNS Server and Global Catalog
  5. Set a DSRM password (Directory Services Restore Mode)
  6. Ignore DNS warnings (normal on a brand new DC)
  7. Validate, let the machine reboot

PowerShell

$dsrmPwd = Read-Host -AsSecureString "DSRM password"
Install-ADDSForest `
    -DomainName "corp.lab" `
    -DomainNetbiosName "CORP" `
    -InstallDns `
    -SafeModeAdministratorPassword $dsrmPwd `
    -Force

Key cmdlets:

  • Install-ADDSForest creates a new forest
  • Install-ADDSDomainController adds a DC to an existing forest

Validation

After reboot, log back in (account is now CORP\Administrator):

Get-ADDomain
Get-ADForest
dcdiag

The first two return domain/forest info. dcdiag runs integrity tests. Minor DNS warnings are normal on a standalone DC.

Notes

  • The DSRM password is independent of Administrator's. It is used in AD recovery mode. Keep it in your password manager.
  • Once promoted, a DC cannot be renamed without demotion first (Uninstall-ADDSDomainController).
  • Fresh dockur installs come with an auto-generated hostname (WIN-xxxx). Renaming before promotion is crucial.

Next

AD is live but empty. Create OUs, users and groups in 03-ou-users-groups.md.