Install an Active Directory domain controller with a new AD domain on Windows Server 2016

  • Windows Server
  • 2/2

3. Create a user

As explained previously, Active Directory Domain Services (AD DS) can be used, for example, to centralize user management.
We are therefore going to create a user in our Active Directory domain using the "Active Directory Users and Computers" console.

As you can see, this Active Directory console is quite easy to use.

To create a new user, right click on the "Users" folder and click on : New -> User.

Provide a username and a first name for it.

Enter a password that meets the complexity requirements of your Active Directory server and is at least 8 characters long.

By default, the wizard allows you to define a password and considers that it's up to the user to change his password at the next logon.
Which is the behavior adopted most of the time in production. But in our case, we will uncheck the 1st box and check the "Password never expires" box, because we are in a test environment.

A summary is displayed.

The user appears in the list.

4. Join a client PC on Windows 10 to your Active Directory

On the client PC on Windows 10, right-click on the network icon in the taskbar and click on : Open network and Internet settings.

Important : You must have a professional or enterprise edition of Windows to join your client PC to an Active Directory domain.
The Home edition is therefore not supported.

Then, go down a little in the right part and click on : Change adapter options.

Then, right click "Properties" on your network adapter.

Select "Internet Protocol Version 4 (TCP/IPv4)" and click on : Properties.

Specify the IP address of your domain controller as the primary DNS server.
Then, deactivate and reactivate the network adapter for this change to take effect.

Note that in production, you will likely use a DHCP server on Windows Server to distribute this IP address as the primary DNS server to all of your client PCs.

Open File Explorer and right click "Properties" on "This PC".

Click on : Change settings.

Click on : Change.

Select "Domain" and specify the Active Directory domain name to which you want to join this client computer.
In our case : informatiweb.lan

Specify the administrator credentials of the domain you want to join.

If the join to your Active Directory domain is successful, you will see this message :

Plain Text

Welcome to the informatiweb.lan domain

Then, Windows 10 will tell you that the computer needs to restart.

Click on : Close.

Then, on : Restart now.

The client computer restarts.

After the client computer has restarted, you will be able to log in with a domain account.

Note that on Windows 10, you can log in in 2 ways with your user account :

  • by specifying the username and the DNS domain name : InformatiUser@informatiweb.lan
  • by specifying the user name and the NETBIOS domain name associated with your Active Directory domain as was the case on older versions of Windows : INFORMATIWEB\InformatiUser

During your first connection with your user account, your user profile will be created.
Which usually takes less than a minute.

As you can see, we are logged in on the client computer with our Active Directory account.

If you open the system properties of the client PC, you will see that your computer is now a member of your Active Directory domain.

If you open the "Active Directory Users and Computers" console on your domain controller, you will see that a new object of type "Computer" has automatically been created in the "Computers" folder.
This object uniquely represents your client PC and was created when your client PC was joined to your Active Directory domain.

5. Active Directory integrated with DNS

As explained previously, Active Directory relies on the DNS system.
If you open the DNS manager from the start menu of your server, you will see that 2 forward lookup zones have been created there :

  • _msdcs.informatiweb.lan : which corresponds to a special DNS zone containing the configuration of your Active Directory infrastructure
  • informatiweb.lan : that matches your Active Directory domain configuration

In the "_msdcs.informatiweb.lan" DNS zone, you will find some folders :

  • dc : which stands for "Domain Controllers" and which notably contains the configuration of Active Directory sites
  • domains : which contains the list of domain controllers for the domains present in your Active Directory infrastructure
  • gc : which contains the list of domain controllers acting as a global catalog and also contains information about the configuration of Active Directory sites
  • pdc : which contains the list of domain controllers acting as PDC emulator

For the "informatiweb.lan" DNS zone, it contains in particular the list of DNS records automatically created by Active Directory for the servers and computers that you have joined to this AD domain.

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.