> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/compute/guides-for-server-management/install-active-directory-and-remote-desktop-services-using-powershell.md). # Install Active Directory and Remote Desktop Services using PowerShell *** Active Directory is a directory service from Microsoft that stores user accounts, computers, and other resources. You typically use the service for centralized user management of a company’s users and devices. Remote Desktop Services enables more than two simultaneous logins to the server. In this guide, we essentially strip away all graphical interfaces and perform an installation of Active Directory (AD) and Remote Desktop Services (RDS) via PowerShell. We assume you are running at least PowerShell 5.0; to confirm this, enter the following in your PowerShell window: {% code title="Command" %} ``` $PSversionTable ``` {% endcode %} This should output something similar to this: {% code title="Output" %} ``` Name Value ---- ----- PSVersion 5.1.14393.1715 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.14393.1715 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 ``` {% endcode %} ## Things to consider Active Directory should **always** be installed on a freshly provisioned server. This is a Microsoft requirement if you want to receive support from them. During the AD installation, we will also set a password for Directory Services Restore Mode (DSRM). It is crucial to save this password because it is used to access your AD if you ever need to start the server in Directory Services Restore Mode. After you have finished installing AD and RDS, we strongly recommend that you review [Secure Active Directory with Windows Firewall](/products/compute/guides-for-server-management/secure-active-directory-with-windows-firewall.md). **The firewall rules for AD and RDS are created automatically and opened on your public network interface, which exposes you to remote exploits and can be abused in denial‑of‑service attacks.** ## Tips on naming your Active Directory How you should name your Active Directory isn’t always obvious, and there are a few pitfalls you should avoid that could cause trouble later on. Here are some recommendations to keep in mind: * Avoid using a top‑level domain (TLD) as the name unless it’s required—for example, don’t use `glesys.se`. * Don’t use a domain you don’t own, such as `rds.microsoft.com`. * Reserve `.local`, `.lan`, and `.internal` for testing only. These TLDs are not standardized and can cause problems in production environments. * Long strings like `i.like.long.sub.domains.glesys.se` become cumbersome to type over time. * Consider the server’s hostname as well. Stick to plain letters a‑z and numbers 0‑9, and avoid hyphens or special characters. The list can get lengthy, but in short the safest choice is to use a sub‑domain of a domain you own—for example, `rds.glesys.se` in our case. If you’d like to read more about best practices for AD domain names, see Microsoft’s guidance here:\ ## Installing Active Directory In this guide, we have named our server **DC01,** and we will use `rds.glesys.se` as the domain. Start by opening PowerShell with administrative privileges and entering the following command to install the service: {% code title="Command" %} ``` Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools ``` {% endcode %} When the installation is complete, you should see the following output: {% code title="Output" %} ``` Success Restart Needed Exit Code Feature Result ------- -------------- --------- -------------- True No Success {Active Directory Domain Services, Group P... ``` {% endcode %} ## Configuring Active Directory When the AD installation is finished, you need to set up a new forest. You do that with the command below. **Be sure to adjust the values so they match your server!** {% code title="Command" %} ``` Install-ADDSForest -DomainName "rds.glesys.se" -DomainNetbiosName "rds" -NoRebootOnCompletion:$false -Force ``` {% endcode %} **Be prepared to be prompted for the DSRM password.** Once the forest setup is complete, the server will automatically log you out and restart. Wait until the server has rebooted, then log back in via Remote Desktop. ## Installing Remote Desktop Services Now we come to the part where we are forced to use the graphical interface. This is necessary because we will place the *Connection Broker* and *Session Host* roles on the same server as Active Directory. Normally, this isn’t the recommended approach—you’d ideally separate the services onto multiple servers—but the graphical interface allows us to perform the installation, so we’ll use it for now. Start by opening **Server Manager**, clicking **Manage**, and then selecting **Add Roles and Features**. Click **Next** in the **Before You Begin** dialog.
In the *Installation Type* step, select **Remote Desktop Services installation** and click **Next**.
In the *Deployment Type* step, choose **Quick Start**.
In the *Deployment Scenario* step, choose **Session‑based desktop deployment**.
In the *Server Selection* step, your server should appear in the **Selected** list. If it isn’t there, add it to the list.
Finally, on the *Confirmation* screen, check the **Restart the destination server automatically if required** option, then click the **Deploy** button.
## Installation and configuration of the licence server Now it’s time to install and configure the license server, so open a new PowerShell window and enter the following: {% code title="Command" %} ``` Install-WindowsFeature RDS-Licensing, RDS-Licensing-UI ``` {% endcode %} After installation is complete, you need to configure where it should retrieve licenses. In this case, it will do so locally. **Be sure to adjust the values so they match your server!** {% code title="Command" %} ``` Set-RDLicenseConfiguration -LicenseServer dc01.rds.glesys.se -Mode PerUser -ConnectionBroker dc01.rds.glesys.se -Force ``` {% endcode %} You also need to grant the necessary permissions so that the server can issue licenses: {% code title="Multiple commands" %} ``` Add-ADGroupMember -Identity "Terminal Server License Servers" -Members "DC01$" net localgroup "Terminal Server License Servers" /Add 'Network Service' ``` {% endcode %} Last but not least, restart the server. {% code title="Command" %} ``` Restart-Computer -Force ``` {% endcode %} ## All done, and a final step The installation and configuration of Active Directory and Remote Desktop Services is now complete. Next, contact our support team and let us know how many licenses you require. To install those licenses, we’ll need access to an account with administrative privileges. ## Questions If you have any further questions or concerns about Remote Desktop Services or Active Directory, please don’t hesitate to get in touch with us. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.glesys.com/products/compute/guides-for-server-management/install-active-directory-and-remote-desktop-services-using-powershell.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.