Getting active-directory right from the start saves hours of debugging later. In this comprehensive guide, we'll cover everything from initial setup to production-ready configuration, including domain and setup considerations.
Prerequisites
- A registered domain name (for public-facing services)
- Windows Server 2022 or later
- Administrator access to the server
- Root or sudo access to the server
Installation Steps
The default configuration works well for development environments, but production servers require additional tuning. Pay particular attention to connection limits, timeout values, and logging settings.
# Windows Server initial configuration
Rename-Computer -NewName "MYSERVER" -Restart
Set-TimeZone -Id "Eastern Standard Time"
# Enable Windows Firewall rules
New-NetFirewallRule -DisplayName "Allow HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.
- Enable automatic security updates for critical patches
- Test your backup restore procedure monthly
- Monitor disk space usage and set up alerts
- Keep your system packages updated regularly
Initial Configuration
After applying these changes, monitor the server's resource usage for at least 24 hours to ensure stability. Tools like htop, iostat, and vmstat can provide real-time insights into system performance.
# Install Windows features
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
Install-WindowsFeature -Name active-directory -IncludeAllSubFeature
# Check installed features
Get-WindowsFeature | Where-Object Installed
The configuration above sets the recommended values for a VPS with 2-4GB of RAM. Adjust the memory-related settings proportionally if your server has different specifications.
Service Management
After applying these changes, monitor the server's resource usage for at least 24 hours to ensure stability. Tools like htop, iostat, and vmstat can provide real-time insights into system performance.
# Windows Server initial configuration
Rename-Computer -NewName "MYSERVER" -Restart
Set-TimeZone -Id "Eastern Standard Time"
# Enable Windows Firewall rules
New-NetFirewallRule -DisplayName "Allow HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.
Security Settings
Security should be a primary consideration when configuring active-directory. Always use strong passwords, keep software updated, and restrict network access to only the necessary ports and IP addresses.
# Install Windows features
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
Install-WindowsFeature -Name active-directory -IncludeAllSubFeature
# Check installed features
Get-WindowsFeature | Where-Object Installed
These commands should be run as root or with sudo privileges. If you're using a non-root user, prefix each command with sudo.
Wrapping Up
Following this guide, your active-directory setup should be production-ready. Keep an eye on resource usage as your traffic grows and don't forget to test your backup and recovery procedures periodically.