How to install Active Directory on Longhorn Server Core

26 בנובמבר 2006

10 תגובות
Before installing AD on Server Core you should make sure you have all the basic requirements satisfied. Not being able to comply with the requirements will not let you set up the Active Directory.
The actual list has not been published yet to my knowledge, so you might want to use Daniel Petri's
 
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning – don't do it for any other scenario, such as a new replica DC in an existing domain.
 
Here is a quick list of what you must have:
  • NTFS partition with enough disk space
  • An Administrator's username and password
  • Correct operating system version (in our case "Longhorn Server Core")
  • Properly configured TCP/IP (make sure you have configured the NIC with static IP address)
  • A network connection
  • Domain name you want to use for your AD

Sidenote: For those not familiar with configuring the TCP/IP settings from a command line, here is a very quick how-to for using netsh.exe command:
 
Examining the currently configured settings at the command prompt type:
 
netsh int ip show config
 
The output is simmilar to executing "ipconfig /all" (actually you can still use "ipconfig /all", but you might want to get used to working with netsh:
C:\>netsh int ip show config

Configuration for interface "Local Area Connection"
DHCP enabled: Yes
IP Address: 192.168.0.121
Subnet Prefix: 192.168.0.0/24 (mask 255.255.255.0)
Default Gateway: 192.168.0.1
Gateway Metric: 0
InterfaceMetric: 20
DNS servers configured through DHCP: 192.168.0.200
192.117.122.141
Register with which suffix: Primary only
WINS servers configured through DHCP: 192.168.0.200

Configuration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 50
Statically Configured DNS Servers: None
Register with which suffix: Primary only
Statically Configured WINS Servers: None

 
To configure an interface with static ip:
In my case I will be using the following settings:
Interface name: "Local Area Connection" (you can obtain the name og the interface from the previous output of netsh or ipconfig)
IP address: 192.168.0.210
Network mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.200 (we will need to change it to point to itself after installing DNS on the server)
 
The command syntax to configure static IP address on an interface is:
netsh int ip set address <Interface name> static <ip address> <netmask> <gateway> <metric>
 
In my case this is what I will be executing:
C:\>netsh int ip set address "Local Area Connection" static 192.168.0.210 255.255.255.0 192.168.0.1 1
 
Lamer note: if you are connected to the server using Remote Desktop and you are changing the IP address, you will be disconnected and will have to reconnect to the server using the new address.
 
To configure DNS server:
set dnsserver "Local Area Connection" static 192.168.0.210 primary
(of course you should change the ip address to an IP address of the DNS server you want to point to)
 

 
Now to the fun part. Configuring AD on Server Core is different from what most of people are familiar with – in Server Core there is no nice wizard we can launch using dcpromo.exe. The only option you have is to run DCPROMO in unattended mode by supplying it an answer file that will contain the information required for installing and configuring AD.
In order to create an answer file execute "notepad unattend.txt" and paste the following to the files:
 
[DCINSTALL]
AutoConfigDNS=Yes
DomainNetBiosName=LHS
NewDomainDNSName=lhs.local
ReplicaOrNewDomain=Domain
NewDomain=Forest
ForestLevel=3
DomainLevel=3
SafeModeAdminPassword=s@f3p@ssw0rd
RebootOnSuccess=Yes
 
Lamer note: change the settings to reflect your NETBIOS domain name, DNS domain name and Safe Mode Adminisrator's password.
 
If you want more granular control of the DCPROMO process, execute "dcpromo /?:unattend" and look at all the options available.
 
Save the file and from the command prompt execute:
c:\users\administrator>dcpromo /unattend:unattend.txt
 
If your configuration file has all the needed info and does not contain syntax errors, you should receive output similar to the following:
 
Validating environment and parameters…
 
—————————————-
The following actions will be performed:
Configure this server as the first Active Directory Domain Controller in a new forest of domain trees.
 
The new domain name is lhs.local. This is also the name of the new forest.
 
The NetBIOS name of the domain is LHS
 
Forest Functional Level: Windows Longhorn Server
 
Domain Functional Level: Windows Longhorn Server
 
Site: Default-First-Site-Name
 
Additional Roles:
  Read-only DC: No
  Global Catalog: Yes
  DNS Server: Yes
 
Create DNS Delegation: No
 
Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL
 
The DNS service will be installed on this computer.
The DNS service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS ser
ver.
 
