Deploying Windows Server 2012 and Windows Server 2012 R2 Domain Controllers
- 4/24/2014
Practice exercises
The goal of this section is to provide you with hands-on practice with the following:
- Deploying domain controllers using Server Manager
- Deploying domain controllers using Windows PowerShell
To perform the following exercises, you need two clean installations of Windows Server 2012 R2: one installed using the Server With A GUI installation option and the other installed using the Server Core installation option. The servers should be stand-alone servers belonging to a workgroup, have Internet connectivity, and have no additional roles or features installed. For the purposes of these exercises, the name of the first server (the Server With A GUI installation) is assumed to be SERVER1 and the name of the second server (the Server Core installation) is assumed to be SERVER2. You should be logged on interactively to SERVER1 using the built-in local Administrator account.
Exercise 1: Installing a new forest using Server Manager
In this exercise, you install a new forest named corp.contoso.com by using Server Manager to install AD DS on SERVER1 and promote the server as a domain controller.
- Log on to SERVER1 using the built-in Administrator account and open Server Manager if it doesn’t open automatically.
- Use the Dashboard to verify that SERVER1 is in a healthy state before proceeding.
- Use Server Manager to launch the Add Roles And Features Wizard and install the Active Directory Domain Services role on the server, including the administration tools for this role. Close the Add Roles And Features Wizard upon completion of the role installation.
- Use the Notifications flag on the Server Manager menu to perform the post-deployment configuration task of promoting the server to a domain controller using the Active Directory Domain Services Configuration Wizard.
- Select the Add A New Forest option on the first page of the AD DS Configuration Wizard and create a new forest root domain named corp.contoso.com. Make appropriate selections for the remaining items in the wizard pages.
- On the Review Options page, click View Script and examine the Windows PowerShell script that the wizard will be executing. Look up the help page for the command in the TechNet Library to make sure you understand the syntax of the command.
- After reviewing the results on the Prerequisites Check page, click Install to promote SERVER1 to be the first domain controller in the new forest.
- After the server reboots, log on using the default domain administrator account and open Server Manager if it doesn’t open automatically.
- Use the Dashboard to examine any alerts that are raised for your new domain controller.
- Select the AD DS page of Server Manager and review the Roles And Features tile at the bottom of the page to verify that the AD DS role has been installed on SERVER1.
- Also on the AD DS page, review any critical, error, or warning events raised in the Events tile.
- Also on the AD DS page, review the status of the services on SERVER1.
- Also on the AD DS page, initiate a BPA scan of SERVER1 and review the results of this scan when it finishes.
- Close Server Manager when you are finished.
Exercise 2: Remotely adding an additional domain controller using Windows PowerShell
In this exercise, you join SERVER2 to the corp.contoso.com domain and then use Windows PowerShell from SERVER1 to remotely deploy SERVER2 as an additional domain controller in your domain.
- Log on locally to SERVER2 using the built-in local Administrator account. A command prompt window should be visible.
- Type Sconfig in the command prompt window and press Enter to run the Server Configuration Tool (Sconfig.cmd).
- Type 8 and press Enter to access the Network Adapter Settings page of the Configuration Tool. You are presented with a list of available network adapters that are attached to the server.
- Type the index number of the adapter that you want to configure and then press Enter. You are presented with the current configuration for the network adapter that you selected.
- Type 2 and press Enter to configure DNS Server settings for the selected network adapter.
- Type the IP address for SERVER1 as the new preferred DNS server and press Enter. Then click OK in the dialog box that appears.
- Press Enter to indicate that you will not be specifying an alternate DNS server.
- The Configuration Tool returns you to the Network Adapter Settings page. Review the information on this page and make sure it is correct before proceeding. Then type 4 and press Enter to return to the Main Menu page.
- Type 1 and press Enter and then type D and press Enter to indicate that you want to join SERVER2 to a domain.
- Type corp.contoso.com as the name of the domain you want SERVER2 to join and then press Enter.
- Type CORP\Administrator as the name of an authorized user for performing the domain join operation and then press Enter. (If you specified a different NetBIOS name for your domain in Exercise 1, use that name instead of CORP.)
- In the new command prompt that opens, type the password associated with the user account you specified in the previous step and press Enter.
- In the Change Computer Name dialog box that opens, click No.
- In the Restart dialog box that opens, click Yes.
- After SERVER2 has restarted, log on again using the local Administrator account and run the Server Configuration Tool again to verify that the server has successfully joined the domain. Then exit the Configuration Tool and switch to using SERVER1 for the remainder of this exercise.
- Log on to SERVER1 with the default domain administrator account and close Server Manager if it opens automatically.
- Open a Windows PowerShell prompt on SERVER1.
- Use the Invoke-Command cmdlet with the Get-WindowsFeature cmdlet to remotely review the installed roles and features on SERVER2. Verify that the AD DS role is not yet installed on SERVER2.
- Use Invoke-Command with Install-WindowsFeature to remotely install the AD DS role on SERVER2. Once this is done, use Get-WindowsFeature to confirm the installation.
Use the following command to remotely run a prerequisites check on SERVER2 to make sure the server is ready to be promoted to a domain controller:
Invoke-Command -ComputerName SERVER2 -ScriptBlock ` {Test-ADDSDomainControllerInstallation -DomainName corp.contoso.com ` -Credential (Get-Credential CORP\Administrator)}
Review the results the prerequisites check returns before proceeding.
Use the following command to remotely promote SERVER2 as an additional domain controller in the corp.contoso.com domain:
Invoke-Command -ComputerName SERVER2 ` {Install-ADDSDomainController -InstallDNS ` -Credential (Get-Credential CORP\Administrator) ` -DomainName corp.contoso.com}
- When the promotion operation finishes, wait for SERVER2 to reboot. Then open Server Manager on SERVER1 and add SERVER2 to the server pool.
- Use the Tools menu of Server Manager to launch the Active Directory Users And Computers console, select the Domain Controllers container under corp.contoso.com, and verify that SERVER2 is now a domain controller for this domain.