Server 2012 Setup AD DS

How to setup a domain on Windows Server 2012.

Setting up a domain controller in a brand new environment provides a great opportunity to learn and build the foundation for many years to come.

After setting up a domain a few times, it’s really a lot more simple than you might expect. There are some fundamental steps to follow to help setup the foundation for your environment.

Lets jump right in and configure a domain controller on Windows Server 2012.

How to setup a domain controller: Windows Server 2012


You have a fresh install of Windows Server 2012 and you want to set it up to be a domain controller.

You figure out that you need to install the AD DS (Active Directory Domain Services role).

Let’s Get Started

Add the AD DS role

Open Server Manager and click on Add roles and features.

Server 2012 - Add Roles and Features

The wizard should open and if it’s the first time you are launching the Add Roles and Features Wizard, you will be presented with a Before you begin page. Click Next.

Server 2012 Add Roles and Features Wizard

F0r Installation Type, select the default option Role-based or featured-based installation, and click Next.

Server 2012 Role-based or featured-based installation

For the Server Selection, leave the default selected and click Next.

This is actually pretty cool. If you are setting up multiple Windows Server 2012 machines and want to setup the same roles on all of them, you can select all of the servers here and install the roles all at once.

Server 2012 Server Selection

Now we need to select the role(s) we want to install.

For this tutorial, we are only concerned with Active Directory Domain Services. Select the role, and click Next.

Server 2012 Server Roles AD DS

When you select the role, you will see the following dialog window. Leave the defaults, and click the Add Features button. You will then be back at the Features window. Select Next.

Server 2012 Add Features AD DS

The next window displays information about the role(s) you are installing. Click Next.

You should now be at the Confirmation window. If you are satisfied with the summary, Click Install.

When the install completes, click Close on the confirmation window to close the wizard.

Promote Server to Domain Controller

So far, we have only installed the role. We haven’t promoted the server to become a domain controller yet. Lets do this now.

If you are back at the Dashboard of your Server Manager, click on the red AD DS title bar.

Server 2012 AD DS role configuration

In the Server Manager -> AD DS section, click on More… in the upper right corner.

Server 2012 AD DS More

In the All Servers Task Details window, click on Promote this server to a domain…

Server 2012 Promote to Domain Controller

Next, select Add a new forest, type in a domain name, then click Next.

For this example, I chose to use NOTCREATIVE.internal for the domain name.

Server 2012 Deployment Configuration

In the Domain Controller Options window, leave the defaults and type in a password to use for the Directory Services Restore Mode (DSRM). This password will also be used to initially log into the server as the domain administrator account.

Server 2012 Domain Controller Options

The next window wants you to Specify DNS delegation options. Nothing to do here, press Next.

For the NetBIOS domain name window, leave the default and press Next.

Leave the Paths windows with the default settings and press Next.

Review Options and if you are satisfied with the settings, press Next.

Prerequisites Check will display anything that might need to be done before installing the role(s). For this tutorial, we will continue on by pressing Install.

When the install is complete, restart the server (the server will auto-restart if you do not do anything).

Server 2012 Restart after DCPromo

The initial log in will produce a warning: Your password has expired and must be changed. 

Server 2012 Login

Press OK and type in a new password twice and press Enter.

Server 2012 Reset Password

Congratulations, you now have a Windows Server 2012 Domain Controller with DNS.

Server 2012 Domain Controller

Stay tuned for more videos walking you through the process of setting up an enterprise environment from the ground-up.

I want to hear from all of you! Please leave a comment below!

About Chris Davis

Computer / Technology enthusiast. Very passionate about Systems Administration. I enjoy helping others try and reach their goals. You can follow Chris on if you'd like.


  1. This is great, cant wait for the rest of the vids, keep upi the good work fella.

  2. This has been very helpful but I have one question. We, as a small company just purchased a power Spec Server and have the Windows 2012 foundation. While making the purchase, I attempted to purchase security software, Antivirus to protect the system, and the one we selected. ESET NOD32 would not install and was returned. What type of antivirus would you recommend for the platform on this server. It primary function is an application /FTP server.

    • Hey there Charles,

      Couple places I have worked we have used Sophos for our antivirus needs: – Not sure on the pricing (or if it is even compatible with Foundation – I assume it is).

      I hear Microsoft Forefront will work, but not sure on the details:

      Last would have to be Symantec (not a huge fan, but has worked well at a side job that I do some work for).

    • annonymous says:

      i know its a little out of date but eset nod 32 isn’t a server solution. you would want to use ESET file security which is specifically built for servers. Sophos as Charles mentioned below is a decent product but they are not an enterprise solution as they have no central management of each endpoint.

