Contents
1. Introduction ... 3
1.1. Setup ... 3
2. Introduction to Active Directory Services ... 4
3. Installing and Configuring Active Directory Services... 5
3.1. Joining to Domain ... 5
3.2. Promoting Member Server to Additional Domain Controller ... 7
possible one line description about each step involved in installing Directory service on Windows Server 8.
1.1. Setup
Below table contains Servers used in the lab followed by the different services required for successful implementation of Directory service on Windows server 8.
Servers Configuration
Services Specification
Windows Server 2008 R2 Microsoft Hyper-v Server, 8GB Ram , Intel Dual core processor
Windows Server 2008 R2 Active Directory Domain Controller
Windows Server 2008 R2 DNS Server ( optional ) – Can be installed the DNS service on the domain controller
Windows Server 2008 R2 Additional Domain Controller
Windows Server 2008 R2 Additional Domain DNS Server ( optional ) – Can be installed the DNS service on the domain controller
Windows Server 2008 R2 Dynamic Host Configuration Protocol
Services Configuration
Services Specification
Active Directory Domain Active Directory Forest – 1 Active Directory Domain – 2 Additional Domain Controller – 1
Network Connectivity 1 NIC connecting external , 1 Internal Network connecting between virtual machines and Microsoft Host
Microsoft Active Directory Domain Hosted on Virtual Machine
Domain Naming Server Configured on virtual machine
Dynamic Host Configuration Protocol Configured on Virtual Machine to provide DHCP address for virtual machine clients
Firewall Configuration Open port 139, RPC, 443, 445
Group Policy Management Configured on Virtual Machine / Active Directory domain
Distributed File System Configured on Virtual machine
2. Introduction to Active Directory Services
Active Directory domain services are used primarily to manage Users and Resource management across Enterprise infrastructures spanning the physical subnets across the globe. Active Directory domain provides distributed database to store and manage application data, user data and computer data respectively.
Active directory structure comprises of Single forest, with multiple domains and child domains.
Administrator can configure active directory domain based on the physical subnets , it is advisable to install directory server on the physical site.
Active directory provides different security boundaries in the form of a) Forest
b) Domain
c) Organizational Units
We would understand the different functionality provided by Active directory service in Windows Server 8 from the below sections.
for the first time ,as shown in the below screen.
3.1. Joining to Domain
Upon login, add the server to existing active directory domain. Windows Server 8 do not has the iconic Start Menu , but it provides start through which users / administrators can perform the common tasks.
Click Windows key + R for run command, type Ncpa.cpl > right click on Network adapter properties >
assign the Static IP address. If server is unable to ping or access resources across VM’s , please make sure that the Virtual Host properties should be configured for appropriate Network adapter , as shown below. For my lab I have created Internal network called as Internal Testing Network.
Navigate to Computer > right click Properties > Computer Name > Change configure the server to join to the existing Active directory domain, as shown below . Under Domain add the domain ( Eg:
contoso.com) and click OK, after successfully joining the server to existing Active directory domain, it should be restarted.
3.2. Promoting Member Server to Additional Domain Controller
In our lab, I have added Windows Server 8 Beta server to existing domain , to promote the member server to additional domain controller follow the below steps. Please note that when you run
dcpromo.exe you will see the following message, the Active directory domain services is integrated with Server Manager.
Please follow the below steps to add Active Directory Domain Services Step1: Click Server Manager Icon from the Task bar
Step2: Click on Add roles and Features as show below
Step 3: Click Next from the above wizard
Step4: The Add roles and Features wizard is new when compared to Windows Server 2008 R2 which allows you to select a server from Server pool or select a virtual hard disk. For our test we will select the first option “Select a server from the server pool” , you can see from below that my server is listed under Server Pool and click Next.
Step5: The next wizard will allow administrators to add the Active directory domain services, and click Next
Step6: Click Next without selecting any Features
Step7:Click Next from the below wizard
Step8: On the Confirmation wizard select “ Restart the destination server automatically if required”
click Install.
Step9: The Active directory domain services will be installed on the server.
The below wizard shows that Active directory domain services components got successfully installed.
After configuration completes successfully, following are the wizards would get installed and configured with Domain services
a) Active Directory Users and Computers b) Active Directory Domains and Trust c) Active Directory Sites and Services d) Active Directory Administrative Center
From the above services administrators would be able to manage day-day Active directory operations which includes managing existing Active directory domain, User management, Group management, Security delegation, OU creation, Pre-configured RODC , Configuring and managing Active Directory Sites and services, Active Directory replication , Active directory Trust etc..
Note: We haven’t configured the server as Domain controller, we will be promoting the server to Additional domain controller using the below steps.
If administrators wonder why DCPromo.exe doesn’t provide the UI to promote to Additional domain controller or to create new domain in existing forest, below are few additional steps we need to perform.
Click on Server Manager and navigate to AD DS role as shown below
Click on More which is towards right end of “Configuration Required for Active Directory Domain Services “, administrators will view the below wizard
From the above wizard click on “Promote this server to a domain” which would bring the following wizard
From the above wizard, administrator can perform the following actions a) Add additional Domain Controller to an Existing Domain
b) Add new Domain to Existing Active directory Forest c) Add new child domain to existing Active Directory Forest d) Create a New Active directory Forest.
In our lab we will create a child domain to existing domain using the below procedure.
Step1: Select “Add a new domain to an existing forest “ option from the above wizard which gives administrators to configure either Child domain or create a new domain under existing Active directory Tree.
Step2: Under Parent Domain Name click Select button. The wizard will prompt for the domain administrator credentials to retrieve the domains under the forest, as seen from below screen
Note: The above procedure is mandatory otherwise the Next tab will not be activated and supplies the appropriate credentials.
Step3: Upon click Next, the wizard provide the option to configure the new Domain controller either a) Domain Functional Level
b) Global Catalog server c) DNS server
d) RODC server e) Site Name selection
Select the domain functional level appropriately, site name and enter the password for DSRM and click next.
Step4: The below wizard will configure DNS delegation by default, as we are deploying new domain under existing DNS name space which is Corp.test.local, which is shown below
Step5: The below wizard provides the option to change NetBios name , I have configured as Win8DC
Step6: Specify the Sysvol folder path location , I kept them as default
Step7: The next wizard provides option to review the settings that we have configured earlier, optional is to view powershell script.
Conclusion:
The above article outline the steps involved in preparing Windows Server 8 on Virtual machine and configuring the server as Child Domain Controller. This article provided the information with screenshots and step-by-step guide.
Sainath is a MVP for Directory Services and works for Avanade Asia Pte Ltd, Singapore. He is an active Speaker at Microsoft Singapore Windows User Group and blogs about Directory services , Winternals and Virtualization. He is the Reviewer of Microsoft Operations Framework for Active Directory , Windows Server, Hyper-v and Certificate Services and beta tester for Windows Server 2008 R2 , SCVMM
