Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views :
TheServerGeeks

IT with everything IT

Installing Active Directory Domain Services Role in windows server 2012 R2 and Promoting

/

If you are using your freshly installed server machine to install the ADDS server role, firstly, you must do some settings before Installing or Promoting your ADDS role.

Changing the Computer Name

Go to Control Panel > All Control Panel Items > System

Here, you can see the basic configuration of the system. Including of System Name, Memory, Processor, Operating System etc.

Go to Change Settings to change the Computer name.
In the Computer Name Tab, Click on Change button.

Enter the Computer Name you want and Click Ok twice.
At the Restart computer prompt, click Yes to restart the computer.

Renaming Computer using PowerShell

Netdom renamecomputer %hostname% /newname ‘NewName’ /userd:Administrator /Passwordd:

or

Netdom renamecomputer ‘Current Name’ /newname ‘NewName’ /userd:Administrator /Passwordd:

Alternatively, you can check the current system name using the Command ‘Hostname’ and then replace %hostname% with the current name of the server.

PowerShell will ask you, whether to restart or not. Type Y and hit enter to restart.

Check the Network adapter settings

Check the IP Address settings. For promoting ADDS server role, it is recommended to have the static IP Address assigned to the server which is going to server ADDS service. But you can alternatively use the DHCP IP Address / Manually assigned IP Address and then use the Loop Back address as the Primary DNS server to have the ADDS service function properly.

Go to Control Panel > All Control Panel Items > Network Connections > Right click on the Ethernet and go to the properties > In the Networking Tab, scroll down to find Internet Protocol Version 4 (TCP/IPv4) and click properties. Change the IP Address depending on your network setup and Click OK twice to exit.

Changing IP Address in PowerShell

Use the Cmdlet, Get-NetIpAddress to see the properties of all the Ethernet Adapters in the system.

To be able to change the IP Address of an Interface, you need to know the Interface Index and InterfaceAlias. To see the properties of a single interface, run the below Cmdlet where you want to change the IP Address of the Ethernet which is having InterfaceIndex value of 12.

Get-NetIPAddress | Where-Object {$_.interfaceindex -eq 12}

Now, To Change the IP Address of the Ethernet with the InterfaceAlias Ethernet, run the below Cmdlet.

New-NetIPAddress -InterfaceAlias “Ethernet” –IPAddress “192.168.1.10” –PrefixLength 24 -DefaultGateway 192.168.1.1

To Change the DNS server and set it to the Loopback address, Run the below Cmdlet

Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses 127.0.0.1

Note: If you have the DNS server role installed on the other machine, you can enter it’s IP Address Also here. I’m Using the LoopBack address as I am going to install DNS Role on the same server on which I am going to install ADDS Role.

If you have more users in your organization and more authentication requests are going to sent to the ADDS servers, then you might consider having a separate server for each FSMO roles and a separate server for DNS for redundancy. If you are running with only few users or running a startup company, then it’s ok to have all the FSMO roles on the same server if you have a good hardware and network setup.

Installing ADDS Role using GUI

To Install the ADDS Role in Win 2k12 server, Go to Server Manager >Manage > Add Roles and Features >
In the Add Roles and Features wizard, Click Next

In the Installation Type, Select Role-Based or Feature based installation and Click Next

In the Server Selection Page, Select the Server on which you want to Install the Role and Click Next

In the Server Roles page, Select Active Directory Domain Services. After the selection, you will get the Add Roles and Features wizard. Select Include Management Tools (if applicable) and click on Add Features. > Click Next

Click Next on the Features Page > Click Next on the ADDS page
On The confirmation page, Click Install

Its gonna take a while to install the ADDS role. Once installed, you will be presented with the Results on the Results page. Review and close the page.

Installing ADDS Role using PowerShell

To Install the ADDS server Using PowerShell, Run the below Cmdlet.

Install-WindowsFeature “AD-Domain-Services”,”WindowsPowerShellWebAccess” -IncludeManagementTools -Verbose

No need to restart the server after the installation of the ADDS Role.

Promoting Domain (GUI & PowerShell)

To Promote the server, Go to Server Manager, you can see the yellow balloon next to Manage option, Click on that Yellow balloon. On the drop-down list, click Promote this server to a domain controller.

Active Directory Domain services configuration wizard will open as shown below. Select Add a New Forest. Enter the Root Domain Name and click Next

On the Domain Controller options, Select the Forest & Domain Functional levels. Select Domain Name system (DNS) Server.

Note: DNS server option will be greyed out if you have the DNS role already installed on the other Windows/Linux server. Else, this option will be auto selected, and the wizard will install and configure the DNS server role for the domain controller.

Enter the DSRM password. And Click Next

In the Additional options page, NetBIOS domain name will be automatically added based on the forest name you have entered. Click Next

If you are working for a large organization, where the logs will be more, and have more HDD space, you can consider placing each log files in a different Drive/HDD/Network Drive.

Enter the path for Database, Logs, and SYSVOL. Click Next

 

The Review Options page is little special in Win 2k1. Because it shows the all the changes that are going to apply as well as the PowerShell Script down below for the exact same configuration. This can be saved for future use. This can be viewed by clicking on View Script button.

Below is the sample of the Script which is generated by ADDS configuration Wizard.

 

Click Next

If any of the prerequisites are not met, it will be shown in the Prerequisites page and will be asked to complete it before continuing the configuration. Once all the prerequisites are met, click on Install

 

Wizard will start configuring the server and will restart the server once Promotion is completed.

To Promote the server in to Domain Controller from PowerShell, run the below Cmdllet

Import-Module addsdeployment
Install-ADDSForest -DomainName “Contoso.com” -DomainNetbiosName “Contoso” -InstