Active Directory Tips - DNS and Permissions

I was fiddling with a lab computer today installing Windows 2019 Server Standard and configuring it to be an Active Directory Domain Services server. When adding that role to the server, I also included DNS and the setup automatically configured the DNS for me and it works perfectly with AD. Previously, I had installed DNS first, then installed the AD role, but at that point DNS was missing a lot of key entries to support the AD service. So, lesson learned there.

I also noticed weird behaviour with the Administrator account after the server had been promoted to a domain controller. Little things like not being able to edit the desktop icons under Themes and having difficulty getting to the Network Adapter settings. The answer is to run gpedit.msc and under Computer Configuration -> Window Settings -> Security Settings -> Local Policies -> Security Options to enable the "User Account Control: Admin Approval Mode for the Built-in Administrator Account". Once that was set and after a reboot, everything worked fine on my domain controller for the Administrator account.