Beruflich Dokumente
Kultur Dokumente
If managing users and computers on Active Directory has become a burden, let SolarWinds
free trio of AD Admin Tools provide you relief! With the inactive user and computer account
removal tools, and the user import tool, you can manage and remove computers and users
from Active Directory, and you can add users in bulk. These tools run on current Windows
versions, and are even certified with Windows 7 through a strategic relationship with
Microsoft!
Download SolarWinds free trio of AD Admin Tools here >
One of the best uses for Server Core in Windows Server 2012 is as an Active Directory
Domain Controller. Why? For starters, Server Core minimizes the Windows components
installed. Fewer components mean fewer security patches and Windows updates. It also
means a lower attack surface making the server easier to protect from malware. Less running
processes and services reduce the opportunity for system crashes and hangs.
Logon using an account with administrative privileges on the Server Core system.
At the Windows Server 2012 Server Core Command Prompt, type sconfig.cmd and
press Enter to start the Server Configuration Tool.
Type 8 and press Enter to select Network Settings from the menu.
Type the Index# for the network adapter to change from the displayed list.
Type 1 and press Enter to select the menu option to Set Network Adapter Address.
Type S and press Enter to select the option for a Static IP.
Type the subnet mask for the network and then press Enter.
Type the default gateway for the network and then press Enter.
The settings will be applied and the Network Settings menu will be redisplayed.
Down the road, this server will query the existing domain controllers in the domain. Its
essential this works without any hiccups so set a DNS Server address while still in the
Network Settings menu.
Enter the IP address of the preferred, or primary, DNS server for the domain. Press
Enter.
Click OK when prompted that the Primary DNS Server has been set.
If a secondary DNS server exists for the domain, enter its IP address when prompted
for an alternate DNS server. If no secondary DNS server exists, leave blank. Press
Enter.
Click OK when prompted that the Alternate DNS Server has been set. The Network
Settings menu will be redisplayed.
At the Windows Server 2012 Server Core Command Prompt, type PowerShell and
press Enter to begin a PowerShell session.
Get the name of the installed network adapter by typing Get-NetAdapter at the
PowerShell prompt and then pressing Enter.
Pay attention to the name displayed for the adapter you intend to modify. Petri
insiders tip: In a fresh Server Core installation with one network adapter installed,
the name will be Ethernet by default.
Type the following cmdlet, and replace the IPAddress parameter with the static IP to assign
this server. The InterfaceAlias parameter is the name of the adapter found using the GetNetAdapter cmdlet. Also, be sure to set the DefaultGateway parameter appropriately for the
network.
New-NetIPAddress -IPAddress 10.0.10.142 -InterfaceAlias "Ethernet"
-DefaultGateway 10.0.10.254 -AddressFamily IPv4 -PrefixLength 24
Armed with the interface name retrieved earlier using the Get-NetAdapter cmdlet, its time
to set the DNS servers using the Set-DNSClientServerAddress cmdlet. The IPs entered for
the ServerAddresses parameter are the primary and secondary DNS servers.
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses
(10.0.10.151,10.0.10.152)
Okay, technically thats two cmdlets, but come on its still way faster than the nonPowerShell way!
Theres no sense in slowing down now. Without exiting the PowerShell session, install the
Active Directory Services Role using the following cmdlet:
Install-WindowsFeature AD-Domain-Services IncludeManagementTools
This is a great time to mention a few things about an error you may see: WARNING:
Windows automatic updating is not enabled. To ensure that your newly-installed role or
feature is automatically updated, turn on Windows Update.
First, dont worry this has zero impact on the installation of the AD Services Role. If this is
the only error you see, rest assured everything installed just fine.
Second, since this server will ultimately be joined to a domain and if Windows Update is
enabled in the domains Group Policy settings theres nothing to worry about. Once joined to
the domain, the server will automatically turn on Windows Update.
Third, if you absolutely will not sleep well knowing that Windows Update is turned off even
for a moment, dont break out in a sweat just yet: It can be enabled manually. Since I prefer
that all IT admins be calm and well rested as they read my Petri articles, heres the process.
Type sconfig.cmd and press Enter to start the Server Configuration Tool.
Type 5 and press Enter to select Windows Update Settings from the menu.
Type A and press Enter to change the Windows Update to Automatic. Click OK.
Type 15 and press Enter to exit the Server Configuration Tool and return to the
PowerShell prompt.
Almost done! It's now time to move forward with promoting the server to function as a
domain controller. In this scenario, the domain tree where this DC will live is called
awssol.com. Keep in mind that were adding this DC to an existing domain and configuring
this server as an additional DNS server for the domain.
The cmdlet will prompt for credentials. This needs to be an account with Domain Admin
privileges in the domain where the DC is being created.
The system will prompt you to confirm that the server will be configured as a DC and
rebooted. Type A and press Enter to confirm everything and get this train rolling.
There are a couple warnings youll probably be presented with as the promotion does its job.
The first warning lets you know that Windows Server 2012 has defaults for certain security
settings that can affect very old OSes on the network such as Windows NT 4.0. The second
warns that a DNS Server delegation cant be created. Since were installing DNS on this
server as part of the DC promotion process, both of these errors are safe to ignore. Unless of
course you are still running Windows NT 4.0 systems on the network (in which case, what
are you thinking? Get those servers upgraded!)
Im a big fan of Windows Server 2012 Server Core Active Directory Domain Controllers and
of Server Core in general, and I'll have more Server Core related articles here on Petri in the
future. In the meantime, why not turn all your AD DCs into Server Core machines?