Diberdayakan oleh Blogger.
» » » Windows Server 2012 - promotion of a domain controller (command line)

Windows Server 2012 - promotion of a domain controller (command line)

Tips and Tricks , Windows Installation and Recovery
Rabu, 16 September 2015
Belum ada komentar
Promotion of a server to domain controller
and creation of a domain


There's all kinds of aspects of Windows 2012 to examine. In this second post on the subject, I want to take a look at the creation of a domain controller.

The process is quite different from previous Windows server versions: dcpromo is no longer used.

Since there are numerous articles on the subject concentrating on the GUI, I want to configure the domain controller strictly from the command line. I'm not the first person to do this either, but I discovered a number of changes that might interest the reader.

I'm using the full installation (versus Server Core) so I can take snapshots of the results but the configuration itself will be 100% command line.

Here is my starting point...

I have installed Windows Server 2012 and have configured nothing else.

I open Powershell as shown:
 
 

Then I proceed as follows.



1. Configuring the IP address


I discover that the netsh command I use for IP address configuration does not work:


netsh interface ip set address "Local Area Connection" static 10.1.1.10 255.0.0.0 10.1.1.2

Failed to configure the DHCP service. The interface may be disconnected. The system cannot find the file specified.

 
Let's take a look at the interface. I enter the following text in the "run" box: ncpa.cpl

Windows 2012 names the network connection "Ethernet" rather than "Local Area Connection".




Note: if we insist on a command-line only approach, we can obtain the same information like this:


netsh interface ipv4 show interfaces

[...]
 
Name
.........
Loopback Pseudo-Interface 1
Ethernet


In any case, this command works:


netsh interface ipv4 set address "Ethernet" static 10.1.1.10 255.0.0.0 10.1.1.2


We can verify the results with ipconfig:


PS C:\> ipconfig

[...]

  • Link-local IPv6 Address . . . . . : fe80::20a2:f095:4940:cae%12
  • IPv4 Address. . . . . . . . . . . : 10.1.1.10
  • Subnet Mask . . . . . . . . . . . : 255.0.0.0
  • Default Gateway . . . . . . . . . : 10.1.1.2

(Bullets added)




2. Server Name


This command does not work as with past server operating systems:


PS C:\> netdom /renamecomputer %computername% /newname:DC-001

Unable to connect to the computer %computername%

The error code is 53.

The network path was not found.

The command failed to complete successfully.


But this does...


PS C:\> hostname

WIN-11LPCUEATPE

netdom /renamecomputer WIN-11LPCUEATPE /newname:DC-001

This operation will rename the computer WIN-11LPCUEATPE to DC-001.



The shutdown command still works for restart:

shutdown /r



Notes:

 We cannot join the server to a domain since there is none at this point. Indeed, this server will be the first domain controller.

There is no need to configure DNS before - the AD DS installation process will trigger DNS installation (mandatory for Active Directory).



Let's compare the roles installed before and after.

Get-WindowsFeature | where {$_.InstallState -eq "Installed"}

 
The image is poor but we already have, in particular:

  • .NET Framework 4.5
  • Powershell 3.0



3. Installing files for Active Directory Domain Services


We must first install the AD DS role:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools









  • Active Directory Domain Services
  • Group Policy Management


Note: DNS will be installed during the promotion of the server to a domain controller.

Note: Install-WindowsFeature is equivalent to (and replaces) the Add-WindowsFeature cmdlet:

Install-WindowsFeature




4. Promoting the server to a domain controller.

In this case, we are creating our first domain (and first forest) by promoting the server to a domain controller. In other scenarios, the parameters and values may differ. In this case, however, the command is rather simple and requires the following elements:


  • The cmdlet "Install-ADDSForest". Since this is the first forest, we will use this cmdlet.
  • The parameter "-DomainName". The domain (and in this case, forest) must have a name.
  • The parameter "-SafeModeAdministratorPassword".
  • The parameter  "-DomainMode"
  • The parameter  "-ForestMode"


 
Note: please see the references (end of post) for details on the many other options. Once again, my objective is to explore various aspects of Windows Server 2012 and share my experiences with it, rather than rewrite existing documentation.


PS C:\> Install-ADDSForest -DomainName mydomain.biz -SafeModeAdministratorPassword (read-host -prompt "Password:" -assecurestring) -DomainMode Win2008R2 -ForestMode Win2008R2

Password:: *********

The target server will be configured as a domain controller and restarted when this operation is complete.

Do you want to continue with this operation?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A


Several messages display...


WARNING: Windows Server 2012 domain controllers have a default for the security setting named "Allow cryptographyalgorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.For more information about this setting, see Knowledge Base article 942564
(http://go.microsoft.com/fwlink/?LinkId=104751).


WARNING: A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "mydomain.biz". Otherwise, no action is required.

 
Indeed, no action is required. The setup program configures DNS as needed for AD.

ipconfig /all shows that setup designated the new domain controller as its own DNS server by entering the "loopback" address (both ipv4 and ipv6 for that matter):


[... snip]

Link-local IPv6 Address . . . . . : fe80::20a2:f095:4940:cae%12(Preferred)

IPv4 Address. . . . . . . . . . . : 10.1.1.10(Preferred)

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.1.1.2

[... snip]

DNS Servers . . . . . . . . . . . : ::1

127.0.0.1



The results


If we look at "Roles and Server Groups" in Server Manager, we see that "AD DS" and "DNS" have been installed:







As expected, Active Directory Users and Computers is installed, with an interface similar to that in Windows 2008/R2:





And also DNS (with automatic configuration - it was not necessary to specify DNS settings above):






Lastly, Windows 2012 domain controllers include the Active Directory Administrative Center (ADAC), already present in Windows 2008, but now with a new interface:






 
References:


Microsoft Technet guide (Step-by-step):

Step-by-Step Guide for Setting Up Windows Server 2012 Domain Controller


Here is another Technet article with much greater detail:

Install a New Windows Server 2012 Active Directory Forest (Level 200)







Thank you for reading the article about Windows Server 2012 - promotion of a domain controller (command line) on the blog NEW TECH If you want to disseminate this article on please list the link as the source, and if this article was helpful please bookmark this page in your web browser by pressing Ctrl + D on your keyboard keys.

New articles :

Artikel Menarik | Artikel Menarik | Artikel Menarik | Artikel Menarik