Everyone has to start somewhere. I wrote a similar article for folks at work who wanted to learn more about working with servers and configuring different features of Jamf Pro. Most folks probably won’t need this, but maybe someone will. By the way, this is just a basic tutorial for beginners. There’s more than one way to do this, and there’s some security considerations you may want to consider in the future if you start integrating this with other services.

Note: You can use a Windows Server Evaluation for several years by renewing the evaluation by running this command in CMD or Powershell: slmgr -rearm. This is perfectly legal so long as the server is only ever used for learning & development.

---

Prerequisites

1. A Windows Server VM. Preferably Windows Server 2019 or later.
2. Enable Remote Desktop on the server. (Or just do it through the console.)
   • Search “Remote Desktop Settings”, then toggle the radio button to enable remote desktop.
3. Knowledge of installing Windows server roles.

---

Adding the Active Directory Domain Controller role

1. Connect to your Windows Server and open Server Manager if it’s not opened automatically.
2. Once loaded, click Manage in the top right corner, then click Add Roles and Features.

3. Advance through the Before you begin section.

4. Ensure Role or feature based installation is selected, then advance through the Installation Type section.

5. Ensure that the correct server name and IP address are selected in the Server Selection section, then advance through this section.

6. Select Active Directory Domain Services in the list of Roles.

7. Click Add Features on the pop-up window, then advance through the Server Roles section.

8. Leave the default options checked under Features, then advance through that section.

9. Advance through the AD DS section.

10. Select Restart the destination server automatically if required and confirm the selection, then click Install

11. Once finished, click Close.

---

Configure the server as a domain controller

1. In Server Manager, you’ll now see a notification has come up.

2. Click on the notifications flag, then click Promote this server to a domain controller.

3. Select Add a new forest and enter a name for your desired domain name. For your sanity, do not use .local or .ad. Commonly, .net is used for network services like domains, though .com or .org would work as well. Then click Next to proceed to the next screen.

4. Ensure that the Domain and Forest Functional levels are set to Windows Server 2016 (yes, even if you’re on Server 2019 or 2022), then enter a DSRM password.
   • This password should be something you’ll easily remember. Since it’s a personal test environment it doesn’t need to be the most secure password in the world.
   • You probably won’t need this ever. If something goes wrong it’s easier to nuke and pave a test environment than fix it.

5. Advance through the DNS Options section.
6. Verify that the NETBIOS name is correct, then proceed to the next section.
   • This should match the domain name you chose earlier. It can be anything though, so long as it is under 15 characters and does not contain certain special characters or spaces.

7. Leave the default options checked for the Paths section, the proceed to the next section.
8. Proceed through the Review Options section.
9. Wait for the prerequisites to be validated, then click Install.
10. Have a cup of tea while waiting for the server to install and reboot, then reconnect to it over Remote Desktop after a few minutes.
    • During the reboot, the server will have to perform some automatic actions. Give it like 5 minutes, then reconnect once it restarts automatically.
11. Once a few minutes have passed, log back into the server via remote desktop and open Server Manager once more.
12. Click on Local Server. You should now see that your server is joined to the domain as a domain controller!

---

Creating users in Active Directory

1. Search Active Directory Administrative Center in the Windows Search box and open the program.

2. Click on your domain name, then scroll down and double click on Users.

3. Find the New option on the right sidebar, then click User.

4. Configure your test user account to your desire. Go wild here and fill out everything here to your hearts desire.

5. Ensure your user is a member of at least Domain Admins and Enterprise Admins if you’re planning to use this account to manage the AD environment.

6. Click OK.
7. Log out from the Administrator account, then reconnect with your new account.

Congratulations! You now have an Active Directory Domain Controller and a user account to test with!