This is a set of instructions on how to set up an Active Directory Domain Controller on a Raspberry Pi-4B or Pi-5.
I have included three scripts that will do the main work for you; the text on this page guides you through the process.
I do not recommend that an Active Directory Domain Controller (ADDC) boots from or runs from an SD memory card. An SD memory card is useful in the setting up of the ADDC, but they do not have the longevity required for running 24/7. Both the Pi-4B and Pi-5 can connect to an SSD via USB. The Pi-5 can connect to an NVME SSD via a HAT connected to its PCIe Bus; this is the fastest option at the time of writing.
My previous ADDC ran on a Pi-4B with Raspberry Pi OS (buster) and a USB SSD.
My latest ADDC runs on a Pi-5 with Raspberry Pi OS (bookworm) and an NVMe SSD.
This is a list of hardware that I have used to build my system and produce this procedure. It is meant only as a guide, not as an obligatory parts list.
At a minimum you will require the following:
At a minimum you will require the following:
The above provides options for Pi-4B or Pi-5 and SSD drives.
Building your Pi is outside the scope of this page.
Raspberry Pi Imager - download from raspberrypi.com.
This is available for Windows, macOS, and Ubuntu for x86 platforms.
Install Raspberry Pi Imager on your PC/Mac.
We are now going to write the operating system to the micro-sd card.
Connect the micro-SD card to your PC/Mac.
Run Raspberry Pi Imager.
Select RASPBERRY PI 5 as the device, RASPBERRY PI OS (64-BIT) as the operating system, and the micro-SD card as the storage device, then click on the NEXT button.
When asked if you want to apply OS customisation settings, click on the EDIT SETTINGS button.
You are about to set the hostname, which is the name that will be given to the Pi. It would be wise to choose something meaningful, such as 'DC', 'ADDC', 'Pi-DC'.
You also have to choose a username and password. Remember to use a strong password in order to make it difficult for hackers to gain access.
In the General tab, set the hostname; set the username and password; do not configure the wireless LAN; configure the locale settings if necessary. Click on the SAVE button, followed by the YES button.
When warned that all the data on the micro-SD card will be erased, click on the YES button.
The image is then written to the micro-SD card, and when a message is displayed to inform you that you can remove it, please do so. Click on the CONTINUE button and then close Raspberry Pi Imager.
Ensure that the Pi is powered down and that the following hardware is connected to the Pi:
Apply power to the Pi and wait for it to display the desktop.
We are now going to transfer the operating system to the SSD.
Select Menu -> Accessories -> Raspberry Pi Imager.
Once Raspberry Pi Imager opens, select RASPBERRY PI 5 as the device, RASPBERRY PI OS (64-BIT) as the operating system, and the SSD as the storage device, then click on the NEXT button.
When asked if you want to apply OS customisation settings, click on the YES button.
When warned that all the data on the SSD will be erased, click on the YES button.
If asked to enter a password to overwrite the SSD, type in the password that you used to login, and then click on the AUTHENTICATE button.
The OS is then copied from the micro-sd card to the SSD. Once it has completed, ignore the prompt to remove the micro-sd card, but shutdown the Pi.
Remove the micro-sd card from the Pi, and retain it because, because if something goes wrong, you can just start again from the beginning of this section. It is your 'Get out of Jail free' card!
Restart the Pi, which will perform two more reboots before displaying the desktop.
Resist the temptation to configure anything else at this point; it can be done later. We are about to run a script that will do all the heavy lifting for you; it assumes that the Pi has had no other configuration performed on it.
Insert a blank, formatted USB flash drive into your PC/Mac.
Click here to download pi-addc.zip (version 2, 21 May 2025 14:48 BST) and unzip it to the flash drive. You will see that there now four files on the flash drive.
Eject the flash drive, and then remove it from the PC/Mac and insert it into the PI.
Open File Manager to copy the four files from the flash drive to your Home Folder.
Eject the flash drive in File Manager, and then remove it from the Pi. Put it with the micro-sd card as part of your disaster recovery plan.
Click on the Terminal icon to open a Terminal window. Type in the following commands followed by Return.
chmod 744 *.sh sudo ./setupaddc.sh
The setup script runs and guides you through the setup process. At the end of the script, the Pi is rebooted.
The Pi reboots to the GUI login. Type in your password to enter the desktop.
Click on the Terminal icon to open a Terminal window. Type in the following command followed by Return.
sudo ./testaddc.sh
The test script runs and guides you through the testing process, showing you what result to expect before each test is run. At the end of the script, it displays some useful commands for managing users and groups. You should now have a functioning as a Active Directory Domain Controller.
Now you need to setup your users and groups.
Open File Manager, which should by default display your home directory. Right click on the file named setupsamba.sh, and then select Geany Programmer's Editor, which will open the shell script in the editor. It is much easier to use this editor than vi or nano.
The contents of the file are fairly self-explanatory. It shows you how to add new users, add new groups, and assign users to groups. It makes no attempt to explain why you should do such things because it is outside the scope of this page.
It also shows you how to change the complexity of your passwords, and display the current domain password settings.
If you have a printer on your network then ensure that it is powered up and is ready, otherwise skip this section.
Select Menu -> Preferences -> Print Settings.
In the Print Settings dialog, click on the Add button.
In the Devices box, select Network Printer.
If your printer is not already shown then select Find Network Printer.
Select your printer in the Devices box.
In the Connection box, select your preferred driver.
Click on the Forward button.
Select any options and then click on the Forward button.
Select Print Test Page and confirm that the test page is printed.
Ensure that the printer is shared.
Close the Print Settings dialog.