Find us on social media

Client area
Active DirectoryAD DSDomain9 min read

Configure basic Active Directory

Install Active Directory Domain Services to manage users and policies on your network.

Active Directory Domain Services (AD DS) centralizes user, computer, and policy management on a Windows network.

Step 1 — Install the AD DS role

powershell
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Step 2 — Promote to domain controller

powershell
Import-Module ADDSDeployment

Install-ADDSForest `
  -DomainName "mycompany.local" `
  -DomainNetbiosName "MYCOMPANY" `
  -ForestMode "WinThreshold" `
  -DomainMode "WinThreshold" `
  -InstallDns:$true `
  -DatabasePath "C:\Windows\NTDS" `
  -LogPath "C:\Windows\NTDS" `
  -SysvolPath "C:\Windows\SYSVOL" `
  -SafeModeAdministratorPassword (ConvertTo-SecureString "RecoveryPass123!" -AsPlainText -Force) `
  -Force:$true

The server restarts automatically.

Step 3 — Verify the domain

powershell
Get-ADDomain
Get-ADForest
Get-ADDomainController

Step 4 — Create users

powershell
# Create organizational unit
New-ADOrganizationalUnit -Name "Employees" -Path "DC=mycompany,DC=local"

# Create user
New-ADUser -Name "John Smith" `
  -GivenName "John" `
  -Surname "Smith" `
  -SamAccountName "jsmith" `
  -UserPrincipalName "jsmith@mycompany.local" `
  -Path "OU=Employees,DC=mycompany,DC=local" `
  -AccountPassword (ConvertTo-SecureString "UserPass123!" -AsPlainText -Force) `
  -Enabled $true

Step 5 — Create groups

powershell
# Create group
New-ADGroup -Name "Developers" -GroupScope Global -GroupCategory Security -Path "OU=Employees,DC=mycompany,DC=local"

# Add user to group
Add-ADGroupMember -Identity "Developers" -Members "jsmith"

Step 6 — Create Group Policy (GPO)

powershell
# Create GPO
New-GPO -Name "Security-Policy" | New-GPLink -Target "OU=Employees,DC=mycompany,DC=local"

# Configure password policy
Set-ADDefaultDomainPasswordPolicy -Identity mycompany.local `
  -MinPasswordLength 12 `
  -MaxPasswordAge 90.00:00:00 `
  -PasswordHistoryCount 10 `
  -ComplexityEnabled $true `
  -LockoutThreshold 5

Step 7 — Join computers to the domain

From the client computer:

powershell
Add-Computer -DomainName "mycompany.local" -Credential MYCOMPANY\Administrator -Restart

Step 8 — Useful queries

powershell
# List all users
Get-ADUser -Filter * | Format-Table Name, SamAccountName, Enabled

# Find user
Get-ADUser -Identity "jsmith" -Properties *

# List user groups
Get-ADPrincipalGroupMembership -Identity "jsmith" | Format-Table Name

# Disabled users
Get-ADUser -Filter {Enabled -eq $false}

Step 9 — Backup AD

powershell
wbadmin start systemstatebackup -backupTarget:E: -quiet

Active Directory on your Baires Host VPS lets you manage identities and policies centrally for your entire infrastructure.

Was this guide helpful?
← Back to Windows Server