This tutorial will explain how to install Active Directory on a virtual machine running Windows Server 2019 as its operating system. The virtual machine will be used as a DHCP and DNS server, which will be explained later on.
This is a tutorial designed for beginners that aims to cut out unnecessary jargon and provide easy to grasp explanations. But before we get into everything you’ll need to follow along, you might be asking…
What is Active Directory?
Active Directory is Microsoft’s database tool that allows for the management of users and groups that are connected to a specific domain, or network. For example, in a typical office setting, “users” refers to any employees or management connected to the domain and “groups” could be anything from accounting to sales to human resources, etc.
The segmenting of groups allows us to manage who has access to resources on the network without needing to change permissions on a case by case basis. Employee permissions, information, and password resets are all core functions of Active Directory.
Here is a checklist of everything you’ll need to follow along:
(it’s a good idea to download these now and remember their location)
- Oracle VirtualBox and Extension Pack
- Windows Server 2019 ISO (operating system)
- Windows 10 ISO (operating system we will use to test the connection to our domain)
- Alternate VPS Windows Hosting in windowsvps.uk
*In this tutorial I will be using VirtualBox as my hypervisor to run virtual machines as my domain controller (server) and test user (Windows 10). If you have 2 computers available to you, the process will be the same.
You can learn more about hypervisors here.
However, it is highly recommended that you use virtual machines if your hardware can run them (or spare/old computers), as you can keep potential (inevitable) errors separate from your personal computer.
PART 1: Creating the Domain Controller Virtual Machine
First, you’ll want to download VirtualBox for the operating system you are using to run the virtual machines (likely “Windows hosts” or “OS X hosts”). Install it by running the downloaded program and completing the prompts. Once installed you can download and install the extension pack from the same website.
Configuring a Virtual Machine (VM) for the Domain Controller:
- Open VirtualBox.
- Select “New” and give it a name (mine is “Windows 2019 Domain Controller”).
- Select a destination folder for the VM, set the type to Microsoft Windows, and the version to “Other Windows (64-bit)”.
- Allocate at least 2GB of RAM. If you can spare it, do 4GB.
- Create a virtual hard disk with all defaults (VirtualBox Disk Image, Dynamically Allocated, *20GB of storage in your preferred destination folder). *This should be enough space for test purposes, but will not get you much further than that.
- Before running your the new VM, right-click it in the left panel and select “settings”.
- In the “Advanced” tab, change both the Shared Clipboard and Drag‘n’Drop to bidirectional. This will let you copy and paste and drag and drop from your desktop into your VM.
- In the “System” tab you can add more processor cores. Only do this if you are familiar with your processor and how many cores you can spare.
- In the “Network” tab, enable Adapter 1 and select “NAT” from the dropdown. This will connect to your home network via Network Address Translation (NAT).
- Enable a second adapter and select “Internal Network”. This will allow the Windows 10 VM to connect to the domain controller, forming a virtual network.
- Now you can close out of settings and run the VM. At this point, VirtualBox should ask you to select a virtual optical disk. Click the folder icon on the bottom right, then hit the “add” button, and browse to wherever you stored your VPS Windows Server 2019 ISO file.
- Once you select the ISO file as your optical disk, go ahead and run the VM and follow the steps to install it (just hit “next” a few times).
Installing Windows Server 2019
The installation process tends to take some time. Be patient and have something to do while you wait.
- Select your preferred language, time, and keyboard settings, hit next, then hit the install button.
- Make sure to select standard “Desktop Experience” version of the installation (the non-Desktop Experience versions will only have a command line).
3. On the next screen, accept the terms and conditions and hit next. After that you’ll want to choose the custom installation of Windows (advanced).
4. Select the drive you’ll be installing it on (there should only be the one virtual drive that was added earlier) and hit next.
This part will take a while and may restart automatically. Just let it do its thing. You may eventually see a prompt to “Press any key to boot from CD or DVD” — DO NOT PRESS ANYTHING. Just let it keep loading until you get to this screen:
5. Go ahead and set a password for the Administrator account and hit Finish.
6. You’ll be prompted to hit Ctrl-Alt-Del, which likely will not work. On the top of your VM window, you should see an “Input” tab, where you can go to “Keyboard” and “Insert Ctrl-Alt-Del”. Alternatively, the “host” key is usually the right Ctrl (Command Key on Mac). Host Key + Del should perform the Ctrl-Alt-Del function within your VM.
