Home > 2008R2_LAB, Certification, Home Lab, Windows2008R2 > 2008R2_LAB: Creating the first AD DC in a Windows 2008 R2 environment

2008R2_LAB: Creating the first AD DC in a Windows 2008 R2 environment

NOTE: For the purposes of this example, a default gateway of is used, provided by VMware Workstation NAT.  It is recommended that you use a firewall VM such as Monowall or pfSense, etc.  By doing so, the entire infrastructure is portable to another VMware Workstation environment, converted to HyperV or moved to vSphere.  If you are doing so, either adjust the Default Gateway shown to that of your VM firewall –or- set the IP of the VM firewall to match this address.

Information you will require to complete this task:

· User the lab is for – eg: David Lock – we need this for the initials to use

· The Subnet to use for the LAN interface of the lab – eg:

· The IP address to use for the Monowall LAN interface (default gateway) of the lab – eg:

· The IP address to use for the XX-DC1 VM – eg:

1) Once the VM is booted and you have logged in locally, start Server Manager

2) In Server Manager:



3) Right click on the NIC and choose PROPERTIES:


4) Uncheck TCP/IP v6.  Select TCP/IP v4, and choose PROPERTIES:


5) If necessary, open a CMD prompt to find the existing IP address.  This won’t be needed if the IP address is dictated by the environment.  Run IPCONFIG:


Here we can see the lab environment for the example is  So our subnet will be and a default gateway of  The other lab environment using MONOWALL VM’s will likely be .1.



Enter the TCP/IP address information as follows:

IP ADDRESS                        = <SUBNET>.11

SUBNET MASK                  =

DEFAULT GW                     = <SUBNET>.2 (or .1 if that is the MONOWALL config)

PREFERRED DNS               = The IP configured in IP Address (the server itself)

Press OK to close the TCP/IP properties.  The system may automatically test the configuration if you have checked the “VALIDATE SETTINGS UPON EXIT” box.  Doing so, will issue a warning that the DNS server is not responding – and it will not be, given that we have yet to configure it.    Press OK.  Then press CLOSE to close the NIC settings.

7) Return to SERVER MANAGER and choose CHANGE SYSTEM PROPERTIES in the upper right hand corner.



We are going to click CHANGE to change the COMPUTER NAME.


Change the COMPUTER NAME for your DC as appropriate.  Don’t worry about changing the WORKGROUP or DOMAIN NAME at this time.  Press OK.

NOTE:  However, if for some reason your VM was cloned from a Domain Joined system and *IS* a member of a domain, then set the radio box to WORKGROUP and enter the name WORKGROUP (or TEST or whatever) into the WORKGROUP box).


Press OK.  Press CLOSE on the SYSTEM PROPERTIES window and reboot when prompted.


At this point what we have is a VM with a proper COMPUTER NAME and TCP/IP settings. 

8) When the computer restarts, login.  Server Manager will start by default.  Under Option 3, click ADD ROLES:



Click NEXT.  You may wish to check SKIP THIS PAGE BY DEFAULT. 

On the next screen, you can select the roles to install.  You might be tempted to select DHCP, DNS and AD Domain Services all at the same time.  However, if you do:


You are told you cannot.  As per the message, we’ll choose to ONLY install ACTIVE DIRECTORY DOMAIN SERVICES. 


You’ll be told you need to install .NET Framework 3.5.1 Features.  Click ADD REQURIED FEATURES.  Then click NEXT.




Then click INSTALL.

NOTE: that this only INSTALLS the ROLE but it does NOT configure it.  We must still run DCPROMO.EXE later to actually CONFIGURE ADDS. 


When the installation completed, you’ll see INSTALLATION SUCCEEDED and can click CLOSE.

9) Next, we’ll run DCPROMO.EXE.


Which will check if ADDS binaries are installed:


The wizard will launch:


Click NEXT


There is a blurb about compatibility with Windows NT 4.0 type systems.  We can largely ignore that, and click NEXT.


We are going to choose CREATE A NEW DOMAIN IN A NEW FOREST and click NEXT.


Name the domain something appropriate, based on your lab standards.  This might be something like First Initial Last Initial LAB.LOCAL (eg: DLLAB.LOCAL).  In my case, it is NETWISELAB.LOCAL.  Click NEXT.


Choose a FOREST FUNCTIONAL LEVEL of Windows Server 2008 R2.  Note the details it lists.  Click NEXT.


The wizard will automatically force a selection of configuring the server as an AD Global Catalog Server.  Check the box for DNS Server as well, so it will set up DNS for you.  Click NEXT.


This message will appear.  It’s not something we really need to worry as this is the first DNS server installed, and there is no delegation.  In a full domain this will often be seen in cases where your DNS server may be non-Windows based, and additional work is required on your part to facilitate Active Directory.  Click YES.


Accept the default locations for the folders, as there is no good reason to NOT use the defaults.  Click NEXT.


Choose and enter a password for DIRECTORY SERVICES RESTORE MODE ADMINISTRATOR account.  The likelihood you’ll never need this is slim, but it must be set.  This will become the ADMINISTRATOR password as well.  Enter the password twice and click NEXT.


The summary screen will show.  Click NEXT.


The installation will begin and show updates to status on this window.  Check the REBOOT ON COMPLETION box, and then wait for it to complete.

10) When the computer reboots, press CTRL+ALT+DEL and login as the Administrator. 


Note that you don’t want to login with the COMPUTERNAME\Administrator account it suggests.  Click on LOGIN AS ANOTHER USER and ensure it shows LOG ON TO: NETWISIELAB (your domain name) and use the Administrator login.


Now, when Server Manager starts, things look a little different. 

The following ROLES are now installed:

                DNS Server, Active Directory Domain Services

The following FEATURES are now installed:

                Group Policy Management (GPMC), Remote Server Administration Tools (RSAT), SNMP Services (from my template, not via the DCPROMO) and .NET Framework 3.5.1 Features. 

At this point, you now have a function AD DC for the lab.   You should consider doing some or all of the following:

  • Disable the Windows Firewall on the Domain Network – only on a LAB network.  This will help simplify basic learning, but at some point, you will need to know how to configure things WITH firewalls enabled.  Thus, where possible, leave the Windows Firewall enabled as a Best Practice.
  • Configure Windows Updates to be automatic.
  • Check for Windows Updates to keep the server up to date.
  • Create user(s).  At the very least, consider creating a couple of “Test” users to use for server and workstation tasks that are not Domain Administrator that you can mess around with.  Also, create a copy of the Administrator account for yourself to use so that if you create an issue, you can always get back in using the Administrator account.
  • Enable Remote Desktop.  However, as this lab will be isolated from your network, you will likely be using the VMware Worksation/vSphere Console or the Hyper-V console and NOT RDP.  That said, your test (isolated) workstations or other servers you may choose to use RDP to connect, so it doesn’t hurt to have it installed.
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: