Install Active Directory and Remote Desktop Services using PowerShell

Active Directory is a directory service from Microsoft that stores user accounts, computers, and other resources. You typically use the service for centralized user management of a company’s users and devices.

Remote Desktop Services enables more than two simultaneous logins to the server.

In this guide, we essentially strip away all graphical interfaces and perform an installation of Active Directory (AD) and Remote Desktop Services (RDS) via PowerShell. We assume you are running at least PowerShell 5.0; to confirm this, enter the following in your PowerShell window:

$PSversionTable

This should output something similar to this:

Name                           Value
----                           -----
PSVersion                      5.1.14393.1715
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.1715
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Things to consider

Active Directory should always be installed on a freshly provisioned server. This is a Microsoft requirement if you want to receive support from them.

During the AD installation, we will also set a password for Directory Services Restore Mode (DSRM). It is crucial to save this password because it is used to access your AD if you ever need to start the server in Directory Services Restore Mode.

After you have finished installing AD and RDS, we strongly recommend that you review Secure Active Directory with Windows Firewall. The firewall rules for AD and RDS are created automatically and opened on your public network interface, which exposes you to remote exploits and can be abused in denial‑of‑service attacks.

Tips on naming your Active Directory

How you should name your Active Directory isn’t always obvious, and there are a few pitfalls you should avoid that could cause trouble later on. Here are some recommendations to keep in mind:

• Avoid using a top‑level domain (TLD) as the name unless it’s required—for example, don’t use glesys.se.

• Don’t use a domain you don’t own, such as rds.microsoft.com.

• Reserve .local, .lan, and .internal for testing only. These TLDs are not standardized and can cause problems in production environments.

• Long strings like i.like.long.sub.domains.glesys.se become cumbersome to type over time.

• Consider the server’s hostname as well. Stick to plain letters a‑z and numbers 0‑9, and avoid hyphens or special characters.

The list can get lengthy, but in short the safest choice is to use a sub‑domain of a domain you own—for example, rds.glesys.se in our case.

If you’d like to read more about best practices for AD domain names, see Microsoft’s guidance here: https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx

Installing Active Directory

In this guide, we have named our server DC01, and we will use rds.glesys.se as the domain.

Start by opening PowerShell with administrative privileges and entering the following command to install the service:

When the installation is complete, you should see the following output:

Configuring Active Directory

When the AD installation is finished, you need to set up a new forest. You do that with the command below. Be sure to adjust the values so they match your server!

Be prepared to be prompted for the DSRM password.

Once the forest setup is complete, the server will automatically log you out and restart. Wait until the server has rebooted, then log back in via Remote Desktop.

Installing Remote Desktop Services

Now we come to the part where we are forced to use the graphical interface. This is necessary because we will place the Connection Broker and Session Host roles on the same server as Active Directory. Normally, this isn’t the recommended approach—you’d ideally separate the services onto multiple servers—but the graphical interface allows us to perform the installation, so we’ll use it for now.

Start by opening Server Manager, clicking Manage, and then selecting Add Roles and Features.

Click Next in the Before You Begin dialog.

In the Installation Type step, select Remote Desktop Services installation and click Next.

In the Deployment Type step, choose Quick Start.

In the Deployment Scenario step, choose Session‑based desktop deployment.

In the Server Selection step, your server should appear in the Selected list. If it isn’t there, add it to the list.

Finally, on the Confirmation screen, check the Restart the destination server automatically if required option, then click the Deploy button.

Installation and configuration of the licence server

Now it’s time to install and configure the license server, so open a new PowerShell window and enter the following:

After installation is complete, you need to configure where it should retrieve licenses. In this case, it will do so locally. Be sure to adjust the values so they match your server!

You also need to grant the necessary permissions so that the server can issue licenses:

Last but not least, restart the server.

All done, and a final step

The installation and configuration of Active Directory and Remote Desktop Services is now complete. Next, contact our support team and let us know how many licenses you require. To install those licenses, we’ll need access to an account with administrative privileges.

Questions

If you have any further questions or concerns about Remote Desktop Services or Active Directory, please don’t hesitate to get in touch with us.