This document introduces how to set up an Active Directory (AD) domain based on a Windows server 2012 R2 data center version 64-bit operating system. Active Directory (AD) is a core component of Microsoft services. AD can achieve efficient management through batch management of users, deploying applications and updating patches. An AD domain is required for many Microsoft components (such as Exchange) and failover clusters.
example.com. The IP address of the CVM instance used as the DC is
10.0.5.102, while the IP address of another instance is
After setting up the AD domain, keep the IP address of the CVM instances unchanged.
The main concepts of AD are listed below:
It's not recommended to create an instance with an image whose source instance is already deployed with a domain controller. If you do need to use this image, please be sure that the host name of new instance is the same as the host name of source instance of the image. Otherwise, an error The security database on the server is not trusted can be reported. You can also change the new instance name to the same hostname after the instance creation to solve this problem.
Modify the SID of the instance used as the client. For details, see Modifying SID.
Log in to the CVM instance used as the client.
Modify the DNS server address.
i. Open Control Panel > Network and Internet > Network and Sharing Center, and click Ethernet, .
ii. In the Ethernet Status window, click Properties.
iii. Select Internet Protocol Version 4 (TCP/IPv4) in the "Ethernet Properties" window and click Properties.
iv. In the Internet Protocol Version 4 (TCP/IPv4) Properties window, select Use the following DNS server address and set the preferred DNS server address (
10.0.5.102 in this example) as the IP address of the instance.
In the step of Deploying AD domain controller, AD domain service and DNS service are deployed on the same CVM instance (IP:
10.0.5.102), so the address of the DNS server specified here is
v. Click Ok.
In the cmd window, execute the following
ping command to check whether the IP address is connected.
Open Control Panel > System and Security > System, and click Change Settings in the "System" window.
In the pop-up System Properties window, click Change.
In the pop-up Computer Name/Domain Change window, modify the computer name as required, and set
example.com as the domain.
In the pop-up Windows Security, enter the username and login password of the instance, and click OK.
The client successfully joins the domain when the following window pops up.
Click Ok, and restart the instance for the configuration to take effect.
If the CVM instance that works as the client has joined a domain, don’t use it to create the custom image, which can cause the error The security database on the server is not trusted. If you do need to create an image for this instance, remove the instance from the domain first.