7. On the next screen you can log in with the password you just created. If prompted, you can hit “yes” to allow the PC to be discoverable on your network.
(Step 8 allows us to resize the window and auto-adjust the resolution, and it gets rid of any mouse lag)
8. Before doing anything else, it is helpful to “Insert Guest Additions CD Image”. You can find this option in the “Devices” tab of the VM window (next to “Input”, see image above). After that, go to File Explorer → This PC. Under “Devices and Drives”, you should see CD drive (D:) VirtualBox Guest Additions. Double click to open it, then run the “VBoxWindowsAdditions-amd64” application. Complete the install by accepting the defaults and hitting next/install for any prompts. At the end, choose to manually reboot. Shutdown the VM from the Home (Windows) button in the bottom left corner, then restart the VM from VirtualBox.
- Press the Windows button on your left side taskbar and open the Control Panel.
- Under “Network and Internet”, hit “View network status and tasks”, then “Change adapter settings” on the top left side of that window.
- You should see 2 network adapters. Right click on either one and hit “status”, then “Details”. If the IPv4 Address starts with “169.254.#.#”, then you know this is the adapter for your internal network.
4. The other adapter probably has an IPv4 address similar to: 10.0.2.15. Once you know which is which, close the status and details windows, right click on each, and carefully rename them. Make sure their names are visually unique to avoid later confusion (e.g. “local_internal_only” and “_OUTSIDE-INTERNET”).
5. Once you’ve done this, right click on whatever you have named your Internal adapter and click “properties”. Then, double click on “Internet Protocol Version 4 (TCP/IPv4).
6. Here you can check “Use the following IP address” to set a static IP address so that it won’t change and other devices (like our future Windows 10 Test Client) won’t have issues connecting to it. If you are familiar with the different classes of private IP addresses, you may choose to set this up differently, but if not, it may be best to just use these:
IP address: 172.16.0.1
Subnet mask: 255.255.255.0
Leave the default gateway blank as the domain controller itself will act as the default gateway between your internal and external networks.
Preferred DNS server:127.0.0.1- This is a loopback address, which means the server will use itself as the DNS server. After this, click “ok” and close all windows.
7. Right click the Windows button in the taskbar and hit “System”. Click “Rename this PC” and name it something like “Domain Controller”. When prompted, restart the PC.
PART 4: Installing Active Directory Domain Services (AD DS) and Creating a Domain
Installing Active Directory on the domain controller automatically installs DNS, or Domain Name System. In short, DNS is what lets you type in a web address, such as www.google.com, and has the computer figure out what IP address to go to.
- Open Windows Server Manager by clicking on the Windows button in the taskbar. See Image 5 above for Server Manager location (or just search from the taskbar).
- From the dashboard menu, select the second option, “Add roles and features”.
3. Hit “next” until it asks you to select the server where you want to install. At this point you should only have one, so select it and hit next.
4. Carefully select “Active Directory Domain Services” on the next screen. It should be near the top of the list. Press the “add features” button, then continue hitting “next” until it’s grayed out, then you can hit “install” (this may take a while). Once it’s finished, you can close the install window.
5. In the top right corner of Server Manager you should see a notification show up next to the flag icon. You’ll need to hit “Promote this server to a domain controller” in order to configure Active Directory Domain Services (AD DS).
6. On the following screen, select “Add new forest” from the 3 choices. You can now give your domain a name in the “Root domain name:” box (e.g. “testdomain.com” or “mydomain.local”). Hit “next”.
7. On the next screen you will be prompted to enter a Directory Services Restore Mode (DSRM) password. Do so, then continue hitting “next” until you can hit “install”. After installing, you will be forced to sign out. Once you are signed out, you can sign back in with your administrator password, but now you’ll be signing into the domain (it’ll say something like <Yourdomainname\ADMINISTRATOR> and ask for the password).
8. You can now create a new dedicated domain admin account by clicking the Windows start button in the taskbar and selecting “Windows Administrative Tools” dropdown, then selecting “Active Directory Users and Computers”.