Document Name | Domain Controller Implementation and configuration – SaveTheChildren |
Date Created | 21-08-yyyy |
Review Date | 30-08-yyyy |
Version No. | V2.0 |
Author | Your Name |
The purpose of this document is to provide SaveTheChildren Charity Organization with a knowledge document on how to set up their domain controller to house their user details and groups. This will help them migrate to the cloud in azure by syncing with Azure active directory.
Scope
The scope of this document is to provide the SaveTheChildren with information such as
· Reasons for using a domain controller
· Limitations in our set-up
· Setup instructions step by step
· How to create user groups
· How to create users
3. Reasons for using a domain controller
The domain controller is the heart of any organization with an on-prem presence. A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information, and enforces security policy for a domain. It is most commonly implemented in Microsoft Windows environments where it is the centerpiece of the Windows Active Directory service. However, non-Windows domain controllers can be established via identity management software such as Samba and Red Hat FreeIPA.
Domain controllers are typically deployed as a cluster to ensure high availability and maximize reliability. In a Windows environment, one domain controller serves as the Primary Domain Controller (PDC), and all other servers are promoted to domain controller status in the domain server as a Backup Domain Controller (BDC).In Unix-based environments, one machine serves as the master domain controller and others serve as replica domain controllers, periodically replicating database information from the main domain controller and storing it in a read-only format.
4. Limitations in our set-up
In our set-up, we do not have access to the azure active directory as implied in the figure below.

Our implementation will not sync with the AAD module using an Azure Active Directory connect server as implied in the diagram below.

5. Setup instructions step by step
This section provides step-by-step instructions with screenshots to deploy a VM and set up DC.

Figure 3 shows the basic details such as the resource group the VM will be in, and the subscription used to cover the costs of the VM. It includes details such as region of deployment, the OS we will use, in this case – windows server 2019 datacentre edition. We have selected no redundancy as there is no free quota on a free subscription.

Figure 4 shows the networking concepts used for the VM deployment. We have created a subnet with 10.0.0.0/24 and assigned a dynamic public IP to reduce costs. This IP will be decommissioned after the entire setup is completed for security purposes. A network security group is created to add rules and policy regarding connection incoming and outgoing.

Figure 5 shows the backup policy created to ensure that we can always recover from a disaster. In our case to cut down costs we have created a weekly backup every Sunday at 6pm and will retain that copy for 5 days. This replication is one of the best practices to ensure reliability in the case of disasters.

Figure 6 shows the data disk we have attached to the VM as we may require additional storage to store data that can persist and install application backups.

Figure 7 shows the successful deployment of the VM adhering to our configurations.

Figure 8 shows the network topology diagram for the deployed VM and its resources in the resource group at this stage.
As the domain controller is vital for the functioning of Active Directory, the configuration should be done carefully to avoid any errors. Follow the steps below to make sure your domain controller is set up perfectly.
Before you begin, ensure you assign a static IP address to your Domain Controller to help Active Directory objects locate the Domain Controller easily. We will not stop the VM to ensure that the dynamic address is valid for the proof-of-concept stage.
- Log into your Active Directory Server with administrative credentials.
- Open Server Manager → Roles Summary → Add roles and features

The “Before you begin” screen, which pops up next, is purely for an informational purpose. You may read through it and click “next”.
Select the installation type. If you’re going to deploy your DC in a virtual machine, choose Remote Desktop Services installation. Else, choose Role-based or Feature-based installation.

Now, select the destination server on which the role will be installed. Make sure the IP address points to the selected server. Else, close the server manager and retry.

Select the roles you want to install on this server. The basic requirement to promote this server into a domain controller is in Active Directory Domain Services.



The basic features required for the proper functioning of this role are selected by default. Click next to install them.
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4462760071454301


Confirm your installation selections. It is recommended to select the “Restart the destination server automatically if required” button. Select “Install” and once the installation is complete, close the window.

Once the ADDS role is installed in this server, you will see a notification flag next to the Manage menu. Select “Promote this server into a domain controller”
Select “Add a new forest” and enter the Root domain name. This domain name will also be the forest name.



Select a forest functional level and a domain functional level of your choice. Ensure that the domain functional level is equal to or higher than the forest functional leave.
Since this is the first domain controller, it automatically becomes the DNS server and also the Global Catalog (GC). Enter a unique Active Directory Restore Mode password used to retrieve Active Directory data.
Since a DNS Server is being configured as part of our efforts, you’ll be warned that a delegation for this DNS server cannot be created. This can be safely ignored.


Enter a NetBIOS name for your domain. It is preferable to match the NetBIOS name with the root domain name. For more information on NetBIOS name restrictions, see
https://support.microsoft.com/en-us/kb/909264

Select the folder where your database, log files, and SYSVOL will be stored. It is recommended to stick to the default settings.

Review your options and click Next. A prerequisites check will be done by Active Directory. Once it is completed, click Install.


Your system will be rebooted automatically for the changes to take effect. Verify the health of the domain controller as shown below. All services in green.





6. Next steps
These steps will confirm that the DC is functional and can be setup to give user permissions for virtual remote desktop as a service in both on-prem and access permissions to the cloud workflows.
- Creating a new VM with windows 10 professional as OS
- Adding its DNS to be the DC we just created
- Adding the VM we added to the DC computer group in Melbourne org unit we created.
- Testing login from the profiles we created in DC