Domain Controller (Active Directory) Setup

Domain Controller (Active Directory) Setup

Introduction

There aren't any guidelines or instructions on the functioning of the Uplevel Domain Controller because it acts essentially identically to a conventional Microsoft Domain Controller from the standpoint of workstations. Microsoft offers a variety of online guides, including:  https://docs.microsoft.com/en-us/windows/win32/ad/active-directory-domain-services

Setup:

Creating a Domain is straightforward, yet dissimilar enough from MS Server that using it, for the first time, can be disorienting. We can gladly join you on a video call to assist you with domain configuration and testing.
Our Video Walkthrough steps the viewer through the following:
  1. Connecting a Gateway to the Internet
  2. Connecting a host computer to the Gateway
  3. Logging in to the Uplevel Portal 
  4. Creating a Domain in the Portal > Directory section
  5. Adding a Computer to the Domain - Portal > Directory > Computers tab
  6. Creating a User - Portal > Directory > Users tab
  7. Joining a Computer to the Domain - Microsoft Documentation
  8. Logging in as a Domain User
In the Portal > Directory > Computers Tab, enter the hostnames of all computers that will be joining the domain. To find the hostname, type 'hostname' into the CMD or PowerShell prompt. 

Operating Systems

To join a Domain, you do not need to install any software. In any operating system, you will use the normal setup techniques for joining Domains:
  1. Windows Professional
  2. OSX
  3. Linux
  4. Android
  5. IOS
Windows Home Edition does not support Active Directory in any way. You must have a Widows Pro or Enterprise license to join a domain. 

Administration (Microsoft RSAT toolset):

Starting with Windows 10 October 2018 Update, RSAT is included as a set of "Features on Demand" in Windows 10 itself.  Installation instructions are available on the Learn Microsoft Site or install all RSAT snap-ins with a single command.

From an Administrator Powershell you can install all RSAT tools with a single command:
  1. Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online


You'll use the same administration tools you're used to for day-to-day administration and configuring common Microsoft Domain Controller services,  Microsoft Remote Administration Tools (RSAT), to configure all Active Directory and Domain features. You will only use the Uplevel Portal to add Users and add Computers. Once a User and a Computer are added to the Directory you will use the RSAT ADUC (Active Directory Users and Computers) snap-in to manage all aspects of the account. 

From the LAN side the Uplevel's Directory looks and feels just like Microsoft's Directory. You join your workstation to the domain with any domain user credentials and then log in.

We recommend installing these RSAT tools, at the minimum, to manage your Domain:

Directory Settings

Domain Admin 

From the Director Settings window you will need to create the password for your domain_admin user. Once you have set the domain_admin credentials you will be able to manage all aspects of your domain from the RSAT tools. It is best practice to never join a domain with a user in the "Domain Admins", you will only want to open the RSAT tools as a "Domain Admin" using the runas command to open a program as another user. 




Common Group Policies:

  1. Folder Redirection
  2. Mobile Profiles
  3. Granular Directory Permissions
  4. Enable Audit Logs
  5. Password Policy
  6. Screen Lockout Time
  7. Account Lockout Policy
  8. Restrict access to the command prompt and PowerShell
  9. Limit access to Control Panel options
  10. Limit who can install software
  11. Turn off forced restarts
  12. Monitor Changes to GPO Settings
  13. Block Microsoft Store
  14. Limit access to the Registry
  15. Centrally manage Windows Defender Firewall

Limitations:

The Uplevel Directory can perform almost everything that a Windows Server in a small business context can do. There are some limitations - we don't support multiple domain forests, syncing with Azure AD isn't yet supported, and primary/secondary domain controller relationships are still in the works - but we haven't yet encountered anything significant in the small business environment that the Uplevel Directory couldn't handle.


    • Related Articles

    • Active Directory GPO - Folder Redirection

      Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview If you deploy roaming user profiles with folder redirection in an environment with existing local user profiles, ...
    • Active Directory GPO - Folder Redirection

      Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview Introduction When a user with the folder redirection GPO logs into a Domain joined host, a copy of their directories ...
    • Active Directory GPO - Roaming Profiles

      Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles Introduction A roaming user profile is a file synchronization concept in the Windows operating system that allows users ...
    • Active Directory - Export Microsoft Domain to CSV File

      How to Export User Accounts Using Active Directory Users and Computers You'll be happy to know you can easily export all Active Directory information through the GUI ADUC or with a Powershell script. You only need to open ADUC, navigate to your ...
    • Azure vs. Uplevel Active Directory

      Portions of this article are from the Blog post on our website - https://www.uplevelsystems.com/blog/uplevel-ad-vs-azure-ad-whats-the-difference Introduction On-premises Microsoft Active Directory, Uplevel Active Directory compatible Directory ...