For me, I'm starting with a copy of my Server Core template which has already been activated and updated. (See previous posting about Copying VMs in Hyper-V.) UPDATE (6/7/2011): If you're building a new domain, use a unique build for your DC, do NOT use a template or copy an existing VM. Avoid my failure. I'm using a fresh Windows Server 2008 R2 Core build setup for remote management. And I'm going to use Core Configurator (http://coreconfig.codeplex.com/) to make things a little easier.
1. Launch Core Configurator: D:\>start_coreconfig.wsf
2. Click "Computer Settings", then "Add or Remove Roles…"
3. Select NetFx3-ServerCore, then click Apply
4. Select all of the following, then click Apply.
- ActiveDirectory-PowerShell
- DirectoryServices-DomainController-ServerFoundation
- DNS-Server-Core-Role
- BestPractices-PSH-Cmdlets
- ServerManager-PSH-Cmdlets
[You have to do NetFx3 first. Don't try to select them all at one time.]
Unfortunately Core Configurator lacks the functionality to create a new domain, so it has to be done manually. If you're adding a DC to an existing domain, it should do the job, but I haven't tried it yet. To create a new domain we need to create an answer file that can be used by dcpromo.
6. Launch notepad on Core and copy or type the following into it:
[DCINSTALL]More information on creating the answer file can be found at KB 947034. Edit the line for NewDomainDNSName to specific your domain name, and DomainNetBiosName to the first part of your fully qualified DNS name. Other things that you may need to edit are SiteName, ForestLevel, DomainLevel, and SafeModeAdminPassword. The site name is used for AD Sites and Services. If you leave it out, the default is "Default-First-Site-Name". The levels in my answer file are all set for Windows Server 2008.
InstallDNS=yes
NewDomain=forest
NewDomainDNSName=yourdomain.com
DomainNetBiosName=yourdomain
SiteName=HQ
ReplicaOrNewDomain=domain
ForestLevel=3
DomainLevel=3
DatabasePath="C:\Windows\NTDS"
LogPath="C:\Windows\NTDS"
SYSVOLPath="C:\Windows\SYSVOL"
RebootOnCompletion=yes
SafeModeAdminPassword=Password1
[The InstallDNS line didn't do anything for me on Core. So I redid the whole thing, installing the DNS role before running dcpromo. It worked perfectly that way.]
7. Save this file to the root of your C:\ drive and call it dcpromo.txt. Then run the following command:
dcpromo /unattend:C:\dcpromo.txtAfter the reboot, your Server Core is now a DC. The domain administrator account inherited the password from the local administrator account. The first thing here that pissed me off is that it made me change the domain administrator account. Security, blah blah blah. And you can't change it back because it violates the password history requirements that Microsoft has setup by default. Screw that.
8. Run the following commands, in order, to reset the domain administrator account using PowerShell.
powershellBiggest reason for me to do this is because I still need to connect to my DC from a machine outside the domain (on my workgroup) now and then. If the domain administrator password matches the administrator password on the workgroup machine, it still allows me to connect via Server Manager and MMC.
import-module ActiveDirectory
Set-ADuser administrator –PasswordNeverExpires $true
Set-ADAccountPassword administrator –Reset
[enter password]
[enter password again]
exit
No comments:
Post a Comment