Windows 2016 Domain Controller Setup

Windows 2016 Domain Controller Setup

This guide assumes you have a hypervisor and VMs and/or physical boxes to support setup. This guide uses a fresh install of Server 2016.

Install the following roles by opening up server manager and enabling the following:

Active Directory Domain Services
DHCP Server
DNS Server
File and Storage Services

Install the following features for GPOs:
Group Policy Management

The hope is that you control DHCP addresses and DNS all within a single domain controller. Lookup fail-over for these services if you wish to have more than one after completing the guide.

Upon installing you will be prompted to reboot the server. At this point do so and continue using the following:

Open up your network adapter on your fresh DC and assign an IP from your existing network. If flat proceed with:

192.168.0.XXX (Assign Open IP) (IP of your internal router or host.)

DNS Server Settings:
Preferred: (Itself meaning
Alternative: 3rd Party examples: (Google) or (CloudFlare "Secure")


We'll start with DHCP setup. I never recommend this be your entire setup. Often times you'll want to setup servers on static ips when using DNS for record reasons. However, DHCP is a good fit for fresh servers and existing workstations within a network. These should be split by scope so you can easily decipher what's what easily. Here's we're reviewing basic flat for lab reasons.

When setting up DHCP for the first time you're enabling both IPv6 and IPv4 IPs. For a lab at home IPv4 is more than you'll ever need.

Open up DHCP under administration tools and create a fresh scope for IPs to be handed out by your domain controller.

When selecting a fresh/new scope these are the option you're required to provide:

Starting and Ending IP address range w/ subnet. You can also add inclusions to avoid hanging out existing IP addresses. When finished, close this up but we're not done.


Open UP DNS Manager within admin tools. Right click your domain controller name and add a forward lookup zone. This can be primary (flat) or secondary (uses parent domain to resolve). Here we're creating a primary for ease of use. Enter in what you'd like the domain name to be and continue. You'll then use the option to use all DNS servers within this domain. Name your zone accordingly. This is used to join other boxes using the domain field within Windows. On the next screen use the recommended option for Allow only secure dynamic updates and finish to continue setting up DNS.

At this point you should be able to join the domain controller to your created domain name. Do so and reboot your box.

Now for reverse lookup zones. Open up DNS Manager and your existing reverse lookup zone. Here we'll create a Pointer record for our domain controller. When creating a forward the SOA and NS records should already be pointed at your domain controller box. If they aren't create a new reverse lookup and specify your IP and FQDN (Fully Qualified Domain Name) as needed. Right click your reverse lookup zone right click, you should seen an option for New Pointer (PTR). Select this option and specify your FQDN for the domain controller with it's IP address. Without configuring this you won't be able to join any machines into your domain network.

Once this is accomplished you should be able to join another box within the same flat network to your domain.

You can now play with DHCP/DNS/GPM as needed, as well as create "Domain Users" which are AD objects and are often used to create new users within any corporate environment. The capabilities of what you can accomplish and pretty extensive. If you'd like keys/policy/practices added here please feel free to ask. I'll provide mission critical and good practices as requested.

This isn't a fully secure guide. You'll need to take into account port traffic and network security.