How to Install Active Directory: A Step-by-Step Setup Guide
Active Directory (AD) is Microsoft's directory service that manages users, computers, and resources across a network. If you're setting up a Windows Server environment — whether for a small business, a lab, or an enterprise network — understanding how Active Directory works and how to install it correctly is foundational to everything that follows.
What Active Directory Actually Does
Before touching a server, it helps to understand what you're installing. Active Directory Domain Services (AD DS) is the core role that most people mean when they say "install Active Directory." It creates and manages a domain — a logical grouping of network objects like users, computers, and printers — all controlled from a central point called a Domain Controller (DC).
Without AD, each machine on a network manages its own local accounts. With AD, a single administrator can control access, enforce policies, and authenticate users across every device in the organization from one place.
What You Need Before You Start
Installation requirements vary depending on your environment, but these are the consistent prerequisites:
- A Windows Server installation — Windows Server 2016, 2019, or 2022 are the currently relevant versions. The process is largely the same across them.
- A static IP address — Your Domain Controller should not have a DHCP-assigned address. Set a fixed IP before promotion.
- A properly configured DNS — AD relies heavily on DNS. During setup, the AD DS wizard can install DNS automatically, which is the recommended path for most fresh deployments.
- Administrator credentials — Local admin access to the server is required.
- A domain name decision — You'll define a root domain name (e.g.,
company.localorcompany.com). This cannot be easily changed later.
Installing the AD DS Role
🖥️ The installation happens in two distinct phases: adding the role, then promoting the server to a Domain Controller.
Phase 1: Add the AD DS Role via Server Manager
- Open Server Manager on your Windows Server.
- Click Manage → Add Roles and Features.
- Choose Role-based or feature-based installation and select your server.
- From the roles list, check Active Directory Domain Services.
- Accept any additional required features when prompted.
- Proceed through the wizard and click Install.
This installs the binaries but does not yet create a domain or make the server a Domain Controller.
Phase 2: Promote the Server to a Domain Controller
After the role installs, a notification flag appears in Server Manager with a link reading "Promote this server to a domain controller."
- Click that link to launch the AD DS Configuration Wizard.
- Choose one of three deployment operations:
- Add a new forest — for a brand-new domain (most common for first-time setups)
- Add a domain controller to an existing domain — for redundancy or expansion
- Add a new domain to an existing forest — for more complex multi-domain organizations
- Enter your root domain name if creating a new forest.
- Set the Forest and Domain Functional Levels — these determine which AD features are available and which older server versions can participate.
- Configure DNS and Global Catalog options (defaults are appropriate for most single-server setups).
- Set a Directory Services Restore Mode (DSRM) password — store this securely, it's used for recovery scenarios.
- Review the NetBIOS domain name (auto-populated from your domain name).
- Accept the default paths for the AD database, log files, and SYSVOL, or customize as needed.
- Review the summary, run the prerequisites check, then click Install.
The server will automatically restart after promotion.
After Installation: Verifying It Worked
Once the server restarts, log in with your domain administrator credentials. A few things to confirm:
- Server Manager should show AD DS and DNS as installed roles.
- Open Active Directory Users and Computers (from Tools in Server Manager) — you should see your domain structure with default Organizational Units (OUs) like
ComputersandUsers. - Run
dcdiagfrom an elevated command prompt to run diagnostics and confirm the DC is functioning correctly.
Variables That Affect How This Goes
The steps above describe a straightforward single-server deployment, but several factors shift the complexity significantly:
| Variable | Impact |
|---|---|
| Existing infrastructure | Adding AD to a network that already has DNS or DHCP requires careful planning to avoid conflicts |
| Server edition | Server Core (no GUI) requires PowerShell-based installation using Install-WindowsFeature and Install-ADDSForest |
| Virtualization | Running AD on a VM introduces considerations around snapshots, time sync, and VM-GenerationID |
| Functional level | Older functional levels limit features; newer ones restrict which legacy DCs can join |
| Multi-DC environments | Replication, FSMO roles, and site topology become important with more than one Domain Controller |
PowerShell Alternative
For those comfortable in the command line, the entire process can be scripted:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools Install-ADDSForest -DomainName "company.local" -InstallDns PowerShell installation is particularly common in Server Core environments and automated deployments, where a GUI isn't present or desirable.
The Part Only Your Setup Can Answer
🔧 A clean installation on a fresh server with no existing network dependencies is straightforward. But most real-world installs involve existing DNS infrastructure, hybrid Azure AD considerations, specific domain naming constraints, or legacy systems that need to remain compatible. The functional level you choose, whether you integrate with Azure Active Directory (now called Microsoft Entra ID), and how you handle DNS internally — these decisions hinge entirely on what your network currently looks like and where it's going. The steps are consistent; how you configure the details is where your specific environment does the deciding.