Setup Active Directory Domain Services on Microsoft Windows Server 2016


So i am aiming for having a full AD setup fairly soon so i can post a step-by-step guide explaining how to link the on-premises AD with the Azure AD using AD Connect. For this i need to start somewhere and that somewhere is now, this guide will explain how to setup ADDS for Windows Server 2016. The method will of course work almost the same for previous Server Versions but the settings will vary so just assume this guide will only work for 2016. Also this is just how i decided to carry out my configuration, i am not saying this is the best way but as i am setting this up for a test environment i am trying to make it as seamless as possible.


  • So open up Server Manager and click Add Roles and Features
  • Click Next (Probably worthwhile ticking the box to Skip this page by default)
  • Click on Role-based or feature-based installation
  • Select your server from the pool if you have more than one, for me it’s NewYork
  • Tick the box for Active Directory Domain Services, a window will pop up kindly letting you know that you need to add additional features, click Add Features and leave the box ticked to include management features and once you return to the select roles window click Next
  • Click Next (Ensure you already have the .NET Framework 3.5 installed which i have otherwise add this too)
  • This screen is normal as it tries to sell you the idea of connecting your on-premises AD to Azure AD using AD Connect which i fully intend to do, It also explains a little about AD DS which is useful. Click Next
  • Click install
  • Once the feature has been installed, click on Promote this server to a domain controller
  • You have 3 options, as i have not setup a domain on this network i am going for Add a new forest. I already have a domain name which is registered on my Azure AD Portal so keeping the root domain name the same is important for the AD Connect element. Click Next once you are happy with your FQDN.  
  • Leave as the defaults (you can change the level with earlier versions) shown below and enter a new DSRM password, click Next
  • As this is going to be the first DNS Server in the new forest you can leave as default and click Next
  • Enter your chosen NetBIOS name, there is a character limit so i shortened mine to BLACKWATERCFG, you can change this later on if you need to. Click Next
  • Leave the paths as shown unless you have a preference, click Next
  • Review your selections and if you are happy with it click Next. I decided to view the script and copy the contents so i can understand how to automate the process in future for additional installations.
  • When this window appears you will see that the server is carrying out a prerequisites check before installing AD DS, you should see that this has passed successfully so click Install, if this was not successful then ensure you fix this before starting the process again. After the install is complete your system will reboot so ensure you have nothing unsaved happening in the background
  • You will now notice that your screen has your domain prefix followed by your Domain Admin username at the logon screen, log back on with your Domain Admin credentials. Start the AD Administrative Center by opening Powershell as shown and typing dsac.exe, you can also start the AD Center by going through the Server Manager and clicking Tools>Active Directory Administrative Center.  You are now free to start configuring to your hearts content at this point