How to install Active Directory on Longhorn Server Core
Before installing AD on Server Core you should make sure you have all the basic requirements satisfied. Not being able to comply with the requirements will not let you set up the Active Directory.
The actual list has not been published yet to my knowledge, so you might want to use Daniel Petri's
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as a new replica DC in an existing domain.
Here is a quick list of what you must have:
- NTFS partition with enough disk space
- An Administrator's username and password
- Correct operating system version (in our case "Longhorn Server Core")
- Properly configured TCP/IP (make sure you have configured the NIC with static IP address)
- A network connection
- Domain name you want to use for your AD
Sidenote: For those not familiar with configuring the TCP/IP settings from a command line, here is a very quick how-to for using netsh.exe command:
Examining the currently configured settings at the command prompt type:
netsh int ip show config
The output is simmilar to executing "ipconfig /all" (actually you can still use "ipconfig /all", but you might want to get used to working with netsh:
C:\>netsh int ip show config
Configuration for interface "Local Area Connection"
DHCP enabled: Yes
IP Address: 192.168.0.121
Subnet Prefix: 192.168.0.0/24 (mask 255.255.255.0)
Default Gateway: 192.168.0.1
Gateway Metric: 0
InterfaceMetric: 20
DNS servers configured through DHCP: 192.168.0.200
192.117.122.141
Register with which suffix: Primary only
WINS servers configured through DHCP: 192.168.0.200
Configuration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 50
Statically Configured DNS Servers: None
Register with which suffix: Primary only
Statically Configured WINS Servers: None
To configure an interface with static ip:
In my case I will be using the following settings:
Interface name: "Local Area Connection" (you can obtain the name og the interface from the previous output of netsh or ipconfig)
IP address: 192.168.0.210
Network mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.200 (we will need to change it to point to itself after installing DNS on the server)
The command syntax to configure static IP address on an interface is:
netsh int ip set address <Interface name> static <ip address> <netmask> <gateway> <metric>
In my case this is what I will be executing:
C:\>netsh int ip set address "Local Area Connection" static 192.168.0.210 255.255.255.0 192.168.0.1 1
Lamer note: if you are connected to the server using Remote Desktop and you are changing the IP address, you will be disconnected and will have to reconnect to the server using the new address.
To configure DNS server:
set dnsserver "Local Area Connection" static 192.168.0.210 primary
(of course you should change the ip address to an IP address of the DNS server you want to point to)
Now to the fun part. Configuring AD on Server Core is different from what most of people are familiar with - in Server Core there is no nice wizard we can launch using dcpromo.exe. The only option you have is to run DCPROMO in unattended mode by supplying it an answer file that will contain the information required for installing and configuring AD.
In order to create an answer file execute "notepad unattend.txt" and paste the following to the files:
[DCINSTALL]
AutoConfigDNS=Yes
DomainNetBiosName=LHS
NewDomainDNSName=lhs.local
ReplicaOrNewDomain=Domain
NewDomain=Forest
ForestLevel=3
DomainLevel=3
SafeModeAdminPassword=s@f3p@ssw0rd
RebootOnSuccess=Yes
Lamer note: change the settings to reflect your NETBIOS domain name, DNS domain name and Safe Mode Adminisrator's password.
If you want more granular control of the DCPROMO process, execute "dcpromo /?:unattend" and look at all the options available.
Save the file and from the command prompt execute:
c:\users\administrator>dcpromo /unattend:unattend.txt
If your configuration file has all the needed info and does not contain syntax errors, you should receive output similar to the following:
Validating environment and parameters...
----------------------------------------
The following actions will be performed:
Configure this server as the first Active Directory Domain Controller in a new forest of domain trees.
The new domain name is lhs.local. This is also the name of the new forest.
The NetBIOS name of the domain is LHS
Forest Functional Level: Windows Longhorn Server
Domain Functional Level: Windows Longhorn Server
Site: Default-First-Site-Name
Additional Roles:
Read-only DC: No
Global Catalog: Yes
DNS Server: Yes
Create DNS Delegation: No
Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL
The DNS service will be installed on this computer.
The DNS service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS ser
ver.
The password of the new domain administrator will be the same as the password of
the administrator of this computer.
----------------------------------------
Starting...
..
Press CTRL-C to: Cancel
[SNIPPED]
After dcpromo finishes, the server will reboot and you should have a fresh AD running on it.
Verifying the AD installation:
1) run a simple query of all the user accounts in AD:
C:\Users\Administrator>dsquery user
"CN=Administrator,CN=Users,DC=lhs,DC=local"
"CN=Guest,CN=Users,DC=lhs,DC=local"
"CN=krbtgt,CN=Users,DC=lhs,DC=local"
2) Verify the existance of DNS zones:
C:\Users\Administrator>dnscmd /enumzones
Enumerated zone list:
Zone count = 3
Zone name Type Storage Properties
. Cache AD-Domain
_msdcs.lhs.local Primary AD-Forest Secure
lhs.local Primary AD-Domain Secure
3) Run Domain Controller Diagnostics:
c:\>dcdiag /q
You might get some NtFrs and DNS related errors. Some of them are normal and have to do with the fact that this is a first DC in the forest and the DNS service is not available during the boot time.
4) Examine the system logs
In order to look at the last 10 events in the system log run:
c:\>wevtutil qe system /c:10 /rd /f:text | more
5) Make sure the SYSVOL and NETLOGON shares have been established:
C:\Users\Administrator>net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
NETLOGON C:\Windows\SYSVOL\sysvol\lhs.local\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.
6) Try to join a client computer to the new domain:
Point a client computer to the new DC as it's primary DNS server and join it to the new domain.
If all of the above is ok, it looks like you have a working AD ;)