In this page I detail how I setup a Windows 2019 Server Core to act as a secondary domain controller, as well as how to configure a Windows 10 host to manage servers via server manager.

Notes

I first I changed its network adapter to LAN, then I booted up server core where I was met with a prompt to setup a password, This is for a local admin, NOT a domain admin, REMEBER THIS I maneuvered these prompts with the TAB key.

Then I entered the command "sconfig" to enter a selection screen where I first selected "8" to enter network settings. I then set the following information by selecting option "1":

• hostname = AD02-lastname
• Domain = firstname.local (FQDN = AD02.firstname.local)
• IP = 10.0.5.6
• netmask = 255.255.255.0
• gateway = 10.0.5.2
• DNS = 10.0.5.6 - NOTE: this will later be changed to 127.0.0.1, but is temporarily this

I then selected option "4" to exit, and then option "2" where I set the computer name to "AD02-firstname" (I did not actually set it as this, since I had originally set ad01 as this when I rebuilt the network I received a SPN error later in installation, to remedy I changed AD02-firstname to AD2-firstname. Skip this if you did not setup ad01 how I did before), This will then require a reboot which I did.

I then re-logged in and wen into powershell with the command "powershell", where I would then do the following:

Install the AD Domain Services with the command:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

See the new cmdlets available with the command, this checks to make sure that previous command was successful:

Get-Command -Module ADDSDeployment

Prompt the server to a domain controller with the command, BOLD is for domain information:

Install-ADDSDomainController -InstallDns -Credential (Get-Credential firstname\Administrator) -DomainName firstname.local -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "SUPERSECRETPASSWORD" -Force)

After I read the messages I pressed ENTER, where the system rebooted and I re-logged in as firstname\Administrator. I then re-ran "sconfig" to make sure all was good, and to change the Date and Time to match the real time.

I then exited sconfig and entered into powershell with the command "powershell", and entered the command:

Set-DnsClientServerAddress –InterfaceAlias Ethernet0 -ServerAddresses 127.0.0.1

To test all was working I ran "ipconfig /all", and ad02 was set as its own DNS server, then I successfully pinged google.com.

I then switched over to dhcp01, nanoed into dhcpd.conf with the command "nano /etc/dhcp/dhcpd.conf".

Here I changed option "domain-name-servers 10.0.5.5;" to "option domain-name-servers 10.0.5.5,10.0.5.6;".

Then I switched to ad01, set the time correctly, and shut it down. Then I switched to a second Windows 10 host > changed its network adapter to LAN> booted it up > logged in with champuser account (info on canvas) > when prompted joined firstname.local > named it wks02-firstname > joined it to the domain (different from previous step) > and set its time correctly. After this I turned ad01 back on.

I checked everything was working well with the command "ipconfig /all", where I saw 2 DNS servers.

After this I configure wks02 with RSAT to manage active directory.

RSAT setup

First I updated the wks02, made sure to be logged in as a Domain Administrator, and then I used this guide to install RSAT, or I could have followed the below instructions.

First I searched for "Apps and Features" and clicked it > then I selected "Optional features" > clicked "Add a feature" > Then I scrolled down and clicked on/installed all of the RSAT tools.

I then searched for "server manager" and clicked it > right-clicked "All servers" and clicked “Add Server.” > Clicked the DNS tab > searched for "ad01-firstname" and pressed enter > it should show up in the results, where I double clicked it to add it to the right box > I repeated the search but with "ad02-firstname" > I then clicked "OK".

The below steps might not apply, especially if you are logged in as a domain admin

This may provide an error, this is fine. I then went to servers and right clicked ad01 > clicked "Manage as..." > entered credentials for Domain admin account. I repeated these steps for ad02.