  3. I watch ur videos on setting a domain controller and I have to say that this is the best video ive came across . The tutorial is very clear

    I am using vmware and I install server enterprise R2 and server Core R2 and i must say i was finding it difficult so set static IP addresses after watching this video im going to give this a try again

    keep the good work going

  4. Great work. Even if I have not tried this out, I still have to comment your effort.keep it on.

  5. Winserv2012 says:

    I’ve done the configuration on the AD DS like you explained in the video, however I keep seeing this at the prerequisites screen and another thing I did was I tried installing AD DS in powershell only to see the same message appear. Pls help.
    Error: One or more prerequisites failed. Please fix these issues and click “Rerun prerequisites check”

  6. How similar are the tutorials between 2008 and 2012? I plan on watching that huge 15 part series about Server Basics, but I really don’t want to if the knowledge won’t really apply to 2012.

    Thanks a ton!

  7. Winserv2012 says:

    I have been following this link, however still looking to see how to resolve this issue after running the pre-requisites check in powershell.

  8. HI chris i have read a lot of about AD DS but can you please me why do we use active directory domain services in production enviorment? if you can give me some examples then i shall be very thankful to you

    • Hello there. I can give you my short answer: To centrally manage user accounts, computer accounts, devices. You give user accounts permissions to certain network resources (folders/files), assign applications to certain computers, assign printers to certain users or computers, etc… Lots of stuff.

  9. Thanks for the tutorial helped me get clear..

  10. Hello,
    Sorry but this is a completely newbie question :) We run 5 computer in our business using mostly Quickbooks. MS Office suite, Chrome. I have a WHS2011 Home Server setup for file storage and hosting the QB company file and backups. If I setup a network domain, how are programs installed? Still on each client? Or is everything on the server?
    How much work will the actual clients do? Do they still need to be high end processors with a lot of memory? Or does the server take over the bulk of the workload?
    Thanks for any direction.

    • Hi there Jamie,

      This is a great question. After you setup a domain, your applications would still be installed locally on each machine (unless you are thinking about actually having everyone connect to the server via remote desktop (terminal services), but that requires a lot of work, different license purchases, etc….). If this is what you are wanting to do, the clients do not need to be powerful. For example, at work in most nurse’s stations and patient rooms, we are using “dumb terminals” (Wyse terminals to be exact). They do not have hard drives, etc… very small, lightweight, not very powerful and auto remote to a terminal server via remote desktop.

      If that is not what you want to do (the terminal server thing), then yes, you would still need to have the clients have the programs installed locally. Domain advantages would include central management of all user accounts, computer, group policies, network share folder and file permissions, and is something I highly recommend in any business. Just remember, if/when you switch them over to a domain and have the clients join the domain, you might have to do a little “profile” maintenance on each client computer. This is because when you join a client to the domain, a new user profile is created on the client with the domain account vs their locally used user account. There are some quick tutorials online describing how to copy / move a local profile to a domain profile, so it’s not that big of a deal.

      Anyways, I probably went into way too much detail and rambled on too much (and the funny part is I’m only on my first cup of coffee!!) :)

  11. Thanks for the reply Chris.Just to be sure I understand correctly, this domain setup allows users to log into their own desktop from any client, correct? But doesn’t Outlook require the pst files to be located on the computer it’s being used from (if not using Exchange). Would we have to start using Exchange accounts?
    Thanks again,

  12. Hi Chris, thanks for the vids, I’m learning a lot.
    Quick question if you don’t mind, and have the time.

    You mentioned at the beginning of this video, you are using pfSense as your firewall, I too am setting up an environment for learning and testing in Virtualbox, I want everything sitting behind a pfSense vm. Currently this pfsense vm is acting as dhcp server as well as firewall. (its has 2 nics, one NAT and one host-only) If my understanding is correct, I should be letting my newly installed Domain Controller vm look after DHCP & DNS.

    Currently the DC vm has only a host only nic, is this ok ?, and when I disable DHCP in pfSense, how can I make it that the DC can now get out and get internet etc.

    Thanks in advance :)


  13. if you rdp to server then the login after fails id there any way around this

  14. While Installing Active Directory on Windows 2012 I am getting error.”Installation of one or more roles, roles services or features failed error : 0x800f0922 “.

    Please tell me what should I do.

  15. rene-pierre says:

    Hello Chris ,
    I installed Windows 2012 R2 ( 1 server with AD DS , DNS ) When I ADSI Edit or Attribute Editor opens in ” Active Directory Users and Computers” , I can not find the DistinguishedName attribute.
    What can I do for this attribute appears on the screen ?

  16. Hi Chris,

    Thank you for writing this article! It’s so helpful! I have a quick question for you if you don’t mind:

    We run a Windows 2012 R2 Server with 6x 10Gbe ports. Each port has its own IP address – Then we have 6 OSX computers that connect to the server for video file serving. Each of the Mac’s connects to one of the IP addresses. That way I make sure that each client has one dedicated 10Gbe lane to the server.

    Now we’ve had a lot of permission and performance issues with our Macs connecting to the server and I’ve been told part of the problem could be that we are using local Mac accounts and the UID’s are causing issues. Hence, I’m supposed to bind our mac’s to the active directory of our server instead and have landed on your article. :)

    So my question is this: how do I install and connect to the active directory if each our server has six separate IP addresses as indicated above? Is that a problem? It’s the same physical server but each of the Ethernet ports on it has a spectate IP.

    I would love your input on this use case!



Leave a Reply