How to Configuring Active Directory (AD DS) in Windows Server 2012

Windows Server 2012 introduces a plethora of new features with a key emphasis on Cloud integration being the buzz word in the industry over the last 24 months.  Windows continues to grow and mature as an operating system with the latest iteration being more secure, reliable and robust and more importantly making it easily interoperable with other systems.
This post will focus on Installing a Windows 2012 Server and then promoting it as the first domain controller in a new Forest.  Even though the logical steps haven’t really changed dramatically since the introduction of Windows 2008, the interface has! especially with the new metro look.  So let’s begin our journey with Windows Server 2012 as this will be the first of many articles on configuring different components that Windows Server 2012 has to offer.

Installing Windows Server 2012

The first step is to boot up from the CD or ISO image and select your language settings.

 Select your Language and input options and then click on Next.

Click Install Now
Select the operating system you want to install.  I have selected Windows Server 2012 Release Candidate Server with a GUI.  The other option is server core which was first introduced in Windows 2008 and is a minimal install with no GUI but provides remote management through Windows PowerShell and other tools.

Click Next
Accept the License terms

 Click Next

 We are performing a new installation of Windows Server, so click on Custom.

Partition your drives and then click Next.
The Installation of Windows then proceeds.

 The installation will eventually re-start your Windows Server where it will go through the final stages of preparing the environment for first time use.

 You will eventually be prompted to enter a password for the built-in Administrator account.

 

Click Finish
You will now be presented with the new Windows Login Screen, which is a fair change to what we have been accustomed to with previous releases of Windows Server.

Hit Ctrl – ALT – Delete to sign in, and enter your password.
You will be presented with the new Server Manager Screen which really simplifies the administration and configuration of your new server.  Our main goal for this article is to configure Active Directory and its related services such as DNS.

First thing I want to do is change the computer name.  Windows goes ahead and provides a default unique name in the form of WIN-<random characters>
To do so, from the Server Manager > Dashboard screen, click on Local Server and then click on the computer name hyperlink.

 This will take you to the all familiar System Properties

Click Change, enter a more desirable Computer Name and then click OK.
You will then be prompted to restart your computer to apply the changes.  Click Ok and then Click on restart now.
After your computer has restarted, we will be presented with the Server Manager Screen.  Now we are ready to configure this server as an Active Directory Controller.

Adding the Active Directory Domain Services Role

From the Dashboard click on “Add roles and features”.  You will be presented with the “Before you begin screen.  Click Next.  In the “Installation Type” screen click on “Role-base or feature-based installation”.

Click Next
You will be presented with the following screen asking you to select a destination server.  This is a new feature of Windows 2012 where you have the ability to deploy roles and features to remote servers and even offline virtual hard disks.
In our case, we are selecting the current server from the server pool.

Click Next
We are now back in familiar territory (if you have worked with Windows 2008 Server) and we will select the “Active Directory Domain Services” and DNS Server if it hasn’t already been provisioned.

 You will then be prompted to add features that are required for Active Directory Domain Services.

Click on Add Features
Click Next
If you want to add additional features, you can do so from the next screen, otherwise click Next

 You will now be presented with the Active Directory Domain Services (AD DS) screen outlining some information about AD DS and its requirements.  You will notice that DNS is a MUST and has always been the case.

Click next
You now provided with a summary of installation selections

 The installation will now begin

 Upon completion you will be presented with an installation succeeded message.

Click Close.
Back in Server Manager, you will notice that AD DS has been added to the left navigation tree.  Click on it and then click on More on the right navigation pane where it states that Configuration is required for Active Directory Domain Services.

You will now be presented with the All Servers Task Details, in which you will click on Promote this server to a domain controller under Action.
The Deployment Configuration screen appears and we will select “Add a new forest” as this is the first domain controller.

Enter your Root domain name and then click Next.
The following screen will then appear in which you will enter and select your Domain Controller Options.

 You will then get the below warning in which you can ignore for now.

Click Next
The NetBIOS domain name will then be inputted automatically.  In the event of a conflict, it will suggest an alternative by appending the original name with a 0.

Click Next
Confirm or change the locations of your database folder, log folder and SYSVOL folder.

Click Next
Review your selections and then Click Next.
If all of the prerequisites checks have passed successfully, you will be able to click on Install to proceed.

Click Install
The installation will now proceed and you will see the progress being displayed.

The computer will most likely restart on its own to complete the installation so don’t be alarmed if it does.  You will receive a brief warning advising so.
Upon restart, you should be able to login using your domain credentials for the user administrator.
So let’s add our first user!  We can do so via the new Active Directory Administrative Center or via the well known Active Directory Users and Computers.  For something different, lets try the former.
Once Server Manager has launched, click on Tools > Active Directory Administrative Center
You will be greeted with the below Welcome screen.

 lick on your domain on the left navigation pane, in my instance it is corp (local).

Let’s begin by creating our first Organizational Unit that will house our corporate users (I am not a fan of using the default Users).  On the right navigation pane under Taks > <domain name> click on New and then select “Organizational Unit”.
Enter the mandatory details.

Click OK
This will immediately create the Organizational Unit in the designated location.  Double click on your newly created Organizational Unit and on the left navigation pane, select New User.  The below screen appears in which you will fill in the necessary details.

Make sure you scroll down to the bottom and fill in all the necessary sections such as Groups, Profile Settings and Organization settings.
Once completed, Click OK.
Your newly created user will now be listed in the middle navigation pane.

 As you can see it is relatively straight forward configuring your first domain controller in a new forest using Windows Server 2012, in particular if you have had experience with Windows Server 2008.

Read more »

Posted in: Window Server 2012

How to Installing Windows Server 2012 and Server Core

Managing and Configuring a Server Core Installation

The following sections cover general tasks associated with managing and configuring a Server Core system via the command prompt after the installation is complete. As an alternative, an administrator can use the SCONFIG utility to configure general settings.

Launching the Command Prompt in a Server Core Installation

Remember, the Start menu does not exist. Because of this, one of the most important tasks an administrator must understand when managing a Server Core installation is how to launch a PowerShell console session. The following steps will assist you:

1. Press Ctrl+Alt+Delete.
2. Select Start Task Manager.
3. On the Windows Task Manager screen, select File, New Task (Run).
4. In the Create New Task dialog box, type powershell.exe, and then click OK.

Changing the Server Core Administrator’s Password

After the initial password has been set, the syntax to change the administrator password is as follows:
Net user administrator *
After the command has been executed, you are prompted to type a password for the user. Enter the password and then retype it for the confirmation process. It is a best practice to use a complex password when assigning passwords to the administrator account and the default password policy on the server will require complex passwords.

Changing the Server Core Machine Name

After the Server Core installation is complete, another common task is to change the machine name of the server. By default, Windows automatically generates and assigns a server name starting with WIN and followed by a string of characters. The syntax to change the Server Core machine name follows:

netdom renamecomputer <CurrentComputerName> /newname:<NewComputerName>

When executing this command, replace the <CurrentComputerName> argument with the existing hostname (which can be found using the hostname command) and the <NewComputerName> argument with the new machine name for the Server Core installation. Changing the server name from Win-123 to ABCDC2 is depicted in the following example:

netdom renamecomputer Win-123 /newname:ABCDC2

The same function can be performed using PowerShell with the following command:

Rename-computer –NewName ABCDC2

Assigning a Static IPV4 IP Address and DNS Settings

Another common Server Core management task is assigning an IP address, including the primary and secondary DNS settings. Before this task can be executed, you must run the following command to obtain and identify the names of the network interfaces installed on the server. This includes capturing the unique ID associated with each network interface. To display a list of network interfaces, including their respective unique IDs, run the following command:

netsh interface ipv4 show interfaces

NOTE

Netsh commands can usually be abbreviated to make typing easier once the administrator is familiar with the command. For example, the preceding command can also be executed by running the following:

Netsh int ipv4 sh int

The next step is to make a note of the network interface name and unique ID that you must change. The ID is located in the leftmost column and is referred to as Idx. This is depicted in the output of the netsh interface ipv4 show interfaces command, as displayed in

 Reviewing the Idx ID for a network interface.

NOTE

If you plan to change the IP address settings on more than one interface, take note of all the interface names and Idx unique IDs.

Now that you have captured the names and IDs, use the following syntax to change the IP address for a desired interface:

netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP>
mask=<SubnetMask> gateway=<DefaultGateway>

Replace the ID argument with the network interface name or ID. In addition, enter the static IP address, subnet mask, and default gateway in subsequent arguments, as follows:

netsh interface ipv4 set address name="1" source=static ad
dress=192.168.115.10 mask=255.255.255.0 gateway=192.168.115.1.

The final step when configuring the network interface is to enter a primary and secondary DNS entry for the interface. Do this by using the following syntax:

netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1

The same command is used and repeated when entering more than one DNS entry. However, increment the index each time. When finalized, run IP Config /all to verify the IP address settings.

The same function can be performed using PowerShell with the following commands:

Get-NETIPInterface
Set-NetIPAddress –InterfaceIndex 12 –IPv4Address 192.168.115.10 –PrefixLength 24
–DefaultGateway 192.168.115.1
Set-DNSClientServerAddress –InterfaceIndex 12 –ServerAddresses "DNSIP1","DNSIP2"

Adding the Server Core System to a Domain

The following script illustrates the basic syntax to add a Server Core system to a Windows domain:

Netdom join <computername> /domain:<domain> /OU:<ou path> /userd:<domain>\<username>
/passwordD:*

Input the domain name and the target OU. Supply the user account and password for an account that has permissions to add computers to the domain.
The same function can be performed using PowerShell with the following commands:

Add-Computer -domainname <domain> -OUPath "OU=OU,=Domain,DC=com"

Activating the Server Core System

Activating a Server Core system can be achieved in two easy steps. First, you enter a product key, and then you activate the server. The syntax to enter a product key is as follows:
slmgr.vbs –ipk<productkey>
After the product key has been successfully entered, you activate the server by typing in the following command.
slmgr.vbs –ato

Using SCONFIG to Configure a Server Core Installation

As mentioned previously, Windows Server 2012 includes a utility to make the initial configuration or a core installation easier. The SCONFIG utility, which has been available since Windows Server 2008 R2, is very easy to use and is usually the preferred configuration option if scripting is not required.
The utility can be executed by running sconfig.exe in the core installation command prompt and presents the set of options shown in

 SCONFIG utility

Server Core Roles and Feature Installations

The typical Windows server roles can be configured on a Server Core installation. The following server roles are currently supported on a Server Core installation:

• Active Directory Certificate Services
• Active Directory Domain Services (AD DS)
• Active Directory Lightweight Directory Services (AD LDS)
• Active Directory Rights Management Server
• DHCP Server
• DNS Server
• File and Storage Services
• Hyper-V
• Print and Document Services
• Remote Access Server
• Remote Desktop Services (partial support)
  • Connection Broker
  • Licensing
  • Virtualization Host only
• Volume Activation Services
• Web Server (IIS)
• Windows Deployment Services
• Windows Software Update Services

The following are some of the features that are also supported on a Server Core installation:

• .NET Framework 4.5
• BITS Compact Server
• BitLocker Drive Encryption
• BranchCache
• Failover Clustering
• Group Policy Management
• IP Address Management (IPAM) Server
• Multipath I/O
• Network Load Balancing
• Remote Server Administration Tools (partial)
• Simple Network Management Protocol (SNMP)
• Telnet Client
• Windows PowerShell 2.0
• Windows Server Backup

NOTE

The following command lists all the potential server roles and associated features:
Dism /online /get-features /format:table

The OCSetup command-line program familiar from earlier versions is still available (but deprecated) for setting up and configuring the server roles and features on a Server Core installation. You can configure the OCSetup command-line options using the following syntax:

ocsetup.exe [/?] [/h] [/help] component [/log:file] [/norestart] [/passive] [/quiet]
[/unattendfile:file] [/uninstall] [/x: parameter]

Table 3.3 describes each of the options that are available when using the OCSetup command-line program.

Table 3.3. Available Command Options for OCSetup

Parameter	Description
/?, /h, /help	Explains all the options available for OCSetup
component	Represents the name of the component you plan on installing, such as DNS, DHCP, Web Server (IIS), and more
/log:file	Specifies the log file location if you do not want to take advantage of the default location
/norestart	Does not reboot the computer after the installation
/passive	Suppresses unnecessary noise and only includes progress status
/quiet	Does not require user interaction
/unattendfile:file	Requires additional configurations
/uninstall	Removes server components
/x: parameter	Supplies additional configuration parameters

Using Powershell to Install a Server Role on a Server Core Installation

In addition to OCSetup, Powershell can be used to install roles and features, as follows:

1. Run PowerShell by executing powershell.exe in the command prompt.
2. Run import-module servermanager to enable Server Manager features within the PowerShell session.
3. Use Get-WindowsFeature to identify installed and available roles and features.
4. Use Add-WindowsFeature to add the required role or feature. Table 3.4 outlines an example of common server role installations using Add-WindowsFeature.

