E LV IS'S technica l b l o g

All about Windows Servers and much more

Step-by-step install Windows Server Essentials 2012 R2 with non local

domain
Published on November 28, 2013 in Essential s Ser ver, Windows Ser ver by Elvis

As the best practice of the latest few years, .local domain is not a good way to be deployed in any environment. The main reason for this
is that since November 1 2015, will end the ability to have .local domains in public certi cates. This will also apply in small environments,
because we also use that certi cates (for example we use them in Remote desktop services, Exchange, Remote web workplace…). On the
other way, it is also not a good choice to have the internal domain name the same as the external. I would suggest you, for the internal
domain name, to choose some kind of subdomain of the public domain name. For example, we can use company.com as public (external)
domain name and internal.company.com as internal (Active Directory) domain name.
When you install the Essentials Server 2012R2, you will not be able to choose the internal domain name as you want, but this is simply
your NetBIOS domain with.local extension in the end – exactly the type of extension we want to avoid.
Here is the step-by-step guide how to install Essentials server with different, more accurate options. In the example we have below, we will
install Essentials server with NetBIOS domain name MyCompany, AD domain name Internal.Mycompany.com, server name MyServer and
company name MyCompany. In your installation, you have to change the variables to your desired values.

IPhone 6 16gb IPhone 6 64GB

Ip6s 64gb Gold MalaysiaSet
gold myset
RM 650 RM 590 RM 610

The installation begins with a normal server installation from a media and after the server restarts, when the Con gure Windows Server
Essentials wizard will appear, you can see that you have no place to write your AD domain name (picture 1).

At this point, just close this wizard with cancel (picture 2).

Open the PowerShell as Administrator and write the syntax:

Start-WssConfigurationService -CompanyName “MyCompany” -DNSName “Internal.MyCompamny.com” -NetBiosName
“MyCompany” -ComputerName “MyServer” –NewAdminCredential $cred -Setting All
The explanation of all used switches is available on TechNet. Enter your AD administrator credentials in the window that will appear. This
will be the new administrator – the same as you con gure it in the Essential server wizard (picture 3).
When the system will prompt, if you want to continue the Essentials server con guration, just click Y (picture 4).

Exit from PowerShell and the server will restart. After this, when you log in, you will see that the wizard Con gure Windows Server
Essentials will run. You have just to wait that it will nish. At this point the wizard has all the information it needs and you are not able to
change them (picture 5).

This is all you need to do. As you can see in the picture 6, now we have installed the server with a non .local domain and with all the
settings we want.

Iphond 6plus
Ip6s 64gb Iphone 6s
64gb
RM 650 RM 890 RM 123
.

Share this:

   
Tags Essential s ser ver, Windows Ser ver

Recommended Reading

Converting VM from Windows Server 2012 and

Generation 1 to Generation 2 2012R2 documentation

45 comments found on “Step-by-step install Windows Server Essentials 2012 R2

with non local domain”

Olea says:
Februar y 7, 2014 at 21:07

is it posible to use a domain name such as “myown.mx” in the -DNSName “Internal.MyCompamny.com”?

Reply
 elvis says:
Februar y 18, 2014 at 06:58

Hi,
Of course. You can use any domain name, but my suggestion is to use a subdomain of public used
company domain.

Reply

1. Cesar Olea says:

Februar y 26, 2014 at 23:40

well, i’ve tryed with a domain an su x .mx but it doesn’t permit so!!
any sugestion?

Reply

2. Olea says:
Februar y 27, 2014 at 03:08

Thanks for your answer! i tryed with a different domain name (as well as subdomains) and
seems like it does not allow me to use the .mx suf x.

if i use something like “subserver.myown.com” its ok for the setup process …

it reports me an error if I add the “.mx” Do you know if it is restricted?

or can you try and test this example: “subdmntest.myown.com.mx”?

than you very much for your help!

Reply

elvis says:
March 5, 2014 at 06:51

Hm, I don’t know why. The “.mx” domain is just a domain. Maybe it was
something wrong with resolving it? Internet connection?

Reply

g3 says:
May 8, 2014 at 12:09

The was a grate tip. Thanks

Reply

Randy says:
May 11, 2014 at 16:14

I found this article and have used the technique 3 times now. I was thrown by the fact that the “Enter your AD
administrator credentials in the window that will appear. This will be the new administrator – the same as you
con gure it in the Essential server wizard” REQUIRES an answer DIFFERENT than the “administrator” login created when
rst installing Windows 2012r2. Once I got past trying to gure out what the error message was all about and put in a
different user name and password. (I am NOT joining this to an existing domain so I am setting up a new AD
Administrator) It worked exactly as expected.

There is a noticeable time delay between when you exit power shell and the system reboots. Something that is a little
disconcerting after just seeing several errors (because of the user/password miss understanding) and wondering if
something is broken.

Third time’s the charm!

Thank you very much for this article. I wonder why the world is not beating down your door. I have chosen to register a
second “short as possible” domain.net for my clients to use as their internal domain. I also use the “short” domain name
for their Of ce 365 account initial internal domain.

Randy

Reply

JamesH says:
June 11, 2014 at 12:11
Thanks for this tip – extremely useful. I have been testing it for use with a Windows 2012 R2 Std on which the
Essentials Experience role has been enabled (not a Windows 2012 R2 Essentials SKU). So this is Windows 2012 R2 Std
install with the Essentials Experience role installed, then a reboot performed and then the PowerShell script is run. It
works well with one or two small changes that i would like to document here if anyone else stumbles across this blog
page.

1) The server rejects the -Setting All parameter for some reason. I omitted it in the end because it is simply the
Windows Updates con g which you can do later in the GUI.

2) I discovered that whatever I did, the server completely ignored the -ComputerName “MyServer” parameter. When the
server rebooted the server name had not changed. This was annoying because once AD is installed, you can’t change
the server name through the GUI. I believe there may be some registry hack or script you can use to change the name
but this seems unclean. So, I started again and simply named the server to my required name when it was in
workgroup mode, then ran the script. I kept the parameter in the script, just in case, but reading Technet, it seems it’s
not required, so you can probably leave it out.

So this is the script I used:

Start-WssCon gurationService -CompanyName “MyCompany” -DNSName “Internal.MyCompamny.com” -NetBiosName

“MyCompany” -ComputerName “MyServer” –NewAdminCredential $cred

And as Randy says, there is a noticeable time delay between closing PowerShell and the server rebooting – it appears
as though nothing is happening but just leave it and it will reboot (you can check Task manager to see that it is indeed
doing something behind the scenes).

Reply

elvis says:
June 16, 2014 at 18:16

Thank you for comments.

You are totally right.
1. As you write, this is an Windows Update setting and can be changed later without any problem. The
succes of this setting of course depend on many things (internet connection, …) and can fail.
2. True. My Mistake. DC name can not be changed, but you can use the same script if you want to install a
new domain on Essentials server (if you don’t want a .local domain). There you need to specify a computer
name.
Thank you for a comment.

Reply

1. Matt says:
June 12, 2016 at 07:21

I think the -ComputerName command didn’t work because of the “double quotes” around the name. Try it
without the quotes. I did and it worked for me.

Reply

Elvis says:
June 20, 2016 at 18:41

Could be true. Yes, you can use without quotes, but is better to use quotes as in this case you
can use any symbol (many times also more than one word).
You should use double quotes, but unfortunately many times happens that formatting text with
MS Word or with other word processor change the normal double quote symbol to something
similar. In this case you have to write quotes manually.

Reply

Ken Royer says:

December 10, 2014 at 20:17

This article was found after trying to use an answer le a few times, thanks for writing it. I had no errors and now I
am having trouble after reboot joining PC’s to the corp.company.com
Anyone else have this? to me it sounds like a DNS lookup issue but I see nothing wrong

Reply

elvis says:
December 11, 2014 at 07:06

What kind of trubles do you have?

 Reply

Ken Royer says:

December 10, 2014 at 20:38

Figured it out, small of ce everyone was on wi and I didnt have the server as primary DNS, !!
Thanks again for the instructions can’t believe <S just didnt allow the .com in the rst place

Reply

elvis says:
December 11, 2014 at 07:03

Not really agree with you. If you have server in company, it is always the best choice to put this server as
DNS.
Otherwise, if you look to company without server, then this article is not for you and it doesn’t matter if it
is on wireless or wired network. As I know all access points and routers they have an option to disable
DHCP and change DNS server.