The password of the new domain administrator will be the same as the password of
 the administrator of this computer.
—————————————-
 
Starting…
..
Press CTRL-C to: Cancel
 
[SNIPPED]
 
After dcpromo finishes, the server will reboot and you should have a fresh AD running on it.
 
Verifying the AD installation:
 
1) run a simple query of all the user accounts in AD:
 
C:\Users\Administrator>dsquery user
"CN=Administrator,CN=Users,DC=lhs,DC=local"
"CN=Guest,CN=Users,DC=lhs,DC=local"
"CN=krbtgt,CN=Users,DC=lhs,DC=local"
 
2) Verify the existance of DNS zones:
 
C:\Users\Administrator>dnscmd /enumzones
Enumerated zone list:

Zone count = 3

Zone name           Type       Storage       Properties


.                   Cache      AD-Domain
_msdcs.lhs.local    Primary    AD-Forest     Secure
lhs.local           Primary    AD-Domain     Secure
 
 
3) Run Domain Controller Diagnostics:
 
c:\>dcdiag /q
 
You might get some NtFrs and DNS related errors. Some of them are normal and have to do with the fact that this is a first DC in the forest and the DNS service is not available during the boot time. 
 
4) Examine the system logs
 
In order to look at the last 10 events in the system log run:
 
c:\>wevtutil qe system /c:10 /rd /f:text | more
 
5) Make sure the SYSVOL and NETLOGON shares have been established:
 

C:\Users\Administrator>net share

Share name    Resource                                   Remark

——————————————————————————-
C$            C:\                                        Default share
IPC$                                                     Remote IPC
ADMIN$        C:\Windows                                 Remote Admin
NETLOGON      C:\Windows\SYSVOL\sysvol\lhs.local\SCRIPTS
                                                         Logon server share
SYSVOL        C:\Windows\SYSVOL\sysvol                   Logon server share
The command completed successfully.

 
6) Try to join a client computer to the new domain:
 
Point a client computer to the new DC as it's primary DNS server and join it to the new domain.
 
 
 
If all of the above is ok, it looks like you have a working AD 😉
הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *

10 תגובות

  1. Brian Lewis17 באוקטובר 2007 ב 19:35

    In adding an ip address you were missing the static command.

    In my case this is what I will be executing:
    C:\>netsh int ip set address "Local Area Connection" static 192.168.0.210 255.255.255.0 192.168.0.1 1

    הגב
  2. Guy Teverovsky17 באוקטובר 2007 ב 20:30

    Thanks for the catch! I've corrected the post.

    הגב
  3. bindu1 בנובמבר 2007 ב 18:39

    What do I do if I do not see a Local are connection interface at all. Can I just work with the loopback interface. I tried setting the static ip on the loopback interface but it doesnt work.

    Thanks

    – B

    הגב
  4. peter cli24 בנובמבר 2007 ב 2:02

    Everything worked pretty good – just one problem.

    When I join a machine to the new domain, the client machine does not have a default gateway.

    I assume the ad/dns machine must tell the client what the default g/w is , right ? How do I set it?
    Thanks,Peter

    הגב
  5. Guy Teverovsky24 בנובמבר 2007 ב 16:21

    Bindu: I have not tried working only with loopback interface – there is not much point really in having a DC that can't talk to any client or other DC.

    Peter: default gateway is not managed by AD. It's either configured manually (when giving a computer a static IP address) or handled to the host by the DHCP server (where you need to configure which IP you will be giving as default gateway).

    הגב
  6. Keenan Chadwick10 בפברואר 2008 ב 20:00

    Bindu – I had the same problem on an initial install of server core. Open task manager to check if your NIC is installed. Mine wasn't the first time around, and I had to specify it for inclusion during a second installation.

    הגב
  7. Raja12 במאי 2008 ב 11:23

    We using webserver we want to create a
    AD , But the server did not have any
    other client system , but i want to
    create a Active Directory what is the
    source to do that like.

    הגב
  8. sadiq21 באוגוסט 2008 ב 3:22

    i need guide instalation of ADS

    הגב
  9. Yogesh24 בספטמבר 2008 ב 20:02

    Thanks! The article is very informative.

    הגב
  10. Server Active Directory15 בינואר 2009 ב 15:39

    Thanks for giving me good information. I liked it very much. Through this i come to know about active directory how to install active directory for Longhorn server.

    Thanks & Regards

    הגב