Learn How To Install Microsoft Active Directory On A Windows Server 2008 R2 Virtual Machine In 10 Minutes.

Managing desktops, laptops, servers, apps and shared resources in your organization has its challenges. Each can have its own user accounts and credentials that may vary from one server / application to the next. As you add more IT resources keeping track of user accounts and credentials can be a challenge. If you use Windows in your organization, a widely used solution that can help to address some of these challenges is ACTIVE DIRECTORY. It is a centralized solution that allows you to provide users with SINGLE SIGN ON so they can use the same credentials on multiple devices, apps and shared resources, implement company IT policies through group policy, create users and grant them access to Windows laptops, servers, and applications, manage operating system tasks such as when to install updates, restrict users from making changes to the operating system such as changing settings and installing applications. There are many benefits of using ACTIVE DIRECTORY in your organization and in this tutorial you will learn how to install it on a Windows Server 2008 R2 virtual machine in just about 10 minutes or less. If you would like a PDF copy of this tutorial, click on the button below to download it now.


In order to complete this tutorial, the following is a list of items that may be needed and/or required. Please ensure to have these items available before taking implementation action on this tutorial:
1) A desktop or laptop with a dual core. processor, 4GB of RAM and 50GB of free disk space
2) Windows 7, Windows 8, Windows 10, MacOS or Linux
3) Oracle VM VirtualBox 6.1 or newer.
4) Windows Server 2008 R2 standard or enterprise edition disk image file (ISO FILE).
5)The VIRTUALBOX extension pack and VIRTUALBOX guest additions.


1) Open VIRTUALBOX 6.1 and create a WINDOWS SERVER 2008 R2 virtual machine.
2) Run the command “dcpromo” to start the ACTIVE DIRECTORY INSTALLATION process.
3) Complete the ACTIVE DIRECTORY installation wizard and create an installation answer file.
4) Learn how to access the ACTIVE DIRECTORY management interface.
5) Explanation of common terms used in ACTIVE DIRECTORY.

Step 1: Open VIRTUALBOX 6.1 And Create A WINDOWS SERVER 2008 R2 Virtual Machin

1) Open VirtualBox 6.1 and click on MACHINE > NEW or click on the NEW button to open the VIRTUAL MACHINE creation wizard. Click on the EXPERT MODE button and type in a name for the virtual machine on the NAME textbox.

Select a folder to save virtual machine files on the MACHINE FOLDER field, set the TYPE to MICROSOFT WINDOWS and the VERSION to WINDOWS 2008 (64 BIT) and set the amount of memory to allocate to the virtual machine to 2048MB or 2GB.

Click on the CREATE A VIRTUAL HARD DISK NOW option and click on CREATE..

2) The next step is to select the size of the virtual hard disk that you would like to create, the hard disk file type and whether it should be dynamically allocated or a fixed size VHD.

Set the FILE SIZE slider to 50GB or more, select VDI (VIRTUALBOX DISK IMAGE) on the HARD DISK FILE TYPE options and choose DYNALICALLY ALLOCATED on the STORAGE ON PHYSICAL HARD DISK options.

Click on CREATE to proceed to the next step

3) Right click on the virtual machine, click on SETTINGS and click on the STORAGE tab. Click on the ADD OPTICAL DRIVE icon and click on the ADD button. Browse to the folder where the WINDOWS SERVER 2008 R2 disk image file is located and click on OPEN.

Select the ISO file from the list of NOT ATTACHED disk image files, click on CHOOSE then click on OK.

4) Right click on the newly created virtual machine and click on START > NORMAL START.

5) When the virtual machine completes the startup process, a program called INSTALL WINDOWS will open. Set the LANGUAGE TO INSTALL to ENGLISH, set the TIME AND CURRENCY FORMAT to ENGLISH and click on NEXT.

Complete the installation process to proceed to the next step.

NB: A step by step guide on how to complete the installation of WINDOWS SERVER 2008 R2 is available HERE

6) Once the installation is complete, rename the WINDOWS SERVER. Click on START, right click on MY COMPUTER and click on PROPERTIES.

Click on CHANGE SETTINGS and click on the CHANGE button. Enter a name for the WINDOWS SERVER such as the name of your organization or physical location and click on OK.

Restart the virtual machine to APPLY changes

Step 2: Run The Command “dcpromo” To Start The ACTIVE DIRECTORY INSTALLATION Process

7) Log into Windows and click on START and search for “RUN” on the START MENU search bar (Or press WINDOWS + R on your keyboard). Click on the RUN program to open it, type CMD and click on OK to open the WINDOWS SERVER command prompt.

Click on CHANGE SETTINGS and click on the CHANGE button. Enter a name for the WINDOWS SERVER such as the name of your organization or physical location and click on OK.

Restart the virtual machine to APPLY changes

8) On the command prompt run the following command to start the ACTIVE DIRECTORY installation process:


Step 3: Complete The ACTIVE DIRECTORY Installation Wizard And Create An Installation Answer File.

9) An ACTIVE DIRECTORY DOMAIN SERVICES installation wizard will open. Click on the NEXT button to proceed to the next step.

10) The installation wizard will display information and new security improvements in Windows Server 2008 domain controllers and more. Click on NEXT to proceed to the next step

11) On the CHOOSE A DEPLOYMENT CONFIGURATION step, you can choose to either create a domain controller for an existing forest or to create a new domain in a new forest. Click on the CREATE A NEW DOMAIN IN A NEW FOREST and click on NEXT.

12) Enter a name for the forest root domain and click on NEXT. Below three conventions that you can use for naming your domain:

 Option 1: Use a valid TLD (Top Level Domain, also known as routable domain) registered to your company. Some examples of this are or;

Option 2: Use a subdomain of a valid TLD that is registered to your company. Some examples include,, etc.

Option 3: Use non-TLD name (or non-routable domain). For example, you may want to use domain.local,, or domain.corp.

13) Next, you need to select the FOREST FUNCTIONAL LEVEL. Please note that the functional level that you select determines the features in ACTIVE DIRECTORY DOMAIN SERVICES that will be enabled. The functional level selected also restricts the version of WINDOWS SERVER that can be used to run any additional domain controller in the forest.

On the FOREST FUNCTIONAL LEVEL dropdown menu, select WINDOWS SERVER 2008 R2 and click on NEXT.

13) Ensure that the DNS SERVER check box is checked and click on NEXT.

If a STATIC IP ADDRESS is not assigned on the WINDOWS SERVER a warning message will be displayed prompting you if you would like to proceed with the AD configuration using a dynamically allocated address or if you would like to assigned a STATIC IP ADDRESS first before proceeding.



13) Click on the USE THE FOLLOWING IP ADDRESS radio button, enter the IP ADDRESS, SUBNET MASK and DEFAULT GATEWAY on the appropriate space provided and click on the USE THE FOLLOWING DNS SERVER ADDRESSES radio button.

Set the PREFERRED DNS SERVER to and the ALTERNATE DNS SERVER to and click on OK.

14) On the ACTIVE DIRECTORY DOMAIN SERVICES WIZARD, click on NEXT on the ADDITIONAL DOMAIN CONTROLLER OPTION window.A popup window will be displayed informing you that a delegation for the DNS SERVER cannot be created because the authoritative parent ZONE cannot be found. 

Click on YES to proceed to the next step

15) The next step is to specify the folders that will contain the ACTIVE DIRECTORY domain contoller database, log files and SYSVOL. We recommend that you leave the default selected folders as they are. Click on NEXT to proceed to the next step.

16)  Set a password for the ACTIVE DIRECTORY restore mode administrator account and click on NEXT.

We recommend that you specify a password that contains an upper case letter, lower case letter, a number and a special character such as an exclamation mark or asterisk. Alternatively you can use the BILLYSOFTACADEMY PASSWORD GENERATOR available HERE! to generate a strong and secure password.

17) The SUMMARY window will display all the selections that you made in previous steps and if you would like to make any changes click on the BACK button to go back to previous steps.

To create an ANSWER FILE that you can use when deploy additional domain controllers in click on the EXPORT SETTINGS button.

18) Enter an easy to remember file name, such as ACTIVE-DIRECTORY-ANSWER-FILE on the FILE NAME text input box. Ensure that the SAVE AS TYPE option is set to TEXT FILES (*.txt) then click on SAVE.

Click on NEXT to proceed with the ACTIVE DIRECTORY installation.

18) Click on the REBOOT ON COMPLETION check box to restart the WINDOWS SERVER once the installation is complete.

Step 4: Learn How To Access The ACTIVE DIRECTORY Management Interface.

18) Active directory can be managed using the WINDOWS SERVER MANAGER. It is a server management interface  that allows you to install, monitor, configure and manage server roles and features.

To open SERVER MANAGER, click on the icon on the task bar as indicated by the red arrow in the image on the right.


This will expand the ROLES tree and open the active directory domain that you created in the previous steps. You will see folder for COMPUTERS, DOMAIN CONTROLLERS, USERS etc and if you right click on each folder you will see options for adding items such as users, computers, printers, groups and more!


