New-NetFirewallRule -DisplayName "AD Management" -Direction Inbound -Protocol TCP -LocalPort 135,139,445,464,636,3268,3269 -Action Allow $isEnabled = (Get-DeviceGuard).CredentialGuardEnabled if (-not $isEnabled) Write-Host "Enable via Group Policy: Computer Config > Administrative Templates > System > Device Guard"
whoami /fqdn Get-ADDomain ✅ Should show your domain name and domain controller info 4.1 Disable Local Admin (Optional but Recommended) Disable-LocalUser -Name "Administrator" 4.2 Configure Windows Firewall for AD Management Allow required ports (if managing remotely): installing active directory windows 11
Open ADUC → Right-click domain → Find → Search for a user → Result found. Assuming you meant: "I installed RSAT to manage
Windows 11 cannot be a Domain Controller (it runs Server OS only for AD DS). Windows 11 can only join a domain or run RSAT (Remote Server Administration Tools) to manage AD remotely. Assuming you meant: "I installed RSAT to manage AD from Windows 11" Phase 1: Immediate Verification 1.1 Confirm RSAT Installation Open PowerShell as Admin and run: Administrative Templates >
Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0" ✅ Use Windows 11 Pro/Enterprise (Home edition cannot join a domain) ✅ Keep DC reachable – VPN if working remotely ✅ Enable BitLocker on the Windows 11 device for domain credential protection ✅ Document your domain admin account – Store password in a password manager
Would you like a PowerShell script to automate all these post-install steps?