Table 3.4. Server Role Installation Command Lines with PowerShell

Server Role	Command
DNS Server role	Add-WindowsFeature DNS
DHCP Server role	Add-WindowsFeature DHCP
File Server role	Add-WindowsFeature File-Services
Print Server role	Add-WindowsFeature Print-Server
Active Directory Lightweight Directory Server role	Add-WindowsFeature ADLDS
Windows Server Update Services role	Add-WindowsFeature UpdateServices
Web Server (IIS) role	Add-WindowsFeature Web-Server
Remote Access role	Add-WindowsFeature RemoteAccess
Hyper-V role	Add-WindowsFeature Hyper-V

The previous sections are a prelude to some of the common Server Core command-line arguments for installing and configuring elements on a Windows Server 2012 Server Core installation. For a full list of command-line arguments, visit the Microsoft website and conduct a search for Windows Server 2012 Server Core.

Installing the Active Directory Domain Services Role

Installation of AD DS is more complex and vital to the operation of the environment and therefore deserves more detailed attention. Installation of the role using Add-WindowsFeature AD-domain-services will install the required binaries but not configure the server as a domain controller.
In earlier versions, the recommended tool for that is the dcpromo utility. The problem is that dcpromo normally starts a wizard with a GUI that is not supported on Server Core. As a result, the dcpromo utility on server core is a command-line utility that requires input by supplying the operation parameters or by using an answer file.
The dcpromo utility can accept more than 30 different operation parameters. Although this might seem like a dizzying array of options, few command lines will use all of them. Refer to the TechNet dcpromo command reference at http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx for a complete list and explanation of each parameter. You can use this reference to build the correct dcpromo command line or create an unattend file suitable for your core domain controller.
As with many other aspects of the operating system, Windows Server 2012 provides PowerShell support to perform that same function. Promoting a domain controller using PowerShell is very convenient and is based on the ADDSDeployment module, which includes the following commands:

• Install-ADDSForest
• Install-ADDSDomain
• Install-ADDSDomainController

These commands are available by first loading the appropriate module using Import-Module ADDSDeployment. Then, all that’s required is using the correct command from above depending on whether the goal is to deploy a new forest, add a domain to an existing forest, or add a domain controller to an existing domain. All the commands accept the required parameters, which you can discover by using the Get-Help cmdlet.
For example, use the following command to get the syntax for the Install-ADDSForest cmdlet:
Get-Help Install-ADDSForest

Then, using the following syntax to install a new Windows 2012 forest with a root domain called abc.com:

Install-ADDSForest –ForestMode "Win8" –DomainMode "Win8" –DomainName "abc.com"
–DomainNetBIOSName "ABC" –DatabasePath "C:\Windows\NTDS" –LogPath "C:\Windows\NTDS"
–SYSVOLPath "C:\Windows\SYSVOL" –InstallDNS:$true –CreateDNSDelegation:$false
–RebootOnCompletion:$true –Force:$true

You will be prompted for the safe mode boot password, and the forest will be created. The server reboots upon completion as specified in the command.

Read more »

Posted in: Window Server 2012

How to Installing and Configuring DHCP role on Windows Server 2012

With the new Server Manager in Windows Server 2012, there have been some changes in the way DHCP role will be installed. The blog post describes, in the sections below, installation and configuration of DHCP Role using Server Manager and PowerShell on Windows Server 2012. Before starting, the user needs to ensure that he/she logs in as a domain user with local administrative privileges, in case the machine involved is a domain joined machine.

 Installing DHCP role via new Server Manager

• Ensure the computer has at least one static IP address assigned before starting the role installation.
• Launch the Add Role Wizard from Server Manager.
• Select DHCP server role and go through the steps needed for installation.
• The last page of the wizard (which comes up after the role has been installed), provides a link - "Complete DHCP configuration". This provides some tasks that need to be performed to enable the DHCP server role to work properly after role installation.

Wizard after DHCP role installation

• Launch the DHCP post-install wizard and complete the steps required.
• Creation of DHCP security groups (DHCP Administrators and DHCP Users). For these security groups to be effective, the DHCP server service needs to be restarted. This will need to be performed separately by the administrator.

 

Authorization of DHCP server in Active Directory (only in case of a domain-joint setup). In a domain joined environment, only after the DHCP server is authorized, it will start serving the DHCP client requests. Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory.

Authorization Page

  Summary Page

• In case completing of the post-install step is missed after role installation, the administrator will continue to see a notification on the action pane and also a link on the DHCP role tile on the main Server Manager page suggesting that some configuration is required. That link would go away only after completion of the post-install task.

