Active Directory Step-by-Step Task Guide:

Complete Administration, DNS/DHCP,

Backup/Restore & FSMO Management
This comprehensive guide provides detailed step-by-step procedures for all Active
Directory administrative tasks, including DNS/DHCP management, backup/restore
operations, and FSMO role transfer/seizure methods.

Part 1: Active Directory Domain Services Setup &

Configuration

Step 1: Server Preparation

1. Configure Static IP Address

a. Open Control Panel → Network and Sharing Center
b. Click Change adapter settings
c. Right-click network adapter → Properties
d. Select Internet Protocol Version 4 (TCP/IPv4) → Properties
e. Select Use the following IP address
f. Enter: IP address, Subnet mask, Default gateway
g. Set Preferred DNS server to the server's own IP address
h. Click OK → OK → Close
2. Set Computer Name
a. Press Windows + R → type sysdm.cpl → Enter
b. Click Change → Enter desired computer name
c. Click OK → OK → Restart when prompted

Step 2: Install Active Directory Domain Services

1. Open Server Manager

a. Click Start → Server Manager
2. Add AD DS Role
a. Click Manage → Add Roles and Features
 b. Click Next (Before You Begin)
c. Select Role-based or feature-based installation → Next
d. Select destination server → Next
e. Check Active Directory Domain Services
f. Click Add Features when prompted → Next
g. Click Next (Features page)
h. Click Next (AD DS information page)
i. Click Install
j. Wait for installation to complete → Close

Step 3: Promote Server to Domain Controller

1. Start Domain Controller Promotion

a. In Server Manager, click the notification flag
b. Click Promote this server to a domain controller
2. Deployment Configuration
a. Select Add a new forest (for new domain)
b. Enter Root domain name (e.g., company.local)
c. Click Next
3. Domain Controller Options
a. Select Forest functional level and Domain functional level
b. Ensure Domain Name System (DNS) server is checked
c. Enter Directory Services Restore Mode (DSRM) password
d. Confirm password → Next
4. DNS Options
a. Click Next (accept default NetBIOS name)
5. Additional Options
a. Verify database, log files, and SYSVOL folder paths
b. Click Next
6. Prerequisites Check
a. Review warnings (DNS delegation warnings are normal)
b. Click Install
c. Server will automatically restart
Part 2: Active Directory Users and Computers (ADUC)
Tasks

Step 1: Create Organizational Units (OUs)

1. Open ADUC
a. Server Manager → Tools → Active Directory Users and Computers
2. Create OU Structure
a. Right-click domain name → New → Organizational Unit
b. Enter OU name (e.g., "Departments") → OK
c. Repeat for additional OUs (Users, Computers, Groups, etc.)

Step 2: Create User Accounts

1. Navigate to Target OU
a. Expand domain → Click target OU
2. Create New User
a. Right-click in empty space → New → User
b. Enter *First name, **Last name, *User logon name
c. Click Next
d. Enter Password → Confirm password
e. Set password options (must change at next logon, etc.)
f. Click Next → Finish

Step 3: Create Security Groups

1. Navigate to Groups OU
a. Click Groups OU
2. Create New Group
a. Right-click → New → Group
b. Enter Group name
c. Select Group scope (Domain Local, Global, Universal)
d. Select Group type (Security or Distribution)
e. Click OK
Step 4: Manage User Properties

1. Access User Properties

a. Right-click user account → Properties
2. Configure User Settings
a. General tab: Contact information
b. Account tab: Logon hours, account expiration
c. Profile tab: Profile path, home directory
d. Member Of tab: Add to security groups
e. Click OK

Part 3: Group Policy Management

Step 1: Open Group Policy Management Console

1. Launch GPMC
a. Server Manager → Tools → Group Policy Management

Step 2: Create Group Policy Object

1. Create New GPO

a. Expand Forest → Domains → [Domain Name]
b. Right-click Group Policy Objects → New
c. Enter GPO Name → OK
2. Link GPO to OU
a. Right-click target OU → Link an Existing GPO
b. Select the GPO → OK

Step 3: Edit Group Policy

1. Open GPO Editor

a. Right-click GPO → Edit
2. Configure Policies
a. Navigate through Computer Configuration or User Configuration
b. Expand Policies → Administrative Templates
c. Configure desired settings
d. Close editor when complete
Part 4: DNS Management Tasks

