2019 domain controllers

13th November 2020

Since everyone is going to Window 10 workstations we need Server 2019 domain controller to get all the newest, coolest Group Policy Objects, right?

Microsoft recommends that you add new domain controllers instead of upgrading the OS on your existing domain controllers. Probably because that means you need to buy more licenses.

Steps:

install windows 2019 on a VM, remember to install the vmware tools latest version.

install all updates, then install new Edge browser, and Windows Admin Center (its cool)

*make sure you log in with an account that has Enterprise admin and schema admin group membership for this next step

then you are ready to add roles, Active Directory Domain services, DHCP and DNS. DNS will auto replicate to all DCs but DHCP will take more manual intervention.

more info https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-add-a-domain-controller-to-an-existing-domain.html

you will get a warning about DC’s allowing NT4 encryption protocols, create this registry key and that will be solved next reboot. https://docs.microsoft.com/en-us/services-hub/health/remediation-steps-ad/disable-the-allownt4crypto-setting-on-all-affected-domain-controllers

*Don’t forget to add the section on how to do the DHCP replication… zzzzzzzzz