Guidance on usage: AD DC Datacenter with Windows Server 2025 on Amazon

Connection and Configuring the AD DC Datacenter with Windows Server 2025

To connect to the Server, you should generate a “Private Key” in advance. This can be done using Guidance on usage

Connecting and pre-configuring the server

  1. To connect to the virtual machine, click the Remote desktop file from Step 10 of the Guidance on usage
  1. In the window that appears, enter the password from Step 12 of the Guidance on usage and click OK
  1. Check the box and click Yes.
  1. Once connected, right-click the network icon at the bottom-right of the Task Bar and select Network and Internet Settings from the menu.
  1. In the Network and Internet window click Advanced network settings 
  1. Expand the Ethernet item and edit adapter settings.
  1. Select Internet Protocol Version 4 (TCP/IPV4) and click Properties
  1. You can customize the following parameters to suit your needs (example on the screen)
    • Fill in your private IPV4 IP address, subnet mask, and default gateway.
    • Fill in the preferred DNS server as 127.0.0.1, which is known as your localhost IP.
    • The alternate DNS server address will be the IP address of another domain controller in your forest. If you haven’t set one up yet, you can leave this blank and update it later if you plan to set up additional domain controllers.

and click OK

  1. Then Close the properties window

After that, you will need to reconnect to the VM

Active Directory Installation Steps

  1. Connect to the VM and open up Server Manager 
  1. Click on the yellow notification and select Promote this server to a domain controller
  1. This will start the Active Directory Configuration Wizard. The next section demonstrates how to set up a new forest, but if you are adding this to an existing domain, you can choose the relevant option. 

Select the option to add a new forest and type FQDN for the domain. Then click Next

  1. On the next page, you can select the domain and forest functional levels. Then type a password for DSRM. Then click Next
  1. Since you are creating the first DNS server in the new forest, it is not necessary to select additional parameters and click Next to proceed
  1. For the NETBIOS name, keep the default and click Next>
  1. The next page is to define the NTDS, SYSVOL, and LOG file folders. You can keep the default or define different paths for these. This demo shows how to keep the default paths. Once changes are done, click Next to continue
  1. The option to review configuration changes will be given on the next page.

If everything looks OK you can click Next to proceed or otherwise can go back and change the settings.

  1. On the next window, the prerequisite check will be done.

If it passes, it will enable the option to install. Click on the Install button to begin the installation process.

  1. Then the installation process of promoting this server to a Windows domain controller will be started.
  1. After the AD installation, the server will restart automatically. Once it comes back online, log in to the server.
  1. Once logged in you can open up the active directory administrative center by clicking the dsac shortcut on the desktop.
  1. Also, you can use Get-ADDomain | fl Name, DomainMode, and Get-ADDomain | fl Name, DomainMode commands in PowerShell to confirm the domain and forest functional levels

Active Directory Firewall Ports

In order to your domain controllers to communicate with other domain controllers in your Active Directory, you will need to make sure the following firewall ports are open between domain controllers in your cloud environment or on-premises domain if you have a hybrid setup:

  •  RPC endpoint mapper: port 135 TCP, UDP
  • NetBIOS name service: port 137 TCP, UDP
  • NetBIOS datagram service: port 138 UDP
  • NetBIOS session service: port 139 TCP
  • SMB over IP (Microsoft-DS): port 445 TCP, UDP
  • LDAP: port 389 TCP, UDP
  • LDAP over SSL: port 636 TCP
  • Global catalog LDAP: port 3268 TCP
  • Global catalog LDAP over SSL: port 3269 TCP
  • Kerberos: port 88 TCP, UDP
  • DNS: port 53 TCP, UDP

 

By following these steps, you should now have a fully configured Active Directory Domain Controller on Windows Server 2022 Datacenter. With your domain environment set up, you’re ready to manage users, groups, and resources efficiently. If you encounter any issues or need further assistance, consult the official Microsoft documentation to ensure optimal performance and security for your network.