Help Center/ Workspace/ FAQs/ FAQs for Administrators/ Identity Authentication and AD Configuration/ How Do I Deploy a Windows AD Server?
Updated on 2025-09-12 GMT+08:00
View PDF
Share

How Do I Deploy a Windows AD Server?

Huawei does not provide Windows AD servers. Users need to purchase and configure Windows AD servers. If you need to use Windows AD authentication but do not have a Windows AD server, perform the following operations:

Buying an ECS

  1. For details, see Buying an ECS.

    • The server OS must be Windows Server 2016 or 2019.
    • The SIDs of ECSs created using the same image are the same. As a result, some users cannot log in to the desktop. If you need to create multiple Windows AD servers, use different images.

Logging in to the ECS

  1. In the ECS list, click Remote Login in the Operation column of the created ECS.
  2. Click Send CtrlAltDel in the upper right corner of the remote login screen.
  3. Enter the password of the ECS to log in.

Adding the Windows AD role and backup feature

  1. On the taskbar in the lower left corner, click .
  2. Click on the right of the Start menu.

    The Server Manager window appears, as shown in Figure 1.

    Figure 1 Server Manager

  3. In the middle of the page, click Add roles and features.

    The Add Roles and Features Wizard dialog box is displayed.

  4. Click Next three times.
  5. In the Roles area, select Active Directory Domain Services. In the dialog box displayed, click Add Features. Then, click Next.
  6. In the Features area, select Windows Server Backup.

    Figure 2 Enabling the backup feature

  7. Click Next till the confirmation dialog box appears.
  8. Click Install.

    You can see the installation progress bar. When Installation succeeded is displayed, the installation is successful.

  9. In the upper right corner of the Server Manager page, click , and select Promote this server to a domain controller.

    The Active Directory Domain Services Configuration Wizard window appears, as shown in Figure 3.

    Figure 3 Active Directory Domain Services Configuration Wizard

  10. Select Add a new forest, specify Root domain name, and click Next.
  11. Set both Forest functional level and Domain functional level to Windows Server 2016, set Type the Directory Services Restore Mode (DSRM) password, and click Next, as shown in Figure 4.

    In DSRM, only the DSRM administrator account can be used to log in to the system.

    Figure 4 Configuring a domain controller

  12. Retain the default values, click Next four times, and click Install.

    Install the Windows AD service and restart the VM as prompted.

  13. After the restart, log in to the Windows AD server using the administrator account.

    The administrator account is in the User domain name\Administrator format, for example, vdesktop.huawei.com\Administrator.

(Optional) Installing the Windows AD service on a standby server

Perform this operation only when a standby Windows AD server is required.

  1. Configure a standby Windows AD server by referring to 2 to 17.