Windows2016:DomainController: Difference between revisions

From Wiki³
mNo edit summary
Line 26: Line 26:


Set the IP information.
Set the IP information.
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetIPAddress}} {{white|-InterfaceAlias}} {{blueBold|"Ethernet"}} {{white|-IPAddress}} 10.0.42.35 {{white|-AddressFamily}} IPv4 {{white|-PrefixLength}} 24 {{white|-DefaultGateway}} 10.0.42.1}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetIPAddress}} {{white|-InterfaceAlias}} {{cyanBold|"Ethernet"}} {{white|-IPAddress}} 10.0.42.35 {{white|-AddressFamily}} IPv4 {{white|-PrefixLength}} 24 {{white|-DefaultGateway}} 10.0.42.1}}
Update the DNS servers.
Update the DNS servers.
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-DnsClientServerAddress}} {{white|-InterfaceAlias}} {{blueBold|"Ethernet"}} {{white|-ServerAddress}} 127.0.0.1}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-DnsClientServerAddress}} {{white|-InterfaceAlias}} {{cyanBold|"Ethernet"}} {{white|-ServerAddress}} 127.0.0.1}}
{{Note|1=Make sure the DNS server address is set to localhost or the domain controller will not function correctly. It needs to use it's own DNS.}}
{{Note|1=Make sure the DNS server address is set to localhost or the domain controller will not function correctly. It needs to use it's own DNS.}}


Line 39: Line 39:
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Enable-WSManCredSSP}} {{white|-Role}} server}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Enable-WSManCredSSP}} {{white|-Role}} server}}
Enable firewall rules for remote management.
Enable firewall rules for remote management.
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetFirewallRule}} {{white|-DisplayGroup}} {{blueBold|'Windows Management Instrumentation (WMI)'}} {{white|-Enabled}} true {{white|-PassThru}}}}<br/>
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetFirewallRule}} {{white|-DisplayGroup}} {{cyanBold|'Windows Management Instrumentation (WMI)'}} {{white|-Enabled}} true {{white|-PassThru}}}}<br/>
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetFirewallRule}} {{white|-DisplayGroup}} {{blueBold|'Remote Event Log Management'}} {{white|-Enabled}} true {{white|-PassThru}}}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetFirewallRule}} {{white|-DisplayGroup}} {{cyanBold|'Remote Event Log Management'}} {{white|-Enabled}} true {{white|-PassThru}}}}


== {{Icon|notebook}} Housekeeping ==
== {{Icon|notebook}} Housekeeping ==
Line 48: Line 48:
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-TimeZone}}}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-TimeZone}}}}
If you need to change it, use the following:
If you need to change it, use the following:
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-TimeZone}} {{white|-Id}} {{blueBold|"Pacific Standard Time"}}}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-TimeZone}} {{white|-Id}} {{cyanBold|"Pacific Standard Time"}}}}
Finally reboot the machine to commit the machine name and IP changes.
Finally reboot the machine to commit the machine name and IP changes.
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Restart-Computer}}}}
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Restart-Computer}}}}

Revision as of 12:46, 8 July 2018

IconUNDER CONSTRUCTION: The document is currently being modified!
Icon  Back to Category:Windows

Icon Introduction

The Server Core option is a minimal installation option that is available when you are deploying the Standard or Datacenter edition of Windows Server. Server Core includes most but not all server roles. Server Core has a smaller disk footprint, and therefore a smaller attack surface due to a smaller code base.[1] Most notably, no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command-line interface windows, or by connecting to the machine remotely using Microsoft Management Console (MMC), remote server administration tools, and PowerShell.[2]

Testing was done as a virtual machine on my Dell PowerEdge R610 using Hyper-V Server, the following image was used:

Icon en_windows_server_2016_x64_dvd_9718492.iso

Icon Installation

Insert the Windows Server 2016 boot media into the machine and reboot (or power on) the machine, booting from the inserted media. Follow the instructions on the screen to install, make sure you do not select (Desktop Experience) as this is not Server Core. Upon reboot you will be prompted to set an Administrator password, doing so will log into the machine finalizing the installation.

Use the command prompt provided to launch Windows PowerShell.

C:\> powershell

Icon Networking

Before we can begin with the domain controller the network needs configuring.

Rename the computer.

PS C:\> Rename-Computer -NewName DC1

List the current network adapters.

PS C:\> Get-NetAdapter -Physical

Locate the NIC that you want to setup.

Set the IP information.

PS C:\> New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 10.0.42.35 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1

Update the DNS servers.

PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddress 127.0.0.1
IconMake sure the DNS server address is set to localhost or the domain controller will not function correctly. It needs to use it's own DNS.

Icon Remote Management

In order to use RSAT and Windows Admin Center remotely a few changes need to be made.

Enable WinRM.

PS C:\> Enable-PSRemoting -Force

Enable remote authentication acceptance.

PS C:\> Enable-WSManCredSSP -Role server

Enable firewall rules for remote management.

PS C:\> Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru


PS C:\> Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled true -PassThru

Icon Housekeeping

Remove Windows Defender.

PS C:\> Uninstall-WindowsFeature -Name Windows-Defender-Features

Check to see that the timezone is set properly.

PS C:\> Get-TimeZone

If you need to change it, use the following:

PS C:\> Set-TimeZone -Id "Pacific Standard Time"

Finally reboot the machine to commit the machine name and IP changes.

PS C:\> Restart-Computer

Icon PowerShell

Since PowerShell will be used for a lot of the remote management it is a good idea to update to the latest version.

To install, copy to the server via windows SMB.

PS C:\> msiexec /i PowerShell-6.1.0-preview.3-win-x64.msi

Icon Domain Controller

Install the Domain Controller feature for Windows.

PS C:\> Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

When finished, create the first domain controller in a new forest/domain.

PS C:\> Install-ADDSForest -DomainName "wa.kyaulabs.com" -DomainNetbiosName "KYAULABS"
IconThe DomainName here should be the FQDN, while the DomainNetbiosName is the NetBIOS name for the root domain.
If you do not specify a NetBIOS name, it will use the subdomain of your domain. (eg. In this instance it would be WA)

Provide a SafeModeAdministratorPassword and then confirm you want the server to be configured and restarted.

Configuring and installing the domain controller will take a few moments.

Icon Validate Domain Controller

Once the machine has restarted and you are logged in again, verify the new domain controller. Re-launch PowerShell.

Make sure the AD/DNS services are running.

PS C:\> Get-Service adws,kdc,netlogon,dns

Verify the SYSVOL and NETLOGON shares.

PS C:\> Get-SmbShare

Review the logs, making sure logging has started properly.

PS C:\> Get-EventLog "Directory Service" | select entrytype, source, eventid, message


PS C:\> Get-EventLog "Active Directory Web Services" | select entrytype, source, eventid, message

Icon Conclusion

The server should now be completely setup for production VMs.

Icon References