AcadeNice/Lab_AD_Complet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Lab_AD_Complet/docs/etudiant/en/02-dc-promotion.md
Corentin 8e1b06e090 Initial lab release: Docker-based Active Directory lab 
Complete Active Directory teaching environment based on dockurr/windows:
- Windows Server domain controller, Windows 11 client, Debian 12 client
- docker-compose orchestration, env-driven configuration
- Bilingual documentation (FR + EN) for students
- Dual approach (GUI + PowerShell) in every procedure
- Instructor course plan and reference scripts
- RDP launcher scripts for Linux, macOS and Windows

Made by AcadéNice - https://acadenice.fr/
2026-04-17 11:29:49 +02:00

110 lines
2.8 KiB
Markdown
Raw Permalink Blame History

# Promoting the server to a domain controller
Goal: turn the freshly installed Windows Server into the first DC of a new
Active Directory forest. We also install the DNS role, required by AD.
## What we create
An Active Directory forest is a logical structure containing one or more
domains. Here we create:
- a new forest with the configured domain at its root (`corp.lab` by default)
- a first domain controller (`DC01`) hosting the AD database and DNS
A DC is critical: it handles authentication, GPOs, internal DNS. Production
setups use at least two for redundancy. One is enough for this lab.
## Preparation
Rename the machine first. Once promoted, a DC cannot be renamed without being
demoted.
### GUI
1. `Settings > System > About > Rename this PC` (or `Win + Pause` > "Change settings")
2. New name: `DC01`
3. Restart
### PowerShell
```
Rename-Computer -NewName "DC01" -Restart
```
If `Rename-Computer` refuses authentication on a fresh install, use the GUI
or the registry approach (see `troubleshooting.md`).
## Install the roles
After the reboot, open a session as Administrator.
### GUI
1. Open `Server Manager`
2. `Manage > Add Roles and Features`
3. Select:
- `AD DS`
- `DNS Server`
4. Leave defaults, install
5. When done, click the warning flag > `Promote this server to a domain controller`
### PowerShell
```
Install-WindowsFeature -Name AD-Domain-Services, DNS -IncludeManagementTools
```
## Promote to domain controller
### GUI
1. In the AD DS configuration wizard:
2. `Add a new forest` > Root name: `corp.lab`
3. Functional levels: keep the suggested value
4. Check `DNS Server` and `Global Catalog`
5. Set a DSRM password (Directory Services Restore Mode)
6. Ignore DNS warnings (normal on a brand new DC)
7. Validate, let the machine reboot
### PowerShell
```
$dsrmPwd = Read-Host -AsSecureString "DSRM password"
Install-ADDSForest `
-DomainName "corp.lab" `
-DomainNetbiosName "CORP" `
-InstallDns `
-SafeModeAdministratorPassword $dsrmPwd `
-Force
```
Key cmdlets:
- `Install-ADDSForest` creates a new forest
- `Install-ADDSDomainController` adds a DC to an existing forest
## Validation
After reboot, log back in (account is now `CORP\Administrator`):
```
Get-ADDomain
Get-ADForest
dcdiag
```
The first two return domain/forest info. `dcdiag` runs integrity tests.
Minor DNS warnings are normal on a standalone DC.
## Notes
- The DSRM password is independent of Administrator's. It is used in AD
recovery mode. Keep it in your password manager.
- Once promoted, a DC cannot be renamed without demotion first
(`Uninstall-ADDSDomainController`).
- Fresh dockur installs come with an auto-generated hostname (`WIN-xxxx`).
Renaming **before** promotion is crucial.
## Next
AD is live but empty. Create OUs, users and groups in `03-ou-users-groups.md`.
Reference in a new issue View git blame Copy permalink