Reply

PhilFCS says:
December 17, 2014 at 23:36

After running this command upon reboot I’m nding I have no active directory users and computers tools and I cannot
edit group policies on the domain, almost like I’m not a full admin for some reason. Anyone else run into this?

Reply

elvis says:
December 18, 2014 at 14:52

Something went wrong between instalation. The istalation in this mode could not modify the installation of
ADDS tools or roles.
In any case, you can try to add this snap ins manually, but I am affraid that there are more problems in
the installation.

Reply

1. PhilFCS says:
December 18, 2014 at 15:44

My bad, I made too many changes at once it seems, I had a few dozen updates still pending
reboot when I ran the powershell command, I let it reboot and it nished the updates. After the
reboot I had some issues, no ADDS tools (found an article that says the powershell doesn’t add
them like the wizard does, so added them manually)

I had other strange issues, couldn’t authorize DHCP server, error said it couldn’t nd AD.
Couldn’t edit the 2 default group policies. (edit greyed out)
I had a robocopy running so didn’t want to reboot until it was done but the good old “Did you
reboot it?” seems to have solved the strangeness. After a second reboot I can auth the dhcp
and edit gp.
Hopefully this helps someone else!

Reply

Chris Hall says:

Februar y 18, 2015 at 05:29

I am installing Windows 2012 Essentials that came with my new Dell R320 server and I can perform the Cancel as you
describe. It only has back and next.

What am I missing? I really need this to be a .com server. I had found steps to change it later, but I worry there will be
lingering issues later.

Thoughts?

Reply

elvis says:
March 7, 2015 at 20:25

I responeded with previos message.

 Reply

Chris Hall says:

Februar y 28, 2015 at 00:05

I am trying to use your script, but I keep getting an error message saying Start-WSSCon guraitionService does not exist.

I am doing it a bit different. my install CD does not allow me to exit where yours does, so I was following James’s post
about doing it after the install and the restart. But as I said it keeps saying that it is not a valid program script.

Reply

elvis says:
March 7, 2015 at 20:24

You have to instal complete server from CD! You have to breake role instalation after the logon to the server
is done.

Reply

Riley Nobles says:

March 25, 2015 at 21:00

Excellent!! Worked like a charm.

Reply

Bernie says:
April 18, 2015 at 00:54

Unfortunately, all I have in my server 2012 essentials installation is “back” and “next”. Why don’t I have cancel

Reply

elvis says:
April 20, 2015 at 07:31

You can exit from that windows in many moeds. You can close it, from task manager,…
Just use one of them.

Reply

Bernie says:
April 18, 2015 at 01:54

Doh! Think I see my answer in your March 7th post. THanks!

Reply

Bernie says:
April 18, 2015 at 03:33

Elvis, I’m still have same issue as Chris Hall…I let the installation complete but at no point is accepting Start-Wss…
cmdlet. Is it the difference between Essentials plain and Essentials R2?

Reply

elvis says:
April 20, 2015 at 07:34

If you are talking between Essentials 2012 and Essentials 2012R2, the answer is yes. There is a difference.
It should be done in different way on server 2012 – answer le.

Reply

IT Architect says:
Sep tember 5, 2015 at 22:57

What am I missing?
A .local domain is simply a nuisance for Macs. I could have a public domain name acme.com, name the internal DNS
domain acme.lan, have a server on the local network named mail.acme.lan, buy a certi cate for it named
mail.acme.com, with a rewall that routes the mail ports to it, and a resource record in the public acme.com zone that
points to the rewall.

Using a public internal domain name, I could sub it using the identi er of the closest airport, such as lax.acme.com,
with mail on the local network hosting a certi cate named mail.lax.acme.com. I still need to add a resource record in
the public acme.com zone for mail.lax.acme.com that points to the rewall. I probably wouldn’t want to name something
used publicly, internal.acme.com or lan.acme.com, nor would I want to expose the internal zone to the Internet.

