Active Directory Domain Services (AD DS) Setup Process

Step-by-step guide to set up Active Directory Domain Services (AD DS) on Windows Server 2025 machine (or any recent Windows Server version)

Setting up Active Directory Domain Services (AD DS) is one of the most essential tasks for any IT administrator who wants to create and manage a centralized network environment. Whether you’re configuring your first domain controller or upgrading your existing infrastructure, understanding each step in the process is key to a stable and secure setup.

In this guide, we’ll walk you through the complete step-by-step process of installing and configuring AD DS on a Windows Server 2025 machine. The same process applies to most recent Windows Server versions, such as 2022 and 2019, with only minor interface or naming differences.

By the end of this tutorial, you’ll have a fully functional domain controller, ready to manage users, computers, and network policies within your organization.

✅ Prerequisites

Before starting:

1. Static IP Address – Set a static IP address for the server.
2. Correct Time Zone and NTP settings – Time synchronization is important in domain environments.
3. Strong Administrator password – This account becomes the Domain Admin.
4. Hostname set – Rename the server if needed before promotion (avoid generic names like WIN-XXXXXXX).
5. Sufficient resources – 2+ GB RAM, 2+ vCPU, disk space for NTDS.dit.

🛠 Step 1: Install the AD DS Role

Using Server Manager (GUI):

1. Open Server Manager → Click “Manage” → “Add Roles and Features”
2. Installation Type: Choose Role-based or feature-based installation
3. Server Selection: Choose your local server
4. Server Roles: Check Active Directory Domain Services
5. Confirm dependencies and click Next
6. Complete the wizard and click Install
7. After install completes, do not close the wizard – click “Promote this server to a domain controller”

OR via PowerShell:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

🧭 Step 2: Promote to Domain Controller

Depending on your needs:

A. Create a New Forest (first domain controller in a new domain)

1. Deployment Operation: Select “Add a new forest”
2. Root domain name: e.g., corp.example.com
3. Domain Controller Options:
   • Choose Forest functional level and Domain functional level (usually Windows Server 2022 or 2025)
   • Ensure DNS Server is checked
   • Set Directory Services Restore Mode (DSRM) password
4. DNS Options: Ignore the warning about delegation if it’s not needed
5. Additional Options: NetBIOS name is generated automatically (can be changed)
6. Paths: Accept defaults for database, log files, and SYSVOL
7. Review and Install: Review settings → Validate prerequisites → Click Install

The server will reboot automatically after promotion.

🔄 Step 3: Post-Deployment Configuration

After reboot, log in as:

DOMAIN\Administrator

Then:

1. Open Active Directory Users and Computers to verify domain setup
2. Open DNS Manager to ensure DNS zones were created
3. Test domain functionality:
4. nltest /dsgetdc:yourdomain.com
5. dcdiag /v

🧰 Optional: Configure Organizational Units (OUs), Users, and Groups

Example PowerShell commands:

# Create an OU

New-ADOrganizationalUnit -Name “HR” -Path “DC=corp,DC=example,DC=com”

# Create a new user

New-ADUser -Name “John Doe” -SamAccountName “jdoe” -AccountPassword (Read-Host -AsSecureString “Enter password”) -Enabled $true -Path “OU=HR,DC=corp,DC=example,DC=com”

# Create a new group

New-ADGroup -Name “HR Group” -GroupScope Global -Path “OU=HR,DC=corp,DC=example,DC=com”

🧩 Common Gotchas