Windows Server 2016 - Setup Local Domain Controller  

Page 2 of 2 FirstFirst 12
  1. slicendice's Avatar
    Posts : 3,662
    Windows 10 Pro x64 v1809 Build 17763.134 (Branch: RS5 Release Preview)
       10 Feb 2017 #10

    Awesome tutorial!

    There is one small but important step you did not mention, which should be part of every Server installation. That is setting the correct time and disabling internet time. AD does not need it that much but if you are going to use other server roles, it's extremely important that your time stamps are correct.

    Once installing other services, one should also make the AD server the default timeserver in the network so all computer times stay in sync with it. This could also be done during the initial installation, which is always better.
      My ComputersSystem Spec

  2.    11 Feb 2017 #11

    While the server product is not free, the eval copy is good for 180 days, and can be reinstalled.
      My ComputerSystem Spec

  3. Kari's Avatar
    Posts : 15,249
    Windows 10 Pro
    Thread Starter
       11 Feb 2017 #12

    pparks1 said: View Post
    While the server product is not free, the eval copy is good for 180 days, and can be reinstalled.
    Exactly. Plenty of time to test.
      My ComputerSystem Spec

  4.    21 Feb 2017 #13

    Do you have any tutorials or videos for setting up recommended group policies?
      My ComputerSystem Spec


  5. Posts : 33
    Windows 10 Pro for Workstations
       02 Mar 2017 #14

    altmoola said: View Post
    Do you have any tutorials or videos for setting up recommended group policies?
    The pertinent ones are pretty straight forward, but you have to be careful what you enable on the system running the server, particularly its hardware and whether client-connected PCs/laptops will be able to utilize those features and actually log on properly. For example, the usage of smart cards and various cryptography settings.
    And really GPO depends on how secure you want client-connected PCs and laptops when connected. That said, after setting up the Domain Controller, you will want to set up the Certification Authority with the Certification Authority Web Enrollment, followed ideally by a DHCP server. Remove the DNS relay feature from any physical hub/router you may have and use the server as the DNS relay. From there, you can easily assign static IP addresses using client MAC addresses and control IP ranges and firewall/port settings with ease.

    To start assigning GPO settings for provisioning, start at Policies > Windows Settings > Security Settings > Local Policies > Security Options. Here, I like disabling Administrator account status (after using it to assign myself a personal Domain Admin account), requiring the use of smart cards for interactive logon or CTRL+ALT+DEL at the very least, and disabling anonymous SID/Name translation right out of the gate.

    For Password Policy, you can change those to whatever you want, since their default settings can be annoying if you're just using the server for testing and nothing substantive. From there the rest of the stuff is pretty simple, though I recommend staying away from cryptographic features and settings unless you know what you're doing. That said, if your hardware allows for it, you can secure end-point PCs/laptops from 98% of virtual and physical intrusion attempts.

    Also invest some time in reading about nested virtualization to isolate server functions like MySQL databases. Virtualization is extremely important and vital to use for various server functions in order to isolate them from the physical server itself. Most of us who run full enterprise servers run multiple Domain Controllers on nested VMs and secure them using Host Guardian certificates for key and access management and Shielding, which are all features you can install from the Add Roles and Features Wizard.
      My ComputersSystem Spec

  6. Kari's Avatar
    Posts : 15,249
    Windows 10 Pro
    Thread Starter
       02 Mar 2017 #15

    DrEmpiricism said: View Post
    The pertinent ones are pretty straight forward, but you have to be careful what you enable on the system running the server, particularly its hardware and whether client-connected PCs/laptops will be able to utilize those features and actually log on properly.
    Very good post, thanks for sharing your insights.
      My ComputerSystem Spec

  7.    19 Mar 2017 #16

    Regarding the domain controller name, if I buy myself a domain,mydomain.info. Is it better if I name the root domain for mydomain.info or should I still go for mydomain.local? Or is it better if I call it ad.mydomain.info.

    Nice tutorial btw!
      My ComputerSystem Spec

  8. Kari's Avatar
    Posts : 15,249
    Windows 10 Pro
    Thread Starter
       19 Mar 2017 #17

    Hi Bcil, welcome to Ten Forums.

    A local domain is as name says local. It should not be named as any existing domain. If you have a site up and running on http://MyExtremelyGoodBusiness.com, you should not use that name for your local domain.

    In fact, you should not even use official top level domains in the name of your local domain (.com, .net, .org, .co.uk, .fr and so on). You can use pretty much anything else you want to; I used to use .home on my local domains but as .homes (for real estate agents) was accepted to the list of official top level domains I wanted to change mine as it was in my opinion too close.

    Check this list, do not use anything on it: List of Internet top-level domains - Wikipedia

    Kari
      My ComputerSystem Spec

  9.    19 Mar 2017 #18

    Aha I see, I thought previously that if we had bought a domain then we were supposed to use that, but now i know better, hehe thanks
    Last edited by bcil; 20 Mar 2017 at 20:54.
      My ComputerSystem Spec


 
Page 2 of 2 FirstFirst 12

Tutorial Categories

Windows Server 2016 - Setup Local Domain Controller Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


Related Threads
Read more: Microsoft delivers final public test builds of Windows Server 2016, System Center 2016 | ZDNet See also: What's New in Windows Server 2016 Technical Preview 5
Source: SharePoint Server 2016 and Project Server 2016 Release Candidate available - Office Blogs
Your Linux based NAS not showing up in Windows File Explorer view? I had this problem with 2 Win 10 PRO installations. Now mind you I have 3 Win 10 Home installs that did not have this issue so if yours is a Win 10 Home install this will not...
domain server problems in Network and Sharing
I have had windows 10 a couple weeks and if this issue had not starter a week before that I would blame 10. My internet cuts off at random times, sometimes just for seconds and sometimes I have to turn off modem and restart. At first the...
Read more: Windows Server 2016 leaks reveal Nano Server, protected VM role plans | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:51.
Find Us