Windows Server 2016 Setup



Setup Active Directory on Windows Server 2016


How to setup Active Directory in Windows Server 2016 as a new domain controller.

Here we are going to tackle the first part of setting up a domain; promoting our brand new server as a domain controller.

This is considered tutorial number three in a video series titled: Server Basics 2016. Tutorial number 1 was about downloading Server 2016 and a brief overview. Tutorial number 2 was on installing Server 2016.

It’s a fairly simple process these days since the system walks you through the entire thing. Join me within the video, or in the text instructions below.

Remember, we are only setting up a test environment here in a virtual test lab. I am using VirtualBox for my VM foundation since it’s free and super easy to use.


Windows Server 2016

How to Configure AD DS (Domain Controller)

Steps to setup Active Directory

From the Server Manager Dashboard, click on Add roles and features.

Select Role-based or feature-based installation and click Next.

Select the server by highlighting the row and select Next.

Select Active Directory Domain Services and then select Next.

Click Add Features.

You shouldn’t have to select anything at the Select features, so just select Next.

Click Next in the AD DS section.

On the confirmation window, review everything and then click Install.

The installation will begin.

When the installation is complete, you need to now promote the server to a domain controller.

Click Promote this server to a domain controller (small hyperlink in the results window)

Or, if you are like me and you clicked Close, click on the yellow exclamation mark in the upper-right section of the Server Manager Dashboard.

Select Add a new forest, type in a domain name that you want to use (pro-tip: use something like <something>.internal), then click Next.

Type in a password you want to use for DSRM, then click Next.

Click Next on the NDS Options page.

Click Next in the Additional Options page.

Click Next on the Paths sections.

Click Next on the Review Options screen, then click Install on the Prerequisites Checkpage.

The installation (promotion process) will begin. The server will reboot during this process.

When the installation is complete, log back in (this time you will be logging into the server with domain credentials).

Let’s verify Active Directory is setup and our server is classified as a DC (domain controller).

From within Server Manager, click Tools then Active Directory Users and Computers.

Expand the domain root (in my case, it’s TESTDOMAIN.internal), then click on Domain Controllers.

You should see your new server being displayed.

One las thing I want to do at this point is enable RDP (Remote Desktop Protocol).

From Server Manager Dashboard, click Local Server then click Disabled next to Remote Desktop.

Select Allow remote connections to this computer

Uncheck the option Allow connections only from computers running Remote Desktop with Network Level Authentication, then click OK.


We are done with the basic Active Directory setup!


OU Structure on Server 2016


Building the OU structure in Windows Server 2016 from start to finish. Here I will show you our planning and building phases of our new OU (Organizational Unit) structure.

This phase of setting up a new domain environment is crucial. Take your time and think about the future growth of the company.

This is considered tutorial number four in a video series titled: Server Basics 2016. Tutorial number 1 was about downloading Server 2016 and a brief overview. Tutorial number 2 was on installing Server 2016. Tutorial number 3 was setting up the Active Directory Domain Services role on the new server.


Things can change throughout the video series while configuring machines, users, group policy objects, and more. But we have to start somewhere.

OU Structure – Server 2016

Planning the OU Structure

There are no wrong or right ways of setting up your organizational units. There are a lot of guidelines and suggestions out there from Microsoft and many others. I have setup multiple locations with very different structures.

For this tutorial, we are going to pretend we are setting up a tire shop with a handful of employees (maybe around 10 users).

Here is a quick drawing I whipped up, showing the physical building, departments, and printer locations.

Now, my thought process for the service department is that there will be multiple server employees working at any one time. They could work in the north side or the south side of the building, each side having their own printer.

Let’s throw all the service employees “users” in the main service OU, then create north and south OUs for the “computer” objects.

We will then setup the printers to be mapped depending on what computer the user is logged into. More on this later in the video series.

The sales department is fairly simple. Sales OU with a computers OU and users OU. Then a sales manager OU, which will also have a computers OU and users OU.

Finally, the COOL department, the IT crew! OU will have a techs OU and a systems administrator OU. Each one containing a computers OU as well as users OU.

Here is a screenshot of my setup:


Create AD Users and Groups – Server 2016


How to create AD users and groups  in our new Windows Server 2016 machine.

Here we briefly review my best practice for setting up AD (Active Directory) Users and Groups for Server 2016.

Check out the previous blog post articles for getting up to this point if you are wanting to follow along.

There isn’t really a right or wrong way to setting up users and groups within Active Directory, but over the years I found some methods that work pretty well. Every environment will be different, but the best thing you can do is plan plan plan. Plan as much as you can, keeping the future and expansion in mind.

As you build your Active Directory structure up, you will find some things that need to be added, removed, and tweaked. That’s OK, it’s part of the process.

Create AD Users and Groups on Server 2016

Creating AD Users and Groups – Domain Admin Account

Let’s start off by creating our own Domain Admin account. I always have two accounts setup:

Standard user account: cdavis

Domain Admin account: cdavis.admin

I do this so I never have to log in as my Domain Admin account. Instead, I just elevate whatever process I want/need to do.

One important note: Use the Copy feature as much as possible when setting up new users.

Navigate to the default Users container (the one the system setup automatically).

Right click on the Administrator account, then select Copy.

Fill in the information (note: I add ” – Admin” to the Full name and add “.admin” to the logon name)

Type in a password and leave the Password never expires enabled

Drag-n-drop the newly created account to the proper OU.

Creating AD Users and Groups – Standard User Accounts

Go through and setup all of the remaining user accounts for the environment and place them in the proper OUs. Remember, use the Copy feature as much as possible after setting up one user.

