Help Center/ Elastic Cloud Server/ Best Practices/ Setting Up an Application/ Setting Up an AD Domain Using a Windows ECS
Updated on 2025-09-23 GMT+08:00
View PDF
Share

Setting Up an AD Domain Using a Windows ECS

Scenarios

Active Directory (AD) is an independent unit in a network. To allow AD domains to access each other, you need to establish trust relationships between them. In this way, different AD domains can share and manage network resources, communicate with each other, and transmit data. This section uses Windows Server 2022 as an example to describe how to set up and use an AD domain.

Advantages

  • Simplified IT management: In large enterprises or organizations, AD domains are used to centrally manage a large number of computers and user accounts to simplify IT management processes.
  • Improved security: AD domains can authenticate and authorize users to ensure that only authorized users can access resources.
  • Unified resource access: With AD domains, users can use a unified account and password to log in to any computer on the network and access other network resources.
  • Remote access: AD domains support Virtual Private Network (VPN) to allow remote users to access internal enterprise resources through secure channels. This is very practical for employees who are on business trips, as it can improve work efficiency.

Prerequisites

You have purchased two Windows ECSs. One ECS is used as the domain controller (DC) of the AD domain, and the other ECS is used as the client to join the domain. For details about how to purchase an ECS, see Purchasing an ECS in Custom Config Mode.

Process

The process for setting up an AD domain using a Windows ECS is as follows:

  1. Deploy an AD domain controller.
  2. Add the client to the AD domain.

Step 1: Deploy an AD Domain Controller

  1. Log in to the ECS where the domain controller is to be deployed.
  2. In the lower left corner of the desktop, enter Server Manager in the search box.
  3. Click Server Manager.

  4. In Server Manager, add roles and features.

    In this example, deploy the AD domain services and DNS service on the same ECS.

    1. Click Add roles and features.

    2. In the Before You Begin step, click Next.
    3. Select Role-based or feature-based installation and click Next.

    4. Select the ECS where roles and features are to be installed and click Next.

    5. Select roles Active Directory Domain Services and DNS Server, and click Next.

    6. Click Next until the confirmation page is displayed. Click Install.
    7. After the installation is complete, click Close.

  5. Set this ECS as a domain server.
    1. Click the icon in Server Manager and click Promote this server to a domain controller.

    2. In the Active Directory Domain Services Configuration Wizard dialog box, select Add a new forest, enter the root domain name, and click Next.

      In this example, the domain name is example.com.

    3. In the Domain Controller Options step, set the password under Type the Directory Services Restore Mode (DSRM) password, and click Next.

    4. Configure DNS options and click Next.

    5. Configure the NetBIOS domain name and click Next.

    6. Specify the locations of the AD DS database, log files, and SYSVOL folders, and click Next.

    7. Check and confirm the settings in the previous steps and click Next.

    8. After all prerequisites are met, click Install.

      After the installation is complete, the ECS automatically restarts.

      Reconnect to the ECS, click Server Manager, and choose Tools > Active Directory Users and Computers. You can see a user named Administrator in the Active Directory Users and Computers window. This indicates that the installation is successful.

Step 2: Add the Client to the AD Domain

  1. Remotely log in to the other ECS. This ECS serves as a client.
  2. Change the DNS server address of this ECS.

    Change the DNS server address of this ECS to the IP address of the deployed DNS server. In Step 1: Deploy an AD Domain Controller, the AD domain service and DNS service are deployed on the same ECS (IP address: 192.168.0.91). Therefore, the DNS server address is 192.168.0.91.

  3. Check whether the IP address of the DNS server can be pinged.

    If the ping is successful, the configuration is correct.

  4. Add the client to the AD domain.
    1. Go to the Advanced system settings page and click Change.

    2. On the Computer Name/Domain Changes page, configure the AD domain information.

      Enter the root domain name of the AD domain set in Step 1: Deploy an AD Domain Controller. In this example, the root domain name is example.com.

    3. If the message "Welcome to the example.com domain" is displayed, the ECS has been added to the AD domain. The ECS can be used after being restarted.

FAQs

Symptom

If the message is displayed, indicating that the ECS cannot be added to the AD domain because the domain SID is the same as the ECS SID, use the Sysprep tool provided by Windows to change the SID.

Solution

  1. Go to Windows/System32/Sysprep and find Sysprep.exe.
  2. Run Sysprep.exe as an administrator, select Generalize, and click OK.

  3. After the system is restarted, the SID is changed. Reconfigure the domain by referring to Step 1: Deploy an AD Domain Controller and try to join the domain again.