 DHCP Post-Install configuration wizard launch point

•  The configuration of DHCP server parameters such as scope, options etc. are no longer available in the new Server Manager. The administrator can now launch DHCP MMC either via Server manager (as shown below), or via the DHCP MMC application in the Start Menu, or writing dhcpmgmt.msc on the command prompt. The administrator can now create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients. 

 Server Manager: DHCP MMC launch point

 

Installing via PowerShell 

To install the DHCP server role via PowerShell, one needs to run the following command:

•  Command: Add-WindowsFeature  -IncludeManagementTools dhcp

Note the extra switch (IncludeManagementTools) which is now needed, in contrast to Windows 7. Without this switch, just the DHCP server role would be installed. The DHCP server RSAT tools which includes DHCP MMC, netsh context and the new DHCP PowerShell cmdlets,  is not installed by default, unless you give the above flag.

•  After the role is installed, there are a few other steps that the administrator needs to perform so that the server can work correctly and lease out addresses. This the post-install configuration as performed by the above mentioned post-install wizard. The administrator can either launch the Server Manager and complete the DHCP post-installation task from there (as this is UI-only task) or run the below set of commands which are an equivalent of above.
• Creating DHCP security groups
• Command:netsh dhcp add securitygroups
• You will need to restart the DHCP service for these groups to become active.
• Command:  Restart-service dhcpserver
• Authorizing the DHCP server in Active Directory (only needed for a domain-joined setup)
• Command: Add-DhcpServerInDC  <hostname of the DHCP server>  <IP address of the DHCP server>
• Now the administrator can launch DHCP MMC either via Server manager, or via the DHCP MMC application from the start menu, or by writing dhcpmgmt.msc on the command prompt. The administrator can now also create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients using DHCP MMC or the new DHCP PowerShell.

If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

• Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2

Read more »

Posted in: Window Server 2012

How to Installing Windows Server 2012 (step by step)

Windows Server 2012, codenamed "Windows Server 8", is the sixth release of Windows Server. It is the server version of Windows 8 and succeeds Windows Server 2008 R2. Two pre-release versions, a developer preview and a beta version, were released during development. The software was generally available to customers starting on September 4, 2012.
In this easy step by step guide, we will learn how to install and activate Windows Server 2012.
Before you start make sure you have the minimum requirements to install Windows Server (Windows Server Requirements):
Processor: Minimum: 1.4 GHz 64-bit processor
Ram: Minimum: 512 MB
Disk Space: Minimum: 32 GB
Other requirements:

• DVD drive
• Super VGA (800 x 600) or higher-resolution monitor
• Keyboard and Microsoft® mouse (or other compatible pointing device)
• Internet access

 You can then download the evalution copy of Windows Server 2012 from here, Download the ISO and burn it to some DVD:
http://technet.microsoft.com/en-US/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33

Now that we have everything we need, We can Start:

1- Insert the Windows Server 2012 DVD, and once you get the following message press Enter to boot from the setup

 

2- Wait for a while till the setup loads all necessary files (Depending on your machine, it will take couple of minutes)

 3- Once the setup files are loaded, the setup will start with the following screen. You can change these to meet your needs (the default values should be fine for now)

  4- Once you click Next, you can start the installation, click "Install now"

 5- You will see the following screen, wait until it finishes loading

 6- In the following setup screen, you will see four options. Select Windows Server 2012 DataCenter Evaluation (Server With GUI).

 7- After you click Next from previous screen, Read the License terms, tick the "I accept the license terms" and click Next

 8- Now It will ask you for the drive (or partition) you want to install Windows on. Here I'm installing it on the one partition I have here. NOTE: This will remove the content of the partition. Either you create a partition to install windows on, or you can test this on a testing machine

 9- Now once we picked our partition, clicking on next from previous screen will start the setup. This process might take a while.

 10- Once the setup is done, it will restart and start your Windows Server 2012 for the first time. It will ask you then to set up a password for the Administrator user

 11- The setup will finalize your settings, might take a couple of minutes

 12- Once the setup is done, you can log in for the first time to your Windows Server, as the screen says, press Ctrl+Alt+Delete to log in, and use the password you set in the setup process

 13 - Once you Log in, Windows Server 2012 will show the Server Manager

 Congratulations! you have now Windows server 2012 Installed with Datacenter.

Read more »

Posted in: Window Server 2012