Navigate to Group Policy OU | IT | Helpdesk | Users

Right-click Users and select New | User

Fill in the information

Type a password twice.

Leave the User must change password at next logon enabled

Finish creating the users and placing them into the proper OUs.

Creating AD Users and Groups – Groups

Finally, let’s create some groups and assign the associated people to them.

Here is an overview of what the end result will be for our groups:

Navigate to Group Policy OU | Groups – Security

 Right-click Groups – Security

Select New | Group

Fill in the information. For this one, I am calling this group IT Techs

Now that the group is created, let’s add a member to it.

Right-click the IS Techs group and select Properties.

In the Members tab, select Add.

Type the username and select Check Names.

When the system finds the account, you will see the full account details. Select OK.

Select OK when finished adding users to the group.

When finished, let’s nest a couple of groups within another group.

This example, we have two Managers groups: Sales and Service Managers. We want to add those groups to a Management group.

Right-click the Management group and select Properties.

In the Members tab, click Add, type the names of the groups, and add them to the group.

It should look like this:

Setup DHCP Role – Server 2016


How to setup DHCP role on Microsoft Windows Server 2016. We will be setting up this new server to be our network’s DHCP server, managing IP addresses by handing them out to DHCP clients that come up on the network as well as DHCP reservations to devices such as printers.

So far we have downloaded Server 2016, installed Server 2016, setup Active Directory Domain Services, configured OUs (Organizational Units), and created Users and Groups.

One quick note (I repeat this a couple of times here): You don’t want more than one DHCP server on the same network (it would be considered that you would have a rogue DHCP server on the network), so make sure you disable the role in Virtualbox (assuming you are using Virtualbox like I am here in this tutorial). Sure, you can do some advanced things such as having a backup DHCP server, but for just starting out, stick with one.

Setup DHCP Role – Server 2016

How to setup DHCP server role on Server 2016

Quick note: Disable any other DHCP server that is on the same network as this DHCP server would be on. In the video, I show how I disabled the DHCP server role that Virtualbox was managing before going any further.

From Server Manager Dashboard, click on Add roles and features.

Select Role-based or feature-based installation and click Next.

Select the server, then click Next.

Select DHCP Server, then click Next.

Click Add Features.

Click Next.

Click Next.

Click Next.

Check the Restart the destination server automatically if required, then click Install.

When installation is complete, click Close.

From Server Manager Dashboard, click the yellow exclamation mark triangle, then click Complete DHCP configuration.

Click Next.

Click Commit.

From Server Manager Dashboard, click on Tools in the upper-right, then DHCP to launch the DHCP MMC.

Expand DHCP | <servername>.<domain name> | IPv4.

Right-click Server Options and click Configure Options.

Check 003 Router and type the router’s IP address in the IP address field, click Add. (For me, since I am using NAT Network within Virtualbox, this IP address would be the IP address of my server’s gateway that we setup a few videos ago.)

Check 006 DNS Servers and type the server’s IP address in the IP address field, then click Add.

Click OK.

Right-click IPv4 then select New Scope.

Type in a name for the new scope, then click Next.

Enter the IP Address Range (start and end) and the correct Subnet mask, then click Next. This is the range of IP addresses the server will hand out to DHCP clients that come up on the network.

Leave Exclusions and Delay empty, then click Next.

Click Next for Lease Duration.

Select Yes, I want to configure these options now, then click Next.

Enter the router’s IP again (remember, this is the same as the server’s current gateway address), then click Next.

The DNS server IP should already be filled in, click Next.

For now, we are not planning on using WINS, click Next.

Select Yes, I want to activate this scope now, then click Next.

Your scope is configured and activated.

That’s it! DHCP is configured on your brand new server and ready to be used. Again, make sure you disable any other DHCP servers that’s on the same network as this DHCP server. You do not want more than one DHCP server on a network.


Join Windows 10 to Domain – Server 2016


How to join Windows 10 to domain. Here we are using Windows Server 2016 as our domain controller and have a brand new domain setup. Joining a Windows 10 client is a very easy thing to do, as long as you have a couple key points correct.

I am noticing a lot of people having troubles at this stage of the Server Basics video series. There are a couple really easy things you need to make sure of, and you shouldn’t have any issues joining any client computer to a domain.

This article is a continuation of our Server Basics 2016 series and will be covering joining (some say connecting) a Windows 10 client computer to a domain.

In previous articles, we setup a new Windows Server 2016 system, setup a new domain, created all of our OUs, and setup a DHCP server.

Join Windows 10 to Domain

First thing you need to do is verify you can ping the server from the client by pinging the server’s hostname. If you can’t ping it by hostname, you are not going to be able to join the client to the domain. So many people get stuck at this point in a virtual test lab.

Set the DNS entry on the client computer to be the server’s IP.

Press the Start button, then type “domain“. Click Rename your PC or join a domain.

On the About page, select Join a domain under Organization

Type in the domain name (you don’t have to type the “.internal” part). Click Next.

You will be asked for domain credentials. Use your domain admin account credentials.

You will then be prompted to restart. Restart the computer.

When you are ready to log into the computer, select Other User in the bottom-left. If you don’t do this, you will be logging in locally to the computer rather than the domain.

Use your domain user credentials to log in.

Open up Active Directories Users and Computers on the server.

Drag-n-drop the newly joined client computer object from the default Computers OU to the OU where this computer is physically going to be located.

That’s it! Windows 10 computer easily joined to a domain (Windows Server 2016)! Pat yourself on the back!