How to install and configure Domain Controller on Windows Server 2019

Step By Step Guide: How to Setup Active Directory Domain Service on Windows Server 2019

VM or Physical Server with Windows Server 2019 installed – Desktop Experience

A server running the Active Directory Domain Services (AD DS) role is called a Domain Controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers.

A Domain Controller (DC) allows the creation of logical containers. These containers consist of users, computers and groups. The Domain Controllers also help in organizing and managing the Servers.

 Open Server Manager

You will then be presentenced with the “Before you begin” tab which contains crucial information. After perusing it deeply you can click “Next” as shown below:

Click to add roles and features


Click to next

Select Role-based or feature-based installation option and click on Next.

Server Selection

Now here I am installing Active Directory Domain Services /DHCP /DNS.

Next we will be directed to the Server Roles

Review on features and select them. Once done click on Next.

Click to next

Once done click on Next.

Once done click on Next.

Once done click on Next.

Once done click on install.

Once installation done close the windows popup.

 Select Deployment option as per your requirement. Here I am installing first Active directory in my network so I am selecting Add a New Forest. Now specify your root domain name into the Root domain name field. (Here I have used or querypanel.local select as per you).

Select forest and domain functional level.

You’ll also need set up DSRM password here. Click on Next.

next window it will give warning about DNS delegation but it can be ignore. Click on Next to continue.

NetBIOS name for the Domain. We can keep it default and next

next window it gives us option to change file paths for AD database, log files and SYSVOL files. We can change the paths or keep them defaults. Once changes are done click on Next to continue.

 review the options which you have selected. Once you are ready, Click on Next

NTDS.DIT DATABASE — NTDS is the Active Directory DATABASE – All user and computer Accounts and groups
you can say NTDS.DIT is the Backbone of any ADDS.

Ntds.dit is the main AD database file. NTDS stands for NT Directory Services. The DIT stands for Directory Information Tree.
The Ntds.dit file on a particular domain controller contains all naming contexts hosted by that domain controller, including the Configuration and Schema naming contexts.
A Global Catalog server stores the partial naming context replicas in the Ntds.dit right along with the full Domain naming context for its domain.
Command for checking NTDS details: ntdsutil

NTDS.DIT file represents the Active Directory Databases, which has the user, computer, and other AD objects including printer and faxes . It is located under C:windowssystem32NTDS.

LDAP (Lightweight Directory Access Protocol).
in the Simple Language you can say LDAP is a medium to communicate to ADDS
LDAP protocol is used for accessing directory services and provides a mechanism for applications and other systems to communicate and
interact with the directory servers. It is responsible for keeping track of what is on the network and applications can use LDAP to retrieve
any object and property of the Active Directory database and can even modify it. When we enumerate information from AD, LDAP is used in the backend.
Not only this, LDAP also allows us to modify objects, like modifying groups members, changing attributes of an object.
Many enumeration tools have used LDAP to query the information from AD- for example Powerview or Sharpound etc. Anyone who is working with active directory like administrators,
red team operators, or developers writing programs to interact with AD, then a thorough understanding of LDAP is very important to fully utilize Active Directory.

LDAP or Lightweight Directory Access Protocol is one of the oldest and most popular protocols used to retrieve information from directory services,
authenticate users, and build applications that don’t compare on security or speed. It’s one of the protocols to manage assets and data over a network
and provides secure access to them.

LDAP is one of the core protocols for developing internet applications. The protocol was designed to access and maintain directory services over the internet.

LDAP Ports
LDAP port is 389
LDAP Secure (LDAPS) port is 636



SYSVOL – SYSVOL Stored items suck as logon scripts and related files GPO.


Schema: Defines the attributes and types of objects that can be stored in the Directory.

Domain Naming: store computers and users daily operations like modification and creating directory and deleting directory or folder.
domain naming is besically monitoring daily activities.

And click to install

And click to install

Reviews install Features AD-DS

Then it will start the installation process and we need to wait till it finishes. 

Now I am login from New Created ADDS

Reviews install Features AD-DS

Verify Domain

Verify Domain Controller Host.

Now Configure DHCP on Windows Server

Now we open the DHCP management console to configure DHCP scopes and other options. Click Start > Windows Administrative Tool > DHCP to access the DHCP management console.

here need to authorize

We see a summary page of the configuration steps. Click Close.

Now we open the DHCP management console to configure DHCP scopes and other options. Click Start > Windows Administrative Tool > DHCP to access the DHCP management console.

The DHCP Tools window should be opened now.

Right click on IPv4, then select New Scope

Give your DHCP Scope a range and make sure it’s on the same subnet as the default gateway. Click Next.

We can skip Exclusions and Delay. Click Next.

We can skip Exclusions and Delay. Click Next.—Like IP Printers, Firewall Server Proxy like that just example

Lease duration  and next

Make sure that you have the following selected: Yes, I want to configure these options now. Click Next.

Add the IP Address of your Default Gateway and click Next.

Make sure to have the Parent Domain properly set. Provide the DNS server name and IP address. Click Next.

DNS name(Server name):

IP :

WINS Server:


Click Next.

Make sure to have Yes, I want to activate this scope now select and click Next.

Click to finish

Review DHCP

Review the Address Leases

Leave a Reply

Your email address will not be published. Required fields are marked *