Windows Server 2016: How to add AD DS and DNS roles using PowerShell?

The following is a sample chapter from the e-Book Windows Server 2016: How to install and add roles? (Server Core). Enjoy reading!

All this modern technology just makes people try to do everything at once.” Bill Watterson

What is Active Directory Domain Services (AD DS)?

Active Directory Domain Services (AD DS) was introduced by Microsoft in Windows 2000 Server replacing Windows NT’s Primary Domain Controller (PDC) and Backup Domain Controller (BDC). AD DS is a distributed database which stores objects in a hierarchical, structured, and safe format. AD DS objects typically represent users, computers, peripheral devices and network services. Any object is uniquely identified by its name and attributes. The domain, the forest, and the tree represent logical division of AD DS network. To ease the administration of objects, AD DS provides organizational units (OU). Thus, on organizational units (OU) group policies (GP) can be applied. AD DS uses the following protocols:

  • Lightweight Directory Access Protocol (LDAP) to access the directory services data
  • Kerberos to prove identity between users and servers on the network
  • Domain Name System (DNS) to translate domain names into IP addresses

What is Domain Name System (DNS)?

Domain Name System (DNS) dates back from the ARPANET era. At that time, scientists engaged in the ARPANET project were trying to find a way of memorization of names instead of an IP addresses. Thus, in the beginning of ’80s, in the form of Requests for Comments (RFC) documents were published the first specifications about the domain name system (DNS). Essentially, DNS is the tree structure (hierarchical) where each branch represents the root zone and each leaf has zero or more resource records. Each area represents a root domain or multiple domains and sub-domains. A domain name consists of one or more parts called labels and separated by points (e.g. Since DNS is maintained by a database which uses distributed clients-server architecture then network nodes in such network represent the names of the servers. In the following lines the DNS working process is shown which lasts in milliseconds (ms):

  • if you type in your browser’s address bar the web address then your browser will make a request to the Internet to access the website
  • the very first server that your browser runs into is the Recursive Resolver which may be provided by your Internet Service Provider (ISP)
  • the Recursive Resolver will then contact the root servers that are scattered all over the globe and contain the information about Top-level domains, in our example .com
  • the Top-level domain will provide the domain name server information to the Recursive Resolver
  • afterwards Recursive Resolver will contact the domain name server and through the domain name server’s local DNS will find out the IP address
  • then this IP address is provided to your browser by Recursive Resolver in order to access the web server content via its newly accustomed IP address

How to add AD DS and DNS roles?

In Windows Server 2016 Server Core, both AD DS and DNS are offered as roles which can be added using PowerShell. To add the AD DS and DNS roles to your server, complete the following steps:

  • login to your server by typing your Administrator’s password and pressing Enter
  • type PowerShell at command prompt and press Enter
  • type Install-windowsfeature AD-Domain-Services and press Enter
  • type Import-Module ADDSDeployment and press Enter
  • type Install-ADDSForest
    -DatabasePath “C:\Windows\NTDS”
    -DomainMode “Win2016”
    -DomainName “WS2016SC.local”
    -DomainNetbiosName “WS2016SC”
    -ForestMode “Win2016”
    -LogPath “C:\Windows\NTDS”
    -SysvolPath “C:\Windows\SYSVOL”
    and press Enter
  • provide the name for the domain and press Enter
  • provide the safe mode administrator password and press Enter
  • confirm safe mode administrator password and press Enter
  • type letter Y for Yes and press Enter


  • after the installation is complete the server will restart automatically
  • login to your server by typing your Administrator’s password and pressing Enter
  • type sconfig.cmd and press Enter
  • you’ll notice that the domain is WS2016SC.local


  • type PowerShell at command prompt and press Enter
  • type get-windowsfeature and press Enter
  • use PgUp or PgDn to scroll the list
  • you’ll notice that both the AD DS and DNS roles were added to the server


Note: In a process of adding AD DS role to your server, make sure you add your domain name and related information.

Hope you’ll find this post informative.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s