I don’t know why anyone would want to want to buy a cert for mail.acme.lan even if they could. The problem is you
cannot access it from anywhere but the local area network without getting a warning. On the other hand, a cert that
uses an Internet routable name can be used anywhere, including on internal networks that use non-routable names
such as .local and .lan. So other than the Apple issue with .local, I don’t see where it makes much difference, and
something like acme.lan is pretty simple.

So help me out, what am I missing?

;;

Reply

elvis says:
Sep tember 7, 2015 at 18:57

Hi,

With .local domain you will have problems with MAC’s (for now) and with public certi cate – exactly as you
mentioned. I don’t know what exactly you want to tell me with mail.acme.lan certi cate.
The answer is simple: As is described in best practices, one of the solutions for internal domain name is
subdomain of existing external domain (for example internal.acme.com). You need a certi cate for access to
internal website true https and must have the same CN that you published in external DNS servers. It
should be whatever you want – like myof ce.acme.com, but the Essentials server wizard will create the
cone for that record (in my case myof ce.acme.com) with root A record. This record is needed to resolve
this DNS name from LAN.
Hope this answer will help you.

Reply

IT Architect says:
Sep tember 8, 2015 at 14:37

What I meant is 3rd party certi cates do not need to match the server name nor internal network name. It can be
anything you like, including your external internet domain name.
Thanks!

Reply

IT Architect says:
Sep tember 11, 2015 at 05:04

Thank you for taking the time to talk through this. It works either way whether you do a .lan or a .com. However, I am
seeing the merit of the sub domain now.

– With the .lan approach, you can have a server named server.acme.lan internally, and install a certi cate on it named
server.acme.com. Internal and external users can do an NS lookup on server.acme.com, which is a single resource record
on the public dns, which will return the IP of the Internet router, and be NATed to server.acme.lan. Since the cert
matches, everyone is happy. However, the router is involved to NAT or consulted for the internal address. If you lose the
connection to the outside, you can no longer resolve the local resource.

– With the subdomain approach, you have a server named server.lax.acme.com, a cert named server.lax.acme.com, and
two resource records, one private and one public. The private one contains “server” and the private IP address, and the
public DNS faking it with a resource named “server.lax” which associates it with a company public address that usually
gets NATed to the internal address. This requires two resource records, like a typical split-brain. The aw in my thinking
is I was thinking delegation, which can’t work as-is, and exposes the private DNS. It’s true, with the sub domain method
you have to maintain two resource records like a split brain, but local users are not dependent on the public zone to
resolve local shared resources, and the same resource has the same FQDN everywhere, so it’s still a better way to go.

I’ve done split-brain before also. The advantage of the sub domain method is that it is much simpler to prevent multiple
resources from having the the same FQDN, and the DNS can be self-documenting if you use the location for the sub
domain.
This all strengthens what you wrote. It is not possible to look intelligent while making an argument for .local. Not
allowing users to spec the intenal domain name is also indefensible. I’ve decided to use the location for the sub domain
from now on. Moreover, just because it is Essentials doesn’t mean that it will not grow into Standard or Enterprise.

Thanks!

Reply

Vincent Grayson says:

October 19, 2015 at 23:14

The easiest solution is to exit the con guration wizard when it starts.
Open server manager and add the AD role.
Con gure AD as you would any new domain
reboot the server
Now when the essentails wizard starts, it will tell you that the domain already exist and con gure essentials for that
domain.

Reply

Phil D says:
October 20, 2015 at 12:52

Excellent how to, thankyou very much!

Reply

Clay Jorgensen says:

November 26, 2015 at 07:14

So why did Microsoft design server essentials to set itself up in this way? What issues will I face leaving the default
domain con guration? Can you explain a little more about how this will effect applications using certi cates as
mentioned?

Reply

Akash Bansal says:

March 15, 2016 at 13:47

Thanks for guiding it worked after little tweaking the command.

The server essential would take too long at the time of adding a next user after 75th user.
Virtually you can not add 76th user through the essential dashboard.

I still looking the way where I can avoid installing server essential. I guess we could have better control if we go all
without essential. But essential gets the server ready very quickly without knowing much con guration tasks.

Reply

Elvis says:
April 14, 2016 at 08:58

Well, you can use standard server with Essentials role. This will make possible to have more than 75 users
and essentials functionalities.
You can use also Active directory users and computers for managing users.

