Categories
MCSA MCSE Servers

Promote Windows Server 2016 to Domain Controller step by step

Active Directory which is the management service in Windows Server is installed on a server that is called Domain Controller (DC). When active directory have been installed on a server. You can promote the server to a domain controller. Every network needs at lest two domain controllers. When one of them is down, the other domain controller take the place and respond to clients. The Domain controllers respond to security authentications like logging in, checking permissions, files access, system check up and many more.

When you want to log in to a server from a client computer, you should have a user name and a password. Your system will be checked to have updated anti-virus and etc.

Permissions are the level of the tasks that you can do in the domain. File access is about the level of your access to sources. These and a lot more duties are done through domain controller.

In this article, I am going to show some easy steps outlined to promote server to domain controller. First, make sure that you logged in as an administrator.

Prerequisites

Install Active Directory Domain Services (AD DS) role on the server you want to promote it to domain controller (DC).

Promote Server to Domain Controller

Follow the following steps to promote server to domain controller.

1. After the role installation, open Server Manager. Click on the flag, then click on Promote this server to a domain controller hyperlink.

Promote this server to domain controller
Promote this server to domain controller

2. When the Deployment Configuration page appears, you see three options.

  • Add domain controller to existing domain: This option is used when you want to add additional domain controller.
  • Add a new domain to an existing forest: This option is used for adding a new domain to existing forest.
  • Add a new forest: It is used for creating a new forest.

Select the third option: Add a new forest. Enter a Root domain name and click on Next button.

Create new forest
Create new forest

3. Specify the forest and domain functional levels (2008, 2008R2, 2012, 2o12R2, 2016). Type a complex password (composed of capital letters, small letters, numbers, symbols).

By default, Domain Name Services (DNS) server is installed at the same time when you are promoting the server to domain controller. If you want to install DNS server later, remove the selection from the box next to Domain Name Services (DNS) server. Click on Next button when you’re finished here.

Domain Controller Options
Domain Controller Options

4. On the Additional options page, let the NetBIOS domain name as selected by default. If you want, you can change the NetBIOS name. Click on Next button to move on next page.

NetBIOS domain name
NetBIOS domain name

5. Thus you can specify the path that you want to restore your Database files, log files and SYSVOL files. The path page give you the options to specify location of the sources to be restored. When you finished your work, click on Next button.

Paths page
Paths page

6. The next page is Review options. You go nothing to do. Click on Next button. The Prerequisites Check page shows you the summary of all prerequisites that are verified or not. If it’s verified click Next. If not, recheck the steps you did just before and be sure you have done all correctly. Click on Install button. After the installation succeeded, the system automatically reboots.

Install button
Install button

Conclusion

After the restart, the server is domain controller. It is really easy to promote server to domain controller (DC). Also, you can start managing and controlling users from your server. For any questions leave a comment below. I would be glad to answer your questions as soon as possible.

5 replies on “Promote Windows Server 2016 to Domain Controller step by step”

Well it is not such easy. I have a problem with adprep /forestprep.

[2016/12/01:14:44:06.778]
Adprep created the log file ‘C:\Windows\debug\adprep\logs\20161201144406\ADPrep.log’
[2016/12/01:14:44:06.778]
Adprep successfully initialized global variables.

[Status/Consequence]

Adprep is continuing.
[2016/12/01:14:44:06.808]
Adprep discovered the schema FSMO: DC1.domain.local.
[2016/12/01:14:44:06.918]
Adprep connected to the schema FSMO: DC1.domain.local.
[2016/12/01:14:44:06.918]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:06.918]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:06.918]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2016/12/01:14:44:06.918]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=domain,DC=local.
[2016/12/01:14:44:06.919]
LDAP API ldap_search_s finished, return code is 0x0
[2016/12/01:14:44:06.919]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:06.919]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2016/12/01:14:44:06.919]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:06.919]
LDAP API ldap_search_s finished, return code is 0x0
[2016/12/01:14:44:06.924]
Adprep discovered the schema FSMO: DC1.domain.local.
[2016/12/01:14:44:07.029]
Adprep connected to the schema FSMO: DC1.domain.local.
[2016/12/01:14:44:07.094]

ADPREP WARNING:

Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or later.

You are about to upgrade the schema for the Active Directory forest named ‘domain.local’, using the Active Directory domain controller (schema master) ‘DC1.domain.local’.

This operation cannot be reversed after it completes.

[User Action]

If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by typing ‘C’ and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.
[2016/12/01:14:44:09.103]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.104]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.104]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.104]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.104]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.104]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.105]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:09.105]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.105]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2016/12/01:14:44:09.105]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UID,CN=Schema,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.105]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.105]
Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix Q293783 for SFU has been applied.
[2016/12/01:14:44:09.197]
Adprep successfully retrieved data from the Active Directory Domain Controller DC1.domain.local through WMI.
[2016/12/01:14:44:09.200]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.200]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.200]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.200]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.200]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=domain,DC=local.
[2016/12/01:14:44:09.200]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.200]
Adprep is about to upgrade the Active Directory Schema on the Domain Controller DC1.domain.local.
[2016/12/01:14:44:09.203]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:09.203]
LDAP API ldap_search_s() finished, return code is 0x0
[2016/12/01:14:44:09.203]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2016/12/01:14:44:09.204]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=domain,DC=local.
[2016/12/01:14:44:09.204]
LDAP API ldap_search_s finished, return code is 0x0
[2016/12/01:14:44:09.204]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2016/12/01:14:44:09.204]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2016/12/01:14:44:09.208]
Current Schema Version is 86
[2016/12/01:14:44:09.212]
Upgrading schema to version 87
[2016/12/01:14:44:09.214]
The command line passed to ldifde is ldifde -i -f “I:\support\adprep\sch87.ldf” -s “DC1.domain.local” -h -j “C:\Windows\debug\adprep\logs\20161201144406” -$ “I:\support\adprep\schupgrade.cat”
[2016/12/01:14:44:09.484]
ERROR: Import from file I:\support\adprep\sch87.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20161201144406\ldif.err.87.

If the error is “Insufficient Rights” (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep.
[2016/12/01:14:44:09.525]
Adprep was unable to upgrade the schema on the schema master.

[Status/Consequence]

The schema will not be restored to its original state.

[User Action]

Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20161201144406 directory for detailed information.
[2016/12/01:14:44:09.577]
Adprep was unable to update forest information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20161201144406 directory for more information.

Problem is with command
ldifde -i -f “I:\support\adprep\sch87.ldf” -s “DC1.x.local” -h -j “C:\Windows\debug\adprep\logs\20161201144406” -$ “I:\support\adprep\schupgrade.cat”

Any idea what is wrong?
sch86.ldf is importing fine.

I intended to create you one little bit of note to be able to thank you over again on the nice things you’ve shown at this time. It’s so remarkably open-handed with you to offer freely all that many people would’ve distributed for an ebook to help with making some money for their own end, principally given that you could have done it in case you decided. These techniques also worked to be a good way to comprehend other people have similar passion just like my personal own to know a lot more in respect of this matter. I am sure there are a lot more pleasurable periods ahead for individuals that read your blog post.

Leave a Reply