Before installing AD on Server Core you should make sure you have all the basic requirements satisfied. Not being able to comply with the requirements will not let you set up the Active Directory.
The actual list has not been published yet to my knowledge, so you might want to use Daniel Petri's
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as a new replica DC in an existing domain.
Here is a quick list of what you must have:
- NTFS partition with enough disk space
- An Administrator's username and password
- Correct operating system version (in our case "Longhorn Server Core")
- Properly configured TCP/IP (make sure you have configured the NIC with static IP address)
- A network connection
- Domain name you want to use for your AD
Sidenote: For those not familiar with configuring the TCP/IP settings from a command line, here is a very quick how-to for using netsh.exe command:
Examining the currently configured settings at the command prompt type:
netsh int ip show config
The output is simmilar to executing "ipconfig /all" (actually you can still use "ipconfig /all", but you might want to get used to working with netsh:
C:\>netsh int ip show config
Configuration for interface "Local Area Connection"
DHCP enabled: Yes
IP Address: 192.168.0.121
Subnet Prefix: 192.168.0.0/24 (mask 255.255.255.0)
Default Gateway: 192.168.0.1
Gateway Metric: 0
InterfaceMetric: 20
DNS servers configured through DHCP: 192.168.0.200
192.117.122.141
Register with which suffix: Primary only
WINS servers configured through DHCP: 192.168.0.200
Configuration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 50
Statically Configured DNS Servers: None
Register with which suffix: Primary only
Statically Configured WINS Servers: None
To configure an interface with static ip:
In my case I will be using the following settings:
Interface name: "Local Area Connection" (you can obtain the name og the interface from the previous output of netsh or ipconfig)
IP address: 192.168.0.210
Network mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.200 (we will need to change it to point to itself after installing DNS on the server)
The command syntax to configure static IP address on an interface is:
netsh int ip set address <Interface name> static <ip address> <netmask> <gateway> <metric>
In my case this is what I will be executing:
C:\>netsh int ip set address "Local Area Connection" static 192.168.0.210 255.255.255.0 192.168.0.1 1
Lamer note: if you are connected to the server using Remote Desktop and you are changing the IP address, you will be disconnected and will have to reconnect to the server using the new address.
To configure DNS server:
set dnsserver "Local Area Connection" static 192.168.0.210 primary
(of course you should change the ip address to an IP address of the DNS server you want to point to)
Now to the fun part. Configuring AD on Server Core is different from what most of people are familiar with - in Server Core there is no nice wizard we can launch using dcpromo.exe. The only option you have is to run DCPROMO in unattended mode by supplying it an answer file that will contain the information required for installing and configuring AD.
In order to create an answer file execute "notepad unattend.txt" and paste the following to the files:
[DCINSTALL]
AutoConfigDNS=Yes
DomainNetBiosName=LHS
NewDomainDNSName=lhs.local
ReplicaOrNewDomain=Domain
NewDomain=Forest
ForestLevel=3
DomainLevel=3
SafeModeAdminPassword=s@f3p@ssw0rd
RebootOnSuccess=Yes
Lamer note: change the settings to reflect your NETBIOS domain name, DNS domain name and Safe Mode Adminisrator's password.
If you want more granular control of the DCPROMO process, execute "dcpromo /?:unattend" and look at all the options available.
Save the file and from the command prompt execute:
c:\users\administrator>dcpromo /unattend:unattend.txt
If your configuration file has all the needed info and does not contain syntax errors, you should receive output similar to the following:
Validating environment and parameters...
----------------------------------------
The following actions will be performed:
Configure this server as the first Active Directory Domain Controller in a new forest of domain trees.
The new domain name is lhs.local. This is also the name of the new forest.
The NetBIOS name of the domain is LHS
Forest Functional Level: Windows Longhorn Server
Domain Functional Level: Windows Longhorn Server
Site: Default-First-Site-Name
Additional Roles:
Read-only DC: No
Global Catalog: Yes
DNS Server: Yes
Create DNS Delegation: No
Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL
The DNS service will be installed on this computer.
The DNS service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS ser
ver.
The password of the new domain administrator will be the same as the password of
the administrator of this computer.
----------------------------------------
Starting...
..
Press CTRL-C to: Cancel
[SNIPPED]
After dcpromo finishes, the server will reboot and you should have a fresh AD running on it.
