Tested, trusted & part of my daily flow.
đž Proton VPN â Private Connection
đ Proton Pass â Encrypted Passwords
*Partner links â support DevOps Compass đ
Need answers fast? Your friendly Spider-Dev is live on Discord:
Install Active Directory Domain Services on Windows Server 2019
This article is for those looking for a detailed and straightforward guide on installing Active Directory Domain Services on Windows Server 2019.
IMPORTANTIn this guide, we will consider the case when you already have a server with the Windows Server 2019 operating system installed on it.
For details on installing Windows Server 2019, read my guide: Install Windows Server 2019.
NOTETo learn how to install Active Directory Domain Services on Windows Server 2019 Server Core (without a GUI), read: Install Active Directory Domain Services on Windows Server 2019 Server Core.
CAUTIONBefore installing the Active Directory Domain Services role, make sure to assign the server a proper name according to your organizationâs standards. Then, configure a static IP address, subnet mask, gateway, and DNS server address.
We go into the system under an account with administrator rights and on the keyboard press the combination of keys âWinâ and âXâ, then select âSystemâ in the menu that opens.
Choose âRename this PCâ.
I highly recommend that you think ahead about the name of the servers in your organization.
Next, specify the new server name and click on the âNextâ button.
Now the system will offer to restart the server for the new settings to take effect.
Click on the âRestart nowâ button.
Select âOperating System: Reconfiguration (Planned)â as the reason for the server reboot and click on the âContinueâ button.
Next, the server will start to reboot.
Now you need to register a static IP address in the network connection settings.
We go into the system under an account with administrator rights and on the keyboard press the combination of keys âWinâ and âXâ, then select âNetwork Connectionsâ in the menu that opens.
Next, select âChange adapter optionsâ.
Now right-click on the âEthernetâ network connection and select âPropertiesâ.
Select âInternet Protocol Version 4â and click on the âPropertiesâ button.
Next, select the âUse the following IP addressâ item and specify a free IP address, subnet mask, and gateway.
NOTEYou must understand in advance how your network works and know which IP addresses are available.
In the âPreferred DNS serverâ field, specify the IP address of this server, since your server will have the âDNS Serverâ role, which is installed together with the âActive Directory Domain Servicesâ role.
Click on the âOKâ button.
In the âEthernet Propertiesâ window, click on the âCloseâ button.
You can now begin installing the Active Directory Domain Services role.
Open the âServer Managerâ, click on the âManageâ button in the upper right corner of the screen and select âAdd Roles and Featuresâ.
Click on the âNextâ button.
Select the installation type âRole-based or feature-based installationâ and click on the âNextâ button.
Next, select the server on which the role will be installed.
Click on the âNextâ button.
Select the âActive Directory Domain Servicesâ role.
In the next step, the Role Installation Wizard will warn you that several components need to be installed to install the Active Directory Domain Services role.
Click on the âAdd Featuresâ button.
It is not necessary to select the DNS Server role at this point. It will be installed later.
Click on the âNextâ button.
At the stage of adding components, we leave all the default values.
Click on the âNextâ button.
Next, the âRole Installation Wizardâ invites you to familiarize yourself with additional information regarding the âActive Directory Domain Servicesâ role.
Click on the âNextâ button.
In order to start the installation of the selected role, click on the âInstallâ button.
The installation of the selected role and the components required for it has begun.
Installation of the Active Directory Domain Services role is now complete.
Now click on the âPromote this server to a domain controllerâ button in order to promote your server to the domain controller level.
I highly recommend that you think ahead about which domain name you will use when adding a new forest.
NOTEIn this tutorial, we will add a new forest, so in the âActive Directory Domain Services Configuration Wizardâ window, select the âAdd a new forestâ item and in the âRoot domain nameâ field, specify the desired name for the root domain.
Click on the âNextâ button.
The next step is to select the functional level of the new forest and root domain. If you are adding a new forest and plan to use servers based on the Windows Server 2019 operating system in the future, you do not have to change the functional level of the forest and root domain.
