Setting Up an AD Domain on a Windows ECS

Scenarios

Active Directory (AD) is an independent unit in a network. To allow AD domains to access each other, you need to establish trust relationships between them. In this way, different AD domains can share and manage network resources, communicate with each other, and transmit data. This section uses Windows Server 2022 as an example to describe how to set up and use an AD domain.

Advantages

• Simplified IT management: In large enterprises or organizations, AD domains are used to centrally manage a large number of computers and user accounts to simplify IT management processes.
• Improved security: AD domains can authenticate and authorize users to ensure that only authorized users can access resources.
• Unified resource access: With AD domains, users can use a unified account and password to log in to any computer on the network and access other network resources.
• Remote access: AD domains support Virtual Private Network (VPN) to allow remote users to access internal enterprise resources through secure channels. This is very practical for employees who are on business trips, as it can improve work efficiency.

Implementation Procedure

Preparations

• Two Windows ECSs are available.

Procedure

1. Deploy an AD domain controller.
   1. Log in to one of the ECSs.
   2. In the lower left corner of the desktop, enter Server Manager in the search box.
   3. Click Server Manager.

      

   4. In Server Manager, add roles and features.

      In this example, the AD domain service and DNS service are deployed on the same ECS.

      1. Click Add roles and features.

         

      2. In the Before You Begin dialog box, click Next.
      3. Select Role-based or feature-based installation and click Next.

         

      4. Select the ECS where roles and features are to be installed and click Next.

         

      5. Select roles Active Directory Domain Services and DNS Server, and click Next.

         

      6. Click Next until the confirmation page is displayed. Click Install.
      7. After the installation is complete, click Close.

         

   5. Set this ECS as a domain server.
      1. Click the icon in Server Manager and click Promote this server to a domain controller.

         

      2. In the Active Directory Domain Services Configuration Wizard dialog box, select Add a new forest, enter the root domain name, and click Next.

         In this example, the domain name is example.com.

         

      3. Configure domain controller parameters and click Next.

         

      4. Configure DNS options and click Next.

         

      5. Configure the NetBIOS domain name and click Next.

         

      6. Check and confirm the settings in the previous steps and click Next.

         

      7. After all prerequisites are met, click Install.

         

         After the installation is complete, the server automatically restarts.

         

         After the server is reconnected, you can see a user named Administrator in the Active Directory Users and Computers window. This indicates that the installation is successful.

         

2. Add another Windows ECS to the AD domain.
   1. Remotely log in to another ECS.
   2. Change the DNS server address of this ECS.

      Change the DNS server address of this ECS to the IP address of the deployed DNS server. In step 1, the AD domain service and DNS service are deployed on the same ECS (IP address: 192.168.0.91). Therefore, the DNS server address is 192.168.0.91.

      

   3. Check whether the IP address of the DNS server can be pinged.

      If the ping is successful, the configuration is correct.

      

   4. Add the ECS to the AD domain.
      1. Go to the Advanced system settings page and click Change.

         

      2. On the Computer Name/Domain Changes page, configure the AD domain information.

         Enter the root domain name of the AD domain set in 1. In this example, the root domain name is example.com.

      3. If the message "Welcome to the example.com domain" is displayed, the ECS has been added to the AD domain. The client can be used after being restarted.

FAQ

Symptom

If the message is displayed, indicating that the ECS cannot be added to the AD domain because the domain SID is the same as the ECS SID, use the Sysprep tool provided by Windows to change the SID.

Solution

1. Go to Windows/System32/Sysprep and find Sysprep.exe.
2. Run Sysprep.exe as an administrator, select Generalize, and click OK.

   

3. After the system is restarted, the SID is changed. Reconfigure the domain by referring to 1 and try to join the domain again.