Step 1: DNS Server Configuration

1. Open DNS Manager

a. Server Manager → Tools → DNS
2. Configure Forward Lookup Zone
a. Expand server → Forward Lookup Zones
b. Right-click zone → Properties
c. General tab: Configure zone type and replication
d. Start of Authority (SOA) tab: Set refresh intervals
e. Click OK

Step 2: Create DNS Records

1. Create A Record
a. Right-click forward lookup zone → New Host (A or AAAA)
b. Enter Name and IP address
c. Check Create associated pointer (PTR) record
d. Click Add Host → Done
2. Create CNAME Record
a. Right-click zone → New Alias (CNAME)
b. Enter Alias name and Fully qualified domain name
c. Click OK

Step 3: Configure Reverse Lookup Zone

1. Create Reverse Zone

a. Right-click Reverse Lookup Zones → New Zone
b. Follow wizard: *Primary zone, *Store zone in Active Directory
c. Enter network ID → Next → Finish

Part 5: DHCP Server Configuration

Step 1: Install DHCP Server Role

1. Add DHCP Role

 a. Server Manager → Add Roles and Features
b. Select DHCP Server → Add Features → Install
2. Complete DHCP Configuration
a. Click notification flag → Complete DHCP configuration
b. Click Commit → Close

Step 2: Create DHCP Scope

1. Open DHCP Console

a. Server Manager → Tools → DHCP
2. Create New Scope
a. Right-click IPv4 → New Scope
b. Enter Scope Name → Next
c. Set Start IP and End IP addresses
d. Set Subnet mask → Next
e. Configure exclusions if needed → Next
f. Set Lease duration → Next
g. Configure DHCP options (Router, DNS servers) → Next
h. Yes, activate scope now → Next → Finish

Step 3: Configure DHCP Options

1. Set Scope Options

a. Expand scope → Right-click Scope Options → Configure Options
b. Check 003 Router → Enter gateway IP
c. Check 006 DNS Servers → Enter DNS server IPs
d. Click OK

Part 6: Backup and Restore Procedures

Step 1: Active Directory System State Backup

1. Install Windows Server Backup

a. Server Manager → Add Roles and Features
b. Features → Check Windows Server Backup → Install
2. Perform Backup
a. Server Manager → Tools → Windows Server Backup
b. Click Backup Once (right panel)
 c. Select Different options → Next
d. Select Custom → Next
e. Click Add Items → Check System state → OK → Next
f. Choose Local drives or Remote shared folder
g. Select destination → Next → Backup

Step 2: DNS Zone Backup

1. Export DNS Zone

a. Open DNS Manager
b. Right-click zone → Export Zone
c. Choose file location and name
d. Click Save
2. Registry Backup Method
a. Press Windows + R → type regedit → Enter
b. Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS
c. Right-click DNS → Export
d. Save registry file

Step 3: DHCP Database Backup

1. Export DHCP Configuration

a. Open Command Prompt as Administrator
b. Run: netsh dhcp server export C:\DHCPBackup.txt all
2. Manual Backup Method
a. Stop DHCP Server service
b. Copy %SystemRoot%\System32\dhcp folder
c. Restart DHCP Server service

Step 4: Group Policy Backup

1. Backup Individual GPO

a. Open Group Policy Management
b. Right-click GPO → Back Up
c. Choose backup location → Back Up
2. Backup All GPOs
a. Right-click Group Policy Objects → Back Up All
 b. Select folder → Back Up

Step 5: Active Directory Restore Procedures

1. Non-Authoritative Restore
a. Restart server and press F8
b. Select Directory Services Restore Mode
c. Log in with DSRM password
d. Open Windows Server Backup
e. Click Recover → Select backup
f. Choose System state → Original location → Recover
g. Restart normally
2. Authoritative Restore
a. Perform non-authoritative restore first
b. Before restarting, open Command Prompt
c. Run: ntdsutil
d. Type: authoritative restore
e. Type: restore database (for entire database)
f. Or: restore object "CN=UserName,OU=Users,DC=domain,DC=com"
g. Type: quit → quit
h. Restart server

