Guidance on usage: Identity Platform via Microsoft Active Directory® Domain Controller on Windows Server® 2025 DC

Active Directory Domain Controller on Windows Server 2025 Datacenter delivers enterprise-level identity and access management, enabling secure authentication, group policy administration, and resource access control across hybrid and on-premises environments.

Effortless installation. Ready-to-run with easy maintenance. Explore now for a smooth experience!

Connection and Configuration of Identity Platform via Microsoft Active Directory® Domain Controller on Windows Server® 2025 DC

CONNECTION TO THE SERVER

  1. To connect to the virtual machine, run the “Remote Desktop Connection” shortcut using “Win + R”. In the window that appears, enter “mstsc” and click “OK”.
  1. In the window that appears, enter the IP of the virtual machine and click “Connect”.
  1. Provide your username and password in the subsequent window, then click “OK.”
  2. Check the box and click “Yes”.
  1. Upon the first launch, select and accept the settings to send diagnostic data.
  1. The Server Manager should open by default. If it does not, launch it manually from the Start menu.

ACTIVE DIRECTORY INSTALLATION STEPS

  1. Open Server Manager and click on the yellow notification. Select “Promote this server to a domain controller.”
  1. The Active Directory Configuration Wizard will start.
  • Select the option to add a new forest.
  • Type the fully qualified domain name (FQDN) for the domain, then click “Next.”
    (Note: This demo shows how to set up a new forest. If adding this to an existing domain, choose the relevant option.)
  1. On the next page:
  • Select the domain and forest functional levels.
  • Enter a password for the Directory Services Restore Mode (DSRM).
  • Click “Next.”
  1. As this is the first DNS server in the new forest, additional parameters do not need to be configured. Click “Next” to proceed.
  1. For the NetBIOS name, keep the default and click “Next.”
  1. Define the paths for the NTDS, SYSVOL, and LOG file folders.
  • You can either keep the default paths or specify custom paths. This demo shows how to keep the default paths.
  • After confirming the changes, click “Next.”
  1. Review the configuration changes on the next page.
  • If everything is correct, click “Next.”
  • Otherwise, go back and adjust the settings.
  1. In the following window, a prerequisite check will run.
  • If successful, the option to “Install” will become available.
  • Click “Install” to start the process.
  1. The installation process will begin, promoting this server to a Windows domain controller.
  1. After the Active Directory installation, the server will restart automatically.
  • Once it comes back online, log in as the domain administrator.
  1. To manage the domain resources:
  • Open Terminal and execute the command:
    dsac.exe

(This command opens the Active Directory Domain Controller Management Console.)

  1. Alternatively, use PowerShell to confirm the domain and forest functional levels:

Execute the following commands:

Get-ADDomain | fl Name, DomainMode  

Get-ADForest | fl Name, ForestMode

  1. Depending on your requirements, open the following ports in the Azure firewall:

53 TCP/UDP – DNS

88 TCP/UDP – Kerberos authentication

123 UDP – W32Time/NTP

135 TCP/UDP – Microsoft RPC Endpoint Mapper

137 UDP – NetBIOS Name Resolution

138 UDP — NetBIOS Datagram Service

389 TCP/UDP – LDAP

139 TCP – NetBIOS Session Service

445 TCP – SMB

464 TCP/UDP – Kerberos Authentication

636 TCP/UDP – LDAP SSL

3268-3269 TCP – Global Catalog

49152-65535 TCP/UDP — Randomly Allocated Ports DFSR RPC ICMP (Ping)

Congratulations! You have successfully set up and configured the Active Directory Domain Controller on Windows Server 2025. With the domain controller now operational, you can efficiently manage your domain resources, users, and security policies. If you encounter any issues or need further customization, refer to the official Microsoft documentation.