Build an active directory forest and domains on new server

Here's a step-by-step guide to building an Active Directory forest and domains on a new server:

Prerequisites:

• A new server with Windows Server operating system (e.g., Windows Server 2019 or later)
• A static IP address for the server
• A domain name (e.g., example.com)
• A DNS server (either internal or external)

Step 1: Install and Configure the Server

1. Install the Windows Server operating system on the new server.
2. Configure the server's network settings, including the IP address, subnet mask, default gateway, and DNS server.
3. Join the server to a workgroup (e.g., WORKGROUP).

Step 2: Promote the Server to a Domain Controller

1. Open the Server Manager console on the new server.
2. Click on "Add roles and features" and select "Active Directory Domain Services" under the "Role-based or feature-based installation" section.
3. Click "Next" and then "Install" to install the Active Directory Domain Services role.
4. Promote the server to a domain controller by clicking on "Promote this server to a domain controller" and following the wizard.
5. Enter the domain name (e.g., example.com) and choose the forest and domain functional levels (e.g., Windows Server 2019 forest and domain functional levels).
6. Set the administrator password and confirm the installation.

Step 3: Create the Forest and Domain

1. The server will now be a domain controller for the new forest and domain.
2. The forest name will be the same as the domain name (e.g., example.com).
3. The domain name will be the same as the forest name (e.g., example.com).

Step 4: Create Additional Domain Controllers

1. To create additional domain controllers, repeat the process of promoting a server to a domain controller.
2. Make sure to use the same forest and domain functional levels as the first domain controller.
3. The additional domain controllers will replicate the data from the first domain controller.

Step 5: Configure DNS

1. Configure the DNS server to point to the new domain controller.
2. Create a new zone for the domain (e.g., example.com) and add the domain controller's IP address as a name server.
3. Update the DNS server to point to the new domain controller.

Step 6: Configure Kerberos

1. Configure Kerberos to use the new domain controller as the Kerberos authentication server.
2. Update the Kerberos configuration to point to the new domain controller.

Step 7: Test the Domain

1. Test the domain by logging in to a workstation or another server using the domain credentials.
2. Verify that the domain is functioning correctly by checking the event logs and DNS records.

Additional Tips:

• Make sure to use a secure password for the administrator account.
• Use a secure password for the domain controller's administrator account.
• Use a secure password for the DNS server's administrator account.
• Use a secure password for the Kerberos authentication server's administrator account.
• Make sure to configure the firewall to allow incoming traffic on the necessary ports (e.g., 88 for Kerberos).
• Make sure to configure the DNS server to allow incoming traffic on the necessary ports (e.g., 53 for DNS).

By following these steps, you should be able to build an Active Directory forest and domains on a new server.