There are five main Active Directory server roles. These roles are grouped together in the required Active Directory environment, in order to set up and configure Active Directory server roles:
- Active Directory Domain Services (AD DS)
- Active Directory Federation Services (AD FS)
- Active Directory Lightweight Directory Services (AD LDS)
- Active Directory Rights Management Services (AD RMS)
- Active Directory Certificate Services (AD CS)
Since Windows Server 2008, these roles can be installed and configured using Windows Server Manager. It is the same in Windows Server 2016.
Each of these server roles can also be installed and configured using PowerShell. The following PowerShell cmdlets can be used to install Active Directory server roles:
| PowerShell cmdlets | Description |
|
Install-WindowsFeature AD-Domain-Services |
This cmdlet will install the AD DS role. |
|
Install-WindowsFeature AD FS-Federation |
This cmdlet will install the AD FS role. |
|
Install-WindowsFeature ADLDS |
This cmdlet will install AD LDS. |
|
Install-WindowsFeature ADRMS |
This cmdlet will install AD RMS. This role has two subfeatures, which are AD Rights Management Server and Identity Federation Support. If required, these individual roles can be installed using Install-WindowsFeature ADRMS, ADRMS-Server, ADRMS-Identity or Install-WindowsFeature ADRMS -IncludeAllSubFeature. It will install all the subfeatures. |
|
Install-WindowsFeature AD-Certificate |
This cmdlet will install AD CS. This role has six subroles, which are certification authority (ADCS-Cert-Authority), Certificate Enrollment Policy Web Service (ADCS-Enroll-Web-Pol), Certificate Enrollment Web Service (ADCS-Enroll-Web-Svc), Certification Authority Web Enrollment (ADCS-Web-Enrollment), Network Device Enrollment Service (ADCS-Device-Enrollment), and Online Responder (ADCS-Online-Cert). These subfeatures can be added individually or together. |