Specify the password for DSRM (Directory Service Restore Mode) and click on the âNextâ button.
At this point, the AD DS Configuration Wizard will warn you that a delegation for this DNS server cannot be created.
Click on the âNextâ button.
Next, you can change the NetBIOS name that was assigned to your domain. I recommend leaving the default NetBIOS value.
Click on the âNextâ button.
You can now change the paths for the AD DS database directories, log files and the SYSVOL folder. I recommend leaving these default values.
Click on the âNextâ button.
The next step displays a summary of the server configuration.
Click on the âNextâ button.
Next, the âAD DS Configuration Wizardâ will check if all prerequisites have been met and display a report.
All prerequisite checks are passed successfully means all prerequisite checks are passed.
Click on the âInstallâ button.
The process of promoting the server to a domain controller has begun.
After your server is promoted to a domain controller, the server will automatically reboot.
Before the server starts to reboot, you will see a warning.
The promotion of the server to the domain controller is completed.
You can use the Active Directory Administrative Center or the Active Directory Users and Computers snap-in to manage users, groups, and other Active Directory objects.
We go into the system under an account with domain administrator rights.
Open Server Manager, click on the âToolsâ button in the upper right corner of the screen, and select âActive Directory Administrative Centerâ.
The Active Directory Administrative Center will open.
You can also use the Active Directory Users and Computers snap-in to manage users, groups, and other objects in the Active Directory.
In Server Manager, click on the âToolsâ button in the upper right corner of the screen and select âActive Directory Users and Computersâ.
The Active Directory Users and Computers snap-in opens.
Patreon Exclusives
đ Join my Patreon and dive deep into the world of Docker and DevOps with exclusive content tailored for IT enthusiasts and professionals. As your experienced guide, I offer a range of membership tiers designed to suit everyone from newbies to IT experts.
Tools I Personally Trust
If youâre building things, breaking things, and trying to keep your digital life a little saner (like every good DevOps engineer), these are two tools that I trust and use daily:
đž Proton VPN - My shield on the internet. It keeps your Wi-Fi secure, hides your IP, and blocks those creepy trackers. Even if Iâm hacking away on free cafĂ© Wi-Fi, I know Iâm safe.
đ Proton Pass - My password vault. Proper on-device encryption, 2FA codes, logins, secrets - all mine and only mine. No compromises.
These are partner links - you wonât pay a cent more, but youâll be supporting DevOps Compass. Thanks a ton - it helps me keep this compass pointing the right way đ
Gear & Books I Trust
đ Essential DevOps books
đ„ïž Studio streaming & recording kit
đĄ Streaming starter kit
Social Channels
đŹ YouTube
đŠ X (Twitter)
đš Instagram
đ Mastodon
𧔠Threads
đž Facebook
đŠ Bluesky
đ„ TikTok
đ» LinkedIn
đŁ daily.dev Squad
âïž Telegram
đ GitHub
Community of IT Experts
đŸ Discord
Refill My Coffee Supplies
đ PayPal
đ Patreon
đ„€ BuyMeaCoffee
đȘ Ko-fi
đ GitHub
⥠Telegram Boost
đ Bitcoin (BTC): bc1q2fq0k2lvdythdrj4ep20metjwnjuf7wccpckxc
đč Ethereum (ETH): 0x76C936F9366Fad39769CA5285b0Af1d975adacB8
đȘ Binance Coin (BNB): bnb1xnn6gg63lr2dgufngfr0lkq39kz8qltjt2v2g6
đ Litecoin (LTC): LMGrhx8Jsx73h1pWY9FE8GB46nBytjvz8g
Is this content AI-generated?
No. Every article on this blog is written by me personally, drawing on decades of hands-on IT experience and a genuine passion for technology.
I use AI tools exclusively to help polish grammar and ensure my technical guidance is as clear as possible. However, the core ideas, strategic insights, and step-by-step solutions are entirely my own, born from real-world work.
Because of this human-and-AI partnership, some detection tools might flag this content. You can be confident, though, that the expertise is authentic. My goal is to share road-tested knowledge you can trust.