Create a Virtual Active Directory Domain Controller

  • Article

Applies To: Windows Server 2008 R2

You can use Hyper-V to efficiently test complex infrastructure scenarios in an isolated environment that can closely emulate the real-life environment of your organization. Many of these infrastructure scenarios might require an Active Directory® domain controller. This topic explains how to create a virtual domain controller in Hyper-V.

Scenario prerequisites

To test this scenario, you will need the following:

  • Complete all steps in the main section of this guide. After you complete all the steps, you will have a virtualization server and the following two virtual machines: Base Virtual Machine (used for creating new virtual machines) and Imported Virtual Machine. Also, you will have a private virtual network that you can use for the domain controller.

  • Repeat the steps in Step 7: Use the Base Virtual Machine to Create a New Virtual Machine to create a new virtual machine. Name that virtual machine Domain Controller, and during configuration of Windows Server 2008 R2, specify DC as the computer name for that virtual machine.

  • Imported Virtual Machine is running, Windows Server 2008 R2 is configured, and the computer name for the virtual machine is VirtualMachine1.

  • Optional: A minimum of 512 MB of RAM on the virtualization server for every virtual machine running Windows Server 2008 R2 that you want to create and connect to the virtual domain controller (in addition to the first virtual machine). For example, if you only connect one virtual machine to the virtual domain controller, the minimum 2048 MB (2 GB) of RAM that is required for the virtualization server in this guide will suffice. If you want to connect three virtual machines to the virtual domain controller, you need 3064 MB (3 GB) of RAM on the virtualization server (512 MB of RAM is required for each of the two additional virtual machines). If your virtualization server has enough RAM, you can assign a larger amount of RAM to each virtual machine, but 512 MB is the minimum required for each.

  • Optional: A minimum of 16 GB of additional hard disk drive space on the virtualization server for every virtual machine running Windows Server 2008 R2 that you want to create and connect to the virtual domain controller (in addition to the first virtual machine). For example, if you only connect one virtual machine to the virtual domain controller, the minimum 60 GB of hard disk drive space that is required for the virtualization server will suffice. If you want to connect three virtual machines to the domain controller, you need an additional 32 GB of hard disk drive space for the two additional virtual machines.

Scenario steps

The following procedure explains how to create a virtual domain controller, connect it to an isolated private virtual network, and connect other virtual machines to the virtual domain controller.

To create a virtual domain controller and connect a virtual machine to it

  1. On the virtualization server, open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager.

  2. Connect the Domain Controller virtual machine to the private virtual network as follows:

    1. In Hyper-V Manager, under Virtual Machines, right-click Domain Controller, and then click Settings. The Settings for Domain Controller dialog box appears.

    2. In the left navigation pane, click Network Adapter.

    3. In the Network list, click Private Network, and then click OK.

      The virtual machine is now isolated from all computers that are connected to the external network, and it can only communicate with virtual machines that are connected to the private virtual network.

  3. Connect the Imported Virtual Machine virtual machine to the private virtual network in the same way that you connected the Domain Controller virtual machine.

  4. On the Domain Controller virtual machine, assign the network adapter the static IP address 33.0.0.1 as follows:

    1. On the Domain Controller virtual machine, log on using the Administrator account, and then in the Initial Configuration Tasks window, under Provide Computer Information, click Configure networking. The Network Connections window opens.

Note

If you already closed the Initial Configuration Tasks window, to open it again, click Start, click Run, type oobe, and then press ENTER. 

2.  Right-click the network adapter (there should be only one), and then click **Properties**. The **Properties** dialog box for the network adapter appears.  
      
3.  In the list of connection items, double-click **Internet Protocol Version 4 (TCP/IPv4)**. The **Internet Protocol Version 4 (TCP/IPv4) Properties** dialog box appears.  
      
4.  On the **General** tab, click **Use the following IP address**.  
      
5.  In the **IP address** box, type **33.0.0.1**.  
      
6.  In the **Subnet mask** box, type **255.255.255.0**.  
      
7.  In the **Preferred DNS server** box, type **33.0.0.1**.  
      
8.  Leave all other fields blank, and click **OK**.  
      
9.  In the **Properties** dialog box for the network adapter, click **OK**.  
      
10. Close the **Network Connections** window.

  1. On the Domain Controller virtual machine, install the Active Directory Domain Services server role, and configure the contoso.com domain as follows:

    1. In the Initial Configuration Tasks window, under Customize This Server, click Add roles. The Add Roles Wizard opens.

    2. On the Before You Begin page, click Next.

    3. On the Select Server Roles page, select Active Directory Domain Services. When you are prompted about adding features, click Add Required Features, and then click Next.

