This guide is especially made for server admins and people who want to create a domain at their office, company or university. We will teach you how to create a domain and add users to it step by step, but first, read the next section if you want to know what exactly a domain.
So, what’s a domain?
A domain is a network. As a higher level network than Homegroups and Workgroups, it does require the presence of a computer running Windows Server (Windows Server 2012 R2 and 2016 are the most common now) and the other computer running Pro or Enterprise versions of Windows (Windows 10 Pro / Enterprise are the most powerful ones now).
Linking these machines using a domain makes it very easy for the user to work on any computer without feeling any difference: He or she just need to enter their username and password and they’ll find their personal version of the operating system (settings, files …etc).
This kind of network is very useful because you don’t have to offer every employee/student a private computer, their local account will be on the domain ready and easy to be accessed from any computer on the domain only by entering their credentials on the lock screen.
Here’s a full guide on how to create a domain and if you need help with how to join a domain, or want to send an explanation on that to the users in your network, check this other guide out:
OK then, how do I create a domain?
First of all, make sure your Windows is activated. Follow these steps to do it:
- Right-click on This PC in your start menu and select Properties.
- If it’s activated, you’ll find it saying “Windows is activated” and you’ll see the product key. If it says Windows is not activated you’ll need to enter your key.
Now, let’s set a password for your administrator account.
Before creating a domain, Microsoft must ensure its safety. That’s why your administrator account must be protected by a password. Here’s how to set it:
- Open Administrative tools from your Start menu.
- Open Computer Management.
- Select Local Users and Groups from the left pane and then double-click on the Users folder.
- Right-click on Administrator and select Set Password... .
- Click Proceed.
- Enter and confirm your password. It must contain 8 characters at least, a combination of letters, symbols and numbers.
- Click Ok.
Now, let’s create our domain
- Open Server Manager from your taskbar or Start menu.
- Click Add roles and features.
- Click Next.
- Leave it as it is by default (Role-based or featured-based installation) and click Next.
- On the Server Selection page, you’ll find the Select a server from the server pool and the default server there. Select it and click Next.
- Check Active Directory Domain Services.
- In the pop-up window, click Add Features.
- Now once checked, click Next.
- Make sure Group Policy Management is checked and click Next.
- Click Next.
- Confirm all your selections and click Install.
- Wait until the installation finishes then click Close.
- Once done, you’ll see a notification on the flag icon. Click on it and select Promote this server to a domain controller.
- Select Add a new forest and enter the domain name ending with .local and then click Next.
- Create a DSRM password and confirm it then click Next.
- Ignore the DNS warning and click Next.
- Confirm the NetBIOS domain name (created by default) and click Next.
- Confirm your paths and click Next.
- Review your selections and click Next.
- Click Install (Once finished, the computer will reboot automatically).
Now the domain is ready, let’s create a user to enable a computer on the network to join it.
How to create a user to join a domain?
- Open Administrative Tools from your start menu.
- Open Active Directory Users and Computers.
- Go to the Users folder under your domain name from the left pane, right-click and choose New > User.
- Enter the user First name, User logon name (You’ll provide the user this one) and click Next.
- Enter a password and retype it, you’ll be able to choose from a set of options: You can force the user to change the password him/herself the first time he/she joins the domain, you can disallow them to change their password, you can make the password permanent without expiration and finally you can disable this account until you enable it back yourself as the domain admin.
Now, what should you provide to the user to join the domain?
- The domain name.
- The user logon name.
- The user’s password.
- Finally the server IP and let him/her set it as their primary DNS. This can make the connection to the server more reliable.
Here’s how to know you IP:
- Right-click on your network icon at the clock area and then click Open Network and Sharing Center.
- Click on the Connection you’re working on (Ethernet or the WIFI name).
- Click on Details.
- Now your IP is the IPv4 Address, give it to the user.