Reply

bhardwaj.kapil says:
March 31, 2016 at 00:27

Hello there,
I have tried your script in order to move away from .local.
However, I keep on getting this error on powershell.
Command used :
Start-WssCon gurationService -CompanyName “DECA” -DNSName “dc.decacalgary.com” -NetBiosName “DECA” -
ComputerName “SV-DECA” –NewAdminCredential $cred -Setting All

Error :
Start-WssCon gurationService : Type a different name
At line:1 char:1
+ Start-WssCon gurationService -CompanyName “DECA” -DNSName “dc.decacalgary” -Net …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (administrator:String) [Start-WssCon gurationService], ArgumentExcepti
 on
+ FullyQuali edErrorId : ValidatorUserUniqueInfo,Microsoft.WindowsServerSolutions.Setup.Commands.InvokeEssentials
Con gureServiceCommand

Can some body please help me, what I am doing wrong ? Thanks

Reply

Elvis says:
April 14, 2016 at 08:56

It should work. As I can see in your reply, I suspect to quotes.

Sometimes just with copy and paste can be wrong character.

Reply

Akash Bansal says:

April 18, 2016 at 18:18

@Kapil Bharwdwaj please enter some other username (not administrator) when it ask for credential after executing the
script.
@elvis I am installing the role. Yes it allows you to add more than 75 users but practically it takes to long to add users
after 75th count.

Reply

Bryn P says:
June 24, 2016 at 18:16

Thanks Elvis, it worked exactly as you described. You are a star!

Reply

Josh says:
August 4, 2017 at 22:57

First off, I am not a professional IT person. I purchased a server from Dell for our extremely small business. It came
with WS 2012 R2 Essentials already installed. Please note, the main reason I got this server was for a design software
we use that must utilize SQL Server in order for all the workstations to share the data les. The software company
came to set things up for me and said we can’t install SQL Server 2014 on a domain controller (still a bit over my head
as to why). My question is as follows:
– Is there a way to format the server and reinstall WS 2012 R2 E without making it a domain controller so the SQL
Server 2014 will work?

Reply

Elvis says:
August 5, 2017 at 08:04

Hi Josh,

To be honest it is not a good idea to install SQL server on domain controller and I prefer to add a second
server in environment for DB server.
But if you are really a small organization and you have small SQL DB, you can install Express edition on
Essentials. It is not the same as standard edition and some software cannot use this edition; you will have
some limitations like 10GB size of database – anyway in many cases is OK. Ask them for this option.
If you can format this server? I don’t know as I am not working with Dell servers but I suppose yes. Your
license in this case is for Essentials server and also if you can format and reinstall the server, will be just
new Essentials server with the same roles and same functions – so nothing will change, you will still have
domain controller. Essentials server must be domain controller.

Elvis

Reply

Pingback: Windows Server 2012 R2 Essentials imansible installare con suf sso di dominio .com, ecc Web Cloud Server
Pingback: Skype for Business Lab Part 2: Installing the Domain Controller & DNS - Ankush Varshneya Ankush Varshneya

Discuss

Your email address will not be published. Required elds are marked *
Your thoughts and comments

Name

you@example.com

Website

Submit

Notify me of follow-up comments by email.

Notify me of new posts by email.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive noti cations of new posts by email.

Email Address

Subscribe

About me

I am working in IT for more than 10 years, concerning most of my time with small companies. A result of this work is a
good knowledge of problems and products used in that companies, like Windows Small Business Server, System Center
Essentials, Windows OS ecc.
In the last three years I am also Microsoft Partner Area Lead for CEE and Slovenia and I lead a Slovenian SBS Community
on Microsoft.
In my privat life I like listen to rock music, archery and constructing biiig houses with Lego cubes – of course with my
son!

Ta g s

Azure DNS DPM Essentials server Exchange Hyper-V MDT Microsoft Of ce Of ce 365 PowerShell SBS Competency SCE2010

SharePoint Small Business Server SQL Terminal Services VMM2008 Windows Windows 8 Windows 10

Windows Server WSUS

Search

Search … Search

Archives

Select Month
 CMS by WordPress | Design by Frank Petser.

LinkedIn Auto Publish Powered By : XYZScripts.com