How to Set Up Active Directory on a Windows Server VPS: Step-by-Step

Active Directory is the backbone of Windows network management. It handles user authentication, group policies, DNS, and centralized administration for everything from small offices to enterprise networks. And you do not need on-premise hardware to run it.

Setting up Active Directory on a Windows Server VPS gives you all the benefits of centralized identity management without buying, racking, and maintaining physical servers. This guide walks through the complete setup from a fresh Windows Server installation to a fully functional domain controller.

Traditional Active Directory runs on a physical server in your office closet. That works until it does not — power outages, hardware failures, and the fact that someone has to physically maintain it.

Running AD on a VPS gives you:

• 99.9 percent uptime backed by the hosting provider SLA
• No hardware to buy, maintain, or eventually replace
• Accessible from any office location or remote worker
• Easy to snapshot and back up the entire domain controller
• Scale up resources (RAM, CPU) without buying new hardware

For small to medium businesses with 5-100 users, a VPS-based domain controller is often the smarter choice than on-premise hardware.

Before you start, you need:

• A Windows Server VPS with at least 4 GB RAM and 2 CPU cores (8 GB recommended for 20+ users)
• Windows Server 2022 or 2025 — Standard or Datacenter edition
• A static IP address (your VPS provider assigns this)
• A domain name you own (for the AD domain name, though you can use a .local domain)
• Administrator access to the server

A Windows Server VPS with 8 GB RAM handles Active Directory for up to 50 users comfortably. AD itself is not resource-heavy — it is the additional services (DNS, DHCP, Group Policy processing) that add up.

Your domain controller needs a static IP address. On most VPS providers, this is already configured. Verify it:

Open PowerShell as Administrator and run:

Get-NetIPConfiguration

Confirm you have a static IP, not DHCP. Then set a proper hostname:

Rename-Computer -NewName DC01 -Restart

The server will reboot. Choose a hostname that identifies this as a domain controller — DC01, AD-PRIMARY, or similar.

Open Server Manager (it launches automatically on login) and follow these steps:

1. Click Manage then Add Roles and Features
2. Click Next through the wizard until you reach Server Roles
3. Check Active Directory Domain Services
4. Accept the additional features that are required
5. Click Next through the remaining screens and then Install
6. Wait for the installation to complete — this takes 2-5 minutes

Alternatively, do it in PowerShell which is faster:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

After installing AD DS, you need to promote the server to a domain controller. This is where you create your domain.

In Server Manager, click the notification flag (yellow warning triangle) and select Promote this server to a domain controller.

Choose Add a new forest and enter your domain name. For example: company.local or if you own a real domain, ad.yourcompany.com.

A note on domain naming: Using a .local domain is simpler but can cause issues with macOS devices (which use .local for Bonjour). Using a subdomain of a real domain you own (ad.company.com) is the modern best practice.

Set the Forest and Domain Functional Level to Windows Server 2016 or higher. Set a Directory Services Restore Mode (DSRM) password — write this down and store it securely. You will need it for disaster recovery.

Click through the remaining options (DNS will be installed automatically) and let the promotion complete. The server will reboot.

After reboot, log in with DOMAIN\Administrator (using your domain name). Open PowerShell and verify:

Get-ADDomainController

You should see your server listed as a domain controller. Also verify DNS is working:

Resolve-DnsName company.local

If both commands return results, your domain controller is operational.

Now build your directory structure. Organizational Units (OUs) are folders that organize your users, computers, and groups.

A typical structure looks like this:

• company.local (root)
• Staff (OU) — all employee accounts
• IT (sub-OU)
• Sales (sub-OU)
• Finance (sub-OU)
• Servers (OU) — server computer accounts
• Workstations (OU) — employee computer accounts
• Groups (OU) — security and distribution groups

Create OUs in PowerShell:

New-ADOrganizationalUnit -Name 'Staff' -Path 'DC=company,DC=local'

New-ADOrganizationalUnit -Name 'IT' -Path 'OU=Staff,DC=company,DC=local'

Create users:

New-ADUser -Name 'John Smith' -SamAccountName jsmith -UserPrincipalName [email protected] -Path 'OU=IT,OU=Staff,DC=company,DC=local' -AccountPassword (ConvertTo-SecureString 'TempP@ss123' -AsPlainText -Force) -Enabled $true

Group Policies are where Active Directory becomes powerful. You can enforce settings across all domain-joined machines from one place.

Open Group Policy Management (gpmc.msc) and create policies for:

• Minimum password length: 12 characters
• Password complexity: enabled
• Maximum password age: 90 days
• Account lockout after 5 failed attempts

• Prevent users from installing software (if needed)
• Map network drives automatically on login
• Set default browser homepage
• Configure Windows Update settings

• Disable USB storage devices on workstations
• Enable audit logging for login events
• Restrict access to Control Panel for standard users
• Force screen lock after 10 minutes of inactivity

Group Policies apply automatically when users log in or when computers start up. Changes propagate across the domain within 90 minutes by default, or immediately with gpupdate /force.

For remote workers connecting via VPN, or office machines on the same network, joining the domain is straightforward:

1. On the client machine, set the DNS server to your domain controller IP address
2. Open System Properties and click Change next to the computer name
3. Select Domain and enter your domain name (company.local)
4. Enter domain admin credentials when prompted
5. Reboot the client machine

After joining, users log in with their domain credentials and all Group Policies apply automatically.

A domain controller failure can lock everyone out of the network. Backups are critical.

• Take VPS snapshots before any major changes — most providers offer this
• Run Windows Server Backup daily targeting the System State
• Store backups off-server — use a separate VPS or cloud storage
• Document your DSRM password and store it in a secure location outside the domain
• For production environments, run a second domain controller for redundancy

If you have more than 10 users depending on Active Directory, run two domain controllers. AD replicates between them automatically, so if one goes down, the other keeps authentication working.

Active Directory on a VPS has a few specific considerations:

• RAM matters most — AD caches the database in memory. More RAM means faster lookups
• SSD storage is essential — the AD database (NTDS.dit) needs fast random I/O
• DNS queries are constant — every domain-joined machine queries your DC for DNS. Ensure adequate network bandwidth
• Disable unnecessary Windows features — a domain controller should not run other roles if possible

For 5-20 users, 4 GB RAM is sufficient. For 20-50 users, go with 8 GB. For 50-100 users, 16 GB and consider a dedicated server for guaranteed resources.

• Running AD on the same server as your web application — keep domain controllers dedicated
• Not setting up a secondary DNS server — if your DC goes down, all DNS resolution fails
• Using a flat OU structure — organize from the start, restructuring later is painful
• Forgetting to document the DSRM password — you will need it eventually
• Not testing Group Policies on a test OU first — a bad GPO can lock out your entire domain

Once your domain controller is running, you can expand with:

• Azure AD Connect — sync your on-premise AD with Microsoft 365 for hybrid identity
• RADIUS authentication — use AD credentials for VPN and WiFi authentication
• Certificate Services — issue SSL certificates and smart card authentication from your own CA
• Federation Services (ADFS) — enable single sign-on for web applications

Active Directory is a foundation you build on. Start with basic user management and Group Policies, then add services as your needs grow. The VPS gives you the flexibility to scale resources as your directory expands without replacing hardware.

Ready to Deploy?

Get a high-performance VPS with instant setup, full root access, and 24/7 support.