    4. On the Active Directory Domain Services page, click Next.

    5. On the Confirm Installation Selections page, click Install.

    6. On the Installation Results page, in the list of results, click Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe). The Active Directory Domain Services Installation Wizard appears.

Note

If you already closed the Add Roles Wizard to open the Active Directory Domain Services Installation Wizard , click Start, click Run, type dcpromo, and press ENTER. 

7.  To take a snapshot of the virtual machine, in the **Action** menu, click **Snapshot**, type a name for the snapshot, and then click **Yes**.  
      
    This is a good time to take a snapshot of the virtual machine. Having a snapshot of the current state can help you return to the point where Active Directory Domain Services was installed but not yet configured.  
      
8.  On the **Welcome to the Active Directory Domain Services Installation Wizard** page, click **Next**.  
      
9.  On the **Operating System Compatibility** page, click **Next**.  
      
10. On the **Choose a Deployment Configuration** page, click **Create a new domain in a new forest**, and then click **Next**.  
      
11. On the **Name the Forest Root Domain** page, type **contoso.com**, and then click **Next**.  
      
12. On the **Set Forest Functional Level** page, in the **Forest functional level** list, click **Windows Server 2008 R2**, and then click **Next**.

Note

If you are connecting computers to the virtual domain that is running Windows Server 2008, Windows Server 2003, or Windows 2000 Server, select that functional level instead. 

13. On the **Additional Domain Controller Options** page, ensure that the **DNS Server** check box is selected, and then click **Next**. If a dialog box appears that states the delegation of the DNS server cannot be created, click **Yes** to continue.  
      
14. On the **Location for Database, Log Files, and SYSVOL** page, click **Next**.  
      
15. On the **Directory Services Restore Mode Administrator Password** page, type and confirm the password for the **Directory Services Restore Mode Administrator** account, and then click **Next**.  
      
16. On the **Summary** page, click **Next**.  
      
17. In the dialog box that appears with information about the installation progress, select the **Reboot on completion** check box.  
      
    The installation of Active Directory Domain Services might take several minutes. After the installation is complete, the virtual machine restarts automatically. Do not proceed to the next step until the virtual machine restarts.

  1. After the Domain Controller virtual machine restarts, create new domain users as follows:

    1. On the Domain Controller virtual machine, log on using the Administrator account, and open the Active Directory Users and Computers snap-in. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

    2. In the console tree, expand contoso.com, and then click Users.

    3. In the Action menu, point to New, and then click User. The New Object – User dialog box appears.

    4. Type a first and last name for the user, a user logon name, and then click Next.

    5. Type and confirm a password for the user, and clear the User must change password at next logon check box. Optionally, clear the Password never expires check box. To continue, click Next.

    6. Review the information that you specified for the new domain user, and if it is correct, click Finish. If you need to make changes, click Back.

    7. If you want to add more domain users, repeat the previous steps. When you have finished adding domain users, close the Active Directory Users and Computers snap-in.

  2. On the Imported Virtual Machine virtual machine, assign the network adapter the static IP address 33.0.0.2 in the same way that you assigned a static IP address to the network adapter in the Domain Controller virtual machine. Also, specify the preferred DNS server as 33.0.0.1 (the IP address of the virtual domain controller).

  3. Join the Imported Virtual Machine virtual machine to the contoso.com domain as follows:

    1. On the Imported Virtual Machine virtual machine, log on using the Administrator account, and then in the Initial Configuration Tasks window, under Provide Computer Information, click Provide computer name and domain. The System Properties dialog box appears.

    2. On the Computer Name tab, click Change. The Computer Name/Domain Changes dialog box appears.

    3. Under Member of, click Domain, type contoso.com, and then click OK. The Windows Security dialog box opens.

    4. Type the user credentials for one of the domain users that you previously created, and then click OK.

    5. In the dialog box that appears and welcomes you to the contoso.com domain, click OK.

    6. When asked if you want to restart the virtual machine, click OK.

    7. To close the System Properties dialog box, click Close.

    8. When asked again if you want to restart the virtual machine, click Restart Now. The virtual machine joins the contoso.com domain and then restarts.

Additional considerations about this scenario