Windows Server 2025 Core 24H2 | Active Directory Install & Configure, New Forest & Domain
This video is parallel and part of a series regarding the installation and configuration of Microsoft Active Directory. In this parallel video, we’ll create a new Active Directory forest and domain using Windows Server 2025—CORE. That means no convenient GUI. The procedures detailed here are the same for Windows Server 2022 Core and similar for Windows Server 2019 Core and 2016 Core.
Topics covered:
△ Operating System Preparation
△ Promotion to a Domain Controller
△ Post Domain Promotion First Actions
△ Next Domain Steps
Applies to: 🪟
Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016
Chapters
0:00 Introduction
1:02 Operating System Preparation
3:11 Promote the Computer to a Domain Controller
4:00 Post Domain Promotion First Actions
5:51 Create User and Computer Organizational Units
6:24 Create a New Administrator Account
6:52 Setup a DNS IPv4 Reverse Zone
7:10 Set up a Central Store for Group Policy Templates
8:22 Next Domain Steps
9:19 Thank you for watching, and please like and subscribe
Glossary:
AD = Active Directory
ADDS = Active Directory Domain Services
CIDR = Classless Inter-Domain Routing
DC = Domain Controller
DNS = Domain Name System
DSRM = Directory Services Restore Mode
FSMO = Flexible Single Master Operation (pronounced "fizmo")
GPO = Group Policy Object
GUI = Graphical User Interface
IPv4 = Internet Protocol version 4
IPv6 = Internet Protocol version 6
KCC = Knowledge Consistency Checker
NetBIOS = Network Basic Input/Output System
NTDS.DIT = New Technology Directory Services Directory Information Tree
OU = Organizational Unit
SSH = Secure Shell
SYSVOL = System Volume
SCONFIG = Server Configuration
PDC = Primary Domain Controller
OS = Operating System
DHCP = Dynamic Host Configuration Protocol
Additional Terms:
RID = Relative Identifier (part of the Security Identifier or SID, uniquely identifies objects within a domain)
SRV Record = Service Resource Record (DNS record used to define the location of services)
SAM = Security Account Manager (stores user accounts and passwords)
LDAP = Lightweight Directory Access Protocol (used to query and modify directory services)
FSMO Roles = Roles required for the proper operation of AD, including Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master
DNS Zone = A portion of the DNS namespace managed by a DNS server
RODC = Read-Only Domain Controller (a domain controller that holds a read-only copy of AD data)
UPN = User Principal Name (used to sign into AD, usually in the form of an email address)
SID = Security Identifier (a unique ID assigned to each user or group)
PowerShell CMDLETs (commands):
New-NetIPAddress `
-InterfaceAlias Ethernet `
-IPAddress [IPAddress] `
-PrefixLength [CIDR Notation] `
-DefaultGateway [router/gateway]
Get-WindowsFeature ad
Add-WindowsFeature AD-Domain-Services
Install-ADDSForest -DomainName [doman.name]
New-ADOrganizationalUnit "Domain Users"
New-ADOrganizationalUnit "Domain Computers"
$newAdminUser="New Admin User"
$newAdmUsrPW="subScr1be2Dar!en’sT1ps2024$"
New-ADUser $newAdminUser `
-Path "OU=Domain Users,DC=hawktips,DC=it" `
-PasswordNeverExpires $true `
-AccountPassword (ConvertTo-SecureString $newAdmUsrPW `
-AsPlainText -Force) `
-Enabled $true
$adminGroups=Get-ADUser Administrator -Properties memberof | `
Select-Object -ExpandProperty memberof
ForEach ($curGp in $adminGroups) {
Add-ADGroupMember -Identity $curGp -Members $newAdminUser
}
Get-ADUser $newAdminUser -Properties memberof | `
Select-Object -ExpandProperty memberof
Add-DnsServerPrimaryZone `
-NetworkId "ipnetwork/subnetlength" `
-ReplicationScope "Domain" `
-DynamicUpdate Secure
cd C:\Windows\SYSVOL\domain\Policies
New-Item -Type Directory PolicyDefinitions
Copy-Item -Recurse C:\Windows\PolicyDefinitions\* C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\
dir C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\
dir C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US\
Links:
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/tro...
https://learn.microsoft.com/en-us/tro...
https://learn.microsoft.com/en-us/win...
https://petri.com/how-to-copy-active-...