Step 6: DNS and DHCP Restore

1. DNS Zone Restore

a. Stop DNS Server service
b. Delete corrupted zone files from %SystemRoot%\System32\dns
c. Copy backup zone files
d. Restart DNS Server service
2. DHCP Restore
a. Stop DHCP Server service
b. Run: netsh dhcp server import C:\DHCPBackup.txt all
c. Restart DHCP Server service
Part 7: FSMO Role Management

Step 1: Identify FSMO Role Holders

1. Check Current FSMO Holders

a. Open Command Prompt as Administrator
b. Run: netdom query fsmo
2. Detailed FSMO Information
a. Schema Master: regsvr32 schmmgmt.dll → mmc → Add Schema snap-in
b. *Domain Naming Master: *Active Directory Domains and Trusts → Right-click
root → Operations Masters
c. *RID/PDC/Infrastructure: *Active Directory Users and Computers → Right-
click domain → Operations Masters

Step 2: Transfer FSMO Roles (Graceful)

1. Transfer Schema Master

a. Run: regsvr32 schmmgmt.dll
b. Open MMC → File → Add/Remove Snap-in
c. Add Active Directory Schema → OK
d. Right-click Active Directory Schema → Change Active Directory Domain
Controller
e. Select target DC → OK
f. Right-click Active Directory Schema → Operations Master
g. Click Change → Yes → OK
2. Transfer Domain Naming Master
a. Open Active Directory Domains and Trusts
b. Right-click root → Change Active Directory Domain Controller
c. Select target DC → OK
d. Right-click root → Operations Masters
e. Click Change → Yes → Close
3. Transfer RID, PDC, Infrastructure Masters
a. Open Active Directory Users and Computers
b. Right-click domain → Change Active Directory Domain Controller
c. Select target DC → OK
d. Right-click domain → Operations Masters
e. Select appropriate tab (*RID, **PDC, or *Infrastructure)
f. Click Change → Yes → Close
Step 3: Seize FSMO Roles (Forced)

Warning: Only seize roles when the current holder is permanently offline

1. Using NTDSUTIL
a. Open Command Prompt as Administrator
b. Run: ntdsutil
c. Type: roles
d. Type: connections
e. Type: connect to server [TargetDCName]
f. Type: quit
2. Seize Specific Roles
a. Type one of the following:
i. seize schema master
ii. seize domain naming master
iii. seize pdc
iv. seize rid master
v. seize infrastructure master
b. Type: quit → quit
3. Post-Seizure Cleanup
a. If the old role holder comes back online, demote it immediately
b. Run: dcdiag /test:knowsofroleholders /v to verify
c. Use ntdsutil metadata cleanup if needed

Step 4: Verify FSMO Role Transfer/Seizure

1. Verify Role Assignment

a. Run: netdom query fsmo
b. Confirm all roles are on intended servers
2. Test Role Functionality
a. PDC: Change a user password
b. RID: Create a new user account
c. Infrastructure: Check cross-domain references
d. Domain Naming: Try adding a new domain (test environment)
e. Schema: Attempt schema modification (test environment)
Part 8: Advanced Active Directory Tasks

Step 1: Active Directory Sites and Services

1. Create New Site

a. Open Active Directory Sites and Services
b. Right-click Sites → New Site
c. Enter Site name → Select DEFAULTIPSITELINK → OK
2. Create Subnet
a. Right-click Subnets → New Subnet
b. Enter Prefix (e.g., 192.168.1.0/24)
c. Select Site → OK
3. Move Domain Controller
a. Expand Sites → Default-First-Site-Name → Servers
b. Drag DC to new site

Step 2: Configure Replication

1. Create Site Link

a. Expand Inter-Site Transports → IP
b. Right-click → New Site Link
c. Enter name → Add sites → Set Cost and Replication interval
d. Click OK
2. Force Replication
a. Right-click NTDS Settings under DC → Replicate Now

Step 3: AD Recycle Bin Configuration

1. Enable Recycle Bin

a. Open Active Directory Administrative Center
b. Click domain name in left panel
c. Click Enable Recycle Bin in Tasks panel
d. Click OK to confirm
2. Restore Deleted Objects
a. In *ADAC, click *Deleted Objects container
b. Right-click deleted object → Restore
This comprehensive guide covers all essential Active Directory administrative tasks with
detailed step-by-step procedures. Each section builds upon previous configurations and
provides the foundation for enterprise-level directory service management.