Setting Up Active Directory on Windows Server: A Step-by-Step Guide

Active Directory (AD) is a powerful feature of Windows Server that allows administrators to manage users, devices, and permissions in a centralized manner. By setting up Active Directory Domain Services (AD DS), organizations can streamline user authentication, resource sharing, and access control.

This step-by-step guide explains how to install and configure AD DS, create user accounts and groups, and manage permissions through Active Directory.

What is Active Directory?

Active Directory is a directory service developed by Microsoft for managing resources and users in a Windows Server environment. Its primary component, Active Directory Domain Services (AD DS), provides tools to:

• Centralize authentication and authorization.
• Organize resources using domains, organizational units (OUs), and groups.
• Apply and enforce security policies across the network.

Prerequisites

Before setting up Active Directory, ensure the following:

1. Windows Server Installed:
   • Use Windows Server 2016, 2019, or later versions.
2. Static IP Address:
   • Configure a static IP for the server to ensure stability in the network.
3. Administrative Privileges:
   • You need administrative rights to install and configure AD DS.

Step 1: Installing Active Directory Domain Services (AD DS)

1. Add the AD DS Role

1. Open Server Manager on your Windows Server.

2. Click Manage > Add Roles and Features.

3. In the wizard:

   • Select Role-based or feature-based installation and click Next.
   • Choose the server you want to configure and click Next.
   • From the Server Roles list, select Active Directory Domain Services and click Add Features when prompted.
   • Proceed through the wizard and click Install.

4. Wait for the installation to complete, then close the wizard.

2. Promote the Server to a Domain Controller

Once AD DS is installed, the server must be promoted to a domain controller.

1. In Server Manager, click the flag icon in the top-right corner and select Promote this server to a domain controller.

2. Choose your deployment option:

   • Add a new forest: If this is the first domain in your network.
   • Add a domain to an existing forest: If extending an existing domain.

3. Enter the root domain name (e.g., example.local) and click Next.

4. Configure the Domain Controller Options:

   • Set a DSRM password (Directory Services Restore Mode) for recovery purposes.

5. Continue through the wizard:

   • Verify DNS options.
   • Specify NetBIOS name (typically the root domain without extensions).
   • Choose a location for AD database, logs, and SYSVOL files.

6. Review your selections and click Install. The server will restart automatically.

Step 2: Configuring Active Directory

After installation, Active Directory is ready for configuration.

1. Open Active Directory Tools

1. Log in to the server.
2. Open Server Manager.
3. Navigate to Tools > Active Directory Users and Computers.

2. Create Organizational Units (OUs)

Organizational Units help you organize users, groups, and devices in a logical structure.

1. In the left pane, right-click your domain name (e.g., example.local) and select New > Organizational Unit.
2. Name the OU (e.g., “Sales”, “IT”, or “Marketing”).
3. Repeat this step to create additional OUs as needed.

3. Create User Accounts

1. Navigate to the appropriate OU where you want to create the user.
2. Right-click the OU, select New > User.
3. Fill in the user’s details:
   • First name, last name, and logon name (e.g., jdoe).
4. Set an initial password:
   • Optionally, require the user to change their password at next logon.
5. Click Finish to create the account.

4. Create Groups

Groups help simplify permissions by assigning access to multiple users at once.

1. In the appropriate OU, right-click and select New > Group.
2. Provide a group name (e.g., “HR_Managers” or “Finance_Team”).
3. Choose the group type:
   • Security: For access control.
   • Distribution: For email distribution lists.
4. Add users to the group by editing the group’s Members tab.

Step 3: Managing Permissions and Access Control

Permissions in Active Directory control who can access resources like files, folders, or applications.

1. Assign Permissions to Users

1. Right-click the resource (e.g., folder) and select Properties.
2. Go to the Security tab and click Edit.
3. Add the user or group:
   • Click Add, then type the username or group name.
4. Assign permissions:
   • For example, allow Read, Write, or Full Control access.
5. Click Apply and OK.

2. Use Group Policy for Advanced Control

Group Policy allows administrators to enforce policies across the domain.

1. Open Group Policy Management from the Tools menu in Server Manager.
2. Right-click your domain and select Create a GPO in this domain.
3. Name the GPO (e.g., “Password Policy”).
4. Edit the GPO:
   • Specify policies, such as password complexity, account lockout thresholds, or software restrictions.
5. Link the GPO to specific OUs or the entire domain.

3. Monitor Active Directory

Regularly check Active Directory to ensure smooth operation:

• Event Viewer: Review logs for errors or warnings.
• Active Directory Administrative Center: Manage users, groups, and other directory objects.

Setting up Active Directory on Windows Server provides a centralized and secure way to manage users, permissions, and resources in an organization. By following this step-by-step guide, you can install AD DS, organize your environment with OUs and groups, and control access using permissions and group policies. Properly configured, Active Directory simplifies IT administration and enhances security across your network.