Verifying the AD installation:
1) run a simple query of all the user accounts in AD:
C:\Users\Administrator>dsquery user
"CN=Administrator,CN=Users,DC=lhs,DC=local"
"CN=Guest,CN=Users,DC=lhs,DC=local"
"CN=krbtgt,CN=Users,DC=lhs,DC=local"
2) Verify the existance of DNS zones:
C:\Users\Administrator>dnscmd /enumzones
Enumerated zone list:
Zone count = 3
Zone name Type Storage Properties
. Cache AD-Domain
_msdcs.lhs.local Primary AD-Forest Secure
lhs.local Primary AD-Domain Secure
3) Run Domain Controller Diagnostics:
c:\>dcdiag /q
You might get some NtFrs and DNS related errors. Some of them are normal and have to do with the fact that this is a first DC in the forest and the DNS service is not available during the boot time.
4) Examine the system logs
In order to look at the last 10 events in the system log run:
c:\>wevtutil qe system /c:10 /rd /f:text | more
5) Make sure the SYSVOL and NETLOGON shares have been established:
C:\Users\Administrator>net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
NETLOGON C:\Windows\SYSVOL\sysvol\lhs.local\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.
6) Try to join a client computer to the new domain:
Point a client computer to the new DC as it's primary DNS server and join it to the new domain.
If all of the above is ok, it looks like you have a working AD ;)
I have seen this question multiple times at different web forums and newsgroups. Sometimes you want to redirect user's favorites to a network share, letting user access his favorites when he logs on from different workstations (or just for the sakes of backups).
The location of the user's favorites is determined by the following registry value:
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Value: Favorites
Type: REG_EXPAND_SZ
Default: %USERPROFILE%\Favorites
The fact that the registry value has a type of REG_EXPAND_SZ is actually very convenient - you can use environment variables when pointing to the location of the Favorites.
Now you can solve the issue of redirecting the folder using either logon script or something similar, but being GPO addict I decided to create an administrative template to handle the task.
Here is what I came up with:
(you can download the ADM from
here. No need to cut&paste)
CLASS USER
CATEGORY !!WindowsComponents
CATEGORY !!InternetExplorer
CATEGORY !!IE_Favorites
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
POLICY !!IE_Favorites
#if version >= 4
SUPPORTED !!SUPPORTED_IE5
#endif
EXPLAIN !!IE_Favorites_Location_Explain
PART !!IE_Favorites_Location_Tip1 TEXT
END PART
PART !!IE_Favorites_Location EDITTEXT EXPANDABLETEXT
VALUENAME Favorites
DEFAULT "%USERPROFILE%\Favorites"
REQUIRED
END PART
END POLICY
END CATEGORY ;; IE_Favorites
END CATEGORY ;; Internet Explorer
END CATEGORY ;; WindowsComponents
[strings]
WindowsComponents="Windows Components"
IE_Favorites="Favorites"
IE_Favorites_Location="The path to the favorites folder"
IE_Favorites_Location_Explain="Specify the path to the location of favorites. You can use variables like %USERPROFILE%, %USERNAME%, etc... Both local and UNC paths are valid."
IE_Favorites_Location_Tip1="Specify the UNC path to the favorites location"
InternetExplorer="Internet Explorer"
SUPPORTED_IE5="at least Internet Explorer v5.01"
How to use it:
- Follow the steps outlined in Daniel Petri's Adding New Administrative Templates to a GPO article on general instructions on how to add or remove an .ADM file from the Administrative Templates section in GPO.
- Because we are dealing with so called "preference" and not policy setting (we are tattooing the registry just like with NT4 policies), you will need to make the GPO Editor to show the preferences. Instruction for doing that can be found here under the "Disabling GPO settings filtering" section.
- Go to User Configuration-->Administrative Templates-->Windows Components-->Internet Explorer-->Favorites
- You will see there something like this:
- Configure the new location and apply the policy to the users you want their Favorites being redirected:
It's been for a while that I had been looking with envy at VMWare users when I was about to setup some sort of testing environment. All those folks had to do was to go to
VMWare's Virtual Appliances Repository and pick the VM that suited their needs.
Me, on the other hand, had to go through cloning VHDs, SYSPREP-ing VMs, customizing and installing all those applications just to get going (well, I do have some home made generic VMs, but you can never know what the requirements will be the next time you need to create some virtual environment).
Finally the Virtual Server users are getting there ! Microsoft has just announced their "VHD Test Drive Program" initiative (read more about it
here). To get the long story short: you can download pre-installed virtual machines from Microsoft's site and play around with all those new technologies you want to evaluate or learn about.
The catalog of the available VMs can be found here:
http://www.microsoft.com/technet/try/vhd/default.mspx and though currently it contains only Windows Server 2003 R2, Exchange 2007 and SQL 2005 VMs, I hope that with the time it will grow to span more and more technologies.