Installing Windows 2008 Server Core Domain Controller
To save you some time, I'd like to outline the steps I recently used to add Server Core DC's to an already existing WS08 forest environment:
-
Install the default Server Core
- Insert the DVD, and follow defaults
-
Change server name
- Type netdom renamecomputer <old machine name> /newname:<new machine name>
- Type shutdown /r, and then press ENTER.
-
Change time zone & setup NTP synch
- Type control timedate.cpl and then press ENTER
- Open command prompt and type in: net time /setsntp:<PDC emulator FQDN>
-
Change language and keyboard settings
- Type control intl.cpl and then press ENTER
-
Configure IP details
- Type netsh interface ipv4 show interface, and then press ENTER
- Make a note of the number in the IDX column for the Local Area Connection. Make sure to use this number in steps below for the name="n" parameter
- Type netsh interface ipv4 set address name="n" source=static address=<server's IP address> mask=<subnet mask> gateway=<IP address>, and then press ENTER
- Type netsh interface ipv4 add dnsserver name="n" address=<Primary DNS Server> index=1, and then press ENTER
- Type netsh interface ipv4 add dnsserver name="n" address=<Secondary DNS Server> index=2, and then press ENTER
-
Enable firewall rules for remote management
-
The following has to be executed on BOTH the Server Core & the server that you will manage it from, open command prompt and type:
- Netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
- Netsh advfirewall firewall set rule group="Remote Services Management" new enable=yes
- Netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
- Netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
- Netsh advfirewall firewall set rule group="Remote Scheduled Task Management" new enable=yes
-
-
Enable Windows Update
- Cscript c:\Windows\System32\SCregEdit.wsf /au 4 [Enter]
- Net stop wuauserv && net start wuauserv [Enter]
- Wuauclt /detecnow [Enter] – this starts the update process now, and does not wait till the default time of 3 am
-
Add DNS role
- Type start /w ocsetup DNS-Server-Core-Role
-
Add AD Replication components
-
Remember that a pure WS08 AD environment by default uses DFS-R for replication, so this service needs to be added:
- Type start /w ocsetup DFRS-Infrastructure-ServerEdition
-
For AD environments that are mixed (WS08 & W2K3) install the FRS replication component instead:
- Type start /w ocsetup FRS-Infrastructure
-
-
Add Backup feature
- Type start /w ocsetup WindowsServerBackup
-
Enable Terminal Services
- Type cscript c:\windows\system32\scregedit.wsf /ar 0, and then press ENTER
-
Install Active Directory
-
Create the following UNATTEND.TXT file as follows:
[Unattended]
Unattendmode=fullunattended
[DCINSTALL]
UserName=<username>
Password=<password>
UserDomain=<FQDN domain name>
DatabasePath=<path, e.g. d:\windows\ntds>
LogPath=<path, e.g. d:\windows\ntds>
SYSVOLPath=<path, e.g. d:\windows\sysvol>
SafeModeAdminPassword=<password>
CriticalReplicationOnly
SiteName=<Site Name, e.g. Default-First-Site-Name>
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=<FQDN domain name>
ReplicationSourceDC=<FQDN source DC>
ConfirmGc=yes
RebootOnSuccess=yes
- Type dcpromo /unattend:unattend.txt, and then press ENTER
-
-
Lastly, you may want to enable Bitlocker:
-
manage-bde.wsf –on C: -RecoveryPassword –RecoveryKey F:\
- where C: is the volume to encrypt, and F:\ is a USB key or another volume where a copy of the recovery key will be stored (in binary format). You can also use a UNC path to store the recovery key on a network drive. A recovery password (in numeric text format) will also be generated and displayed. You might wish to add the –skiphardwaretest parameter if you are certain the hardware platform meets all BitLocker requirements.
-
And there you have it, a Server Core DC happy as a pig in ….
Posts
0 comments: