What is a Windows Domain?
Think of a Windows Domain like a company’s “central office” for computers and user accounts. Instead of setting up logins, rules, and access on every single PC, an admin manages everything from one place, especially useful when there are lots of computers on the same network.
What is a Domain Controller (DC)?
A Domain Controller (DC) is basically the main server that runs the domain. It’s often called a “DC,” and it’s a Windows Server that has the AD DS role (Active Directory Domain Services).
Its biggest job:
– It handles sign-ins (security authentication). When you log into a work PC with your company username/password, the DC checks if you’re allowed.
What’s inside a Domain Controller?
1) Active Directory (AD)
Active Directory is like the domain’s directory / database of “things” in the company network such as:
Users (usernames & passwords)
Computers
Printers
File shares
Groups (like Domain Admins, Domain Users)
Organizational Units (OUs) to organize everything neatly
2) Group Policy (GP)
Group Policy is how admins enforce rules and settings across the network remotely. Examples:
Install software on many PCs at once
Set desktop backgrounds
Control which websites can be accessed
Manage security settings
How to Install Active Directory Domain Services (AD DS) and Promote a Server to a Domain Controller?
In this guide, you’ll install the Active Directory Domain Services (AD DS) role on a Windows Server and then promote the server to a Domain Controller (DC). Once AD DS is installed, your server becomes a domain controller and can manage users, computers, and network resources.
Step 1: Add the AD DS Role
Open Server Manager
Go to Manage → Add Roles and Features
Choose Role-based or feature-based installation, then click Next
Select your server (example shown: ITFDC01), then click Next
Check Active Directory Domain Services
When prompted, click Add Features, then click Next
Keep clicking Next until you reach Confirmation
Click Install and wait for it to finish
After installation, you’ll see that post-deployment configuration is required (this is normal).
Step 2: Promote the Server to a Domain Controller
In Server Manager, click the notification flag
Click Promote this server to a domain controller
You’ll see three options. For a brand-new domain, choose: Add a new forest
Then type your Root domain name (example:
testdomain.com) and click Next.Step 3: Configure Domain Controller Options
On the Domain Controller Options screen:
Keep DNS Server checked (needed for the domain to work properly)
Global Catalog (GC) should stay enabled (important when creating a new forest)
Do NOT select Read Only Domain Controller (RODC) (you want full control to make changes)
Create a DSRM password and store it safely (used for AD recovery/maintenance)
Click Next to continue.
Step 4: DNS Warning (This Is Normal)
You may see a warning about DNS delegation. This warning is expected in a lab environment and simply means public internet DNS won’t resolve your internal domain – which is perfectly fine and even safer.
Click Next.
Step 5: NetBIOS Name and Paths
The NetBIOS name will auto-fill (example:
TestDomain). You can leave it as default.Leave the default folder paths unless you have a specific reason to change them.
Click Next.
Step 6: Review and Prerequisite Check
Review your settings (optional: click View script to save a PowerShell script for later reuse)
Continue to Prerequisites Check
Wait for all checks to complete
You may see warnings (like DNS delegation or static IP warnings). In a typical lab setup, these are often not critical.
Step 7: Install and Reboot
Click Install. The server will complete the setup and reboot.
After reboot, log in again. You’ll notice the login format changes to:
DOMAIN\Username (example:
TestDomain\Administrator)In Server Manager, you should now see AD DS and DNS installed.
At this point, your server is now a fully working Domain Controller, and your domain is ready for managing users, computers, and policies.