Afaria Setup: Install roles – Active Directory

Afaria does not necessarily need Active Directory. In fact it works nicely with LDAP or integrated Windows authorization too. As Afaria will be installed on a Windows server and AD is available out of the box, it makes sense to enable AD. Creating later new users for device enrollment is easy as they only have to be added to AD.

To add AD, the corresponding role must be added in the server configuration.

Click on Add roles.

Select Active Directory Domain Services.

AD needs the .NET framework. Therefore, the wizard will present a pop up asking to add this feature too. To do so, select Add Required Features.

After Windows installed AD, it needs to be configured. This is done via dcpromo. The installation wizard offers the option to run this tool directly after the installation finished. If the blue link wasn’t clicked, or promoting the server to a AD server should be done later, this tool can be run from command line at any time.

Open a shell (cmd.exe) and start dcpromo.

The Windows Server 2008 R2 is not part of any other domain. A new domain in a new forest must be created. Here I give as name of the domain tobias.de. Of course any other valid domain name can be chosen, like afariatest.corp.

This finishes the installation and initial configuration of AD. After restart, the Windows Server is an AD domain controller.