18) Below are definitions of some of the most common terms that are used by ACTIVE DIRECTORY professionals. It important for you to know the terms as well as what they mean:
Active Directory

Active Directory is a directory service that centralizes the management of users, computers and other objects within a network. Its primary function is to authenticate and authorize users and computers in a windows domain. For example, when a user signs into a computer on the domain it checks the username and password that was submitted to verify the account. If it is a valid username and password the user is authenticated and logged into the computer.

Functional Levels Functional levels determine what capabilities are available in the domain. Higher functional levels allow you to use the latest and greatest technologies in your Active Directory domain. When possible use the highest functional levels for your domain controllers. Forest A forest is a collection of domain trees. The domain tree shares a common schema and configuration container. The domain tree is connected together through a transitive trust. When you first install Active Directory and create a domain you are also creating a forest. FQDN – Fully Qualified Domain Name Fully Qualified Domain name is the hostname + the domain, for example, my domain is, a computer in the domain with hostname PC1 so the FQDN would be

AD – This is just an abbreviation for Active Directory

AD DS – This is a server that is running the Active Directory Domain Services Role

Domain Controller – This is also a server running the Active Directory Domain Service Role.


The domain is a logical structure of containers and objects within Active Directory. A domain contains the following components:

A hierarchical structure for users, groups, computers and other objects
Security services that provide authentication and authorization to resources in the domain and other domains
Policies that are applied to users and computers
A DNS name to identify the domain. When you log into a computer that is part of a domain you are logging into the DNS domain name. My DNS domain is, this is how my domain is identified.

Domain Tree

When you add a child domain to a parent domain you create what is called a domain tree. A domain tree is just a series of domains connected together in a hierarchical fashion all using the same DNS namespace. If was to add a domain called training, or videos it would be named and These domains are part of the same domain tree and a trust is automatically created between the parent and child domains.

Host Name
This is most often the DNS A record, the DNS name of a device that can be communicated with. For example, a server with the name of DC1. If DC1 was registered in DNS you would refer to that as the hostname.

A zone is used to host the DNS records for a particular domain. The most important and commonly used zone type is Active Directory integrated zones. There are several other zones you should be familiar with, I cover the other zones in my article, Windows DNZ

DNS Aging and Scavenging

This is a feature that can be enabled to help automate the cleanup of stale DNS records. I’ve created a separate post that explains more and provides step by step instructions to configure DNS Aging and Scavenging.

SRV Records Used by Active Directory

In a Windows Domain, SRV records are used by clients to locate domain controllers for Active Directory. When you install the AD DS service the process will automatically create the SRV records for Active Directory.

Active Directory creates its SRV records in the following folders, where Domain_Name is the name of your domain:
Forward Lookup Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp

DHCP filtering DHCP filtering can be used to deny or allow devices based on their MAC address. For example, I use it to block mobile devices from connecting to our secure wifi. Superscopes A superscope is a collection of individual DHCP scopes. This can be used when you want to join to scopes together. Honestly, I’ve never used this. Split Scopes This is a method of providing fault tolerance for a DHCP scope. Using DHCP failover is not the preferred method for fault tolerance. DHCP Failover DCHP failover was a new feature starting in server version 2012. It allows two DHCP servers to share lease information providing high availability for DCHP services. If one server becomes unavailable the other server takes over.

Active Directory Federation Services (AD FS)
The federation service allows single sign on to external systems like web sites and applications. Office 365 is a common use for federation services. When you sign into office 365 the username and password is redirected through the federation server and the credentials are checked against your on-premise Active Directory. So this allows you to provide authentication to external systems by using your local Active Directory to authenticate the username and password.

Active Directory Lightweight Directory Services (AD LDS)
This service provides directory services using the LDAP protocol without the need to deploy domain controllers. This is primarily used to provide directory service functionally to directory enabled applications. This does not replace AD DS.
Active Directory Rights Management Services (AD RMS)
This service provides methods for protecting information on digital content. It protects documents by defining who can open, modify, print, forward or take other actions on documents. You can also use certificates to encrypt documents for better security.

Resource Records

A resource record is an entry in the DNS system that helps locate resources based on IP or a domain name. There are many types of resource records, below is a list of common record types:

A – maps a hostname to an IPv4 address
AAAA – Maps a hostname to an IPv6 address
CNAME – Maps an alias to a hostname
MX – Used to locate a mail server
NS – Specifics a name server for a domain
PTR – Maps an IPv4 address to a hostname. The reverse of an A record.
SOA – Contains administrative information
SRV – Used to locate servers that host specific services
TXT – Can contain various data. Often used for verifying domains and security reasons.

Dynamic DNS (DDNS)

Dynamic DNS is a method for clients to register and dynamically update their resource records with a DNS server. This allows clients that use DHCP to auto update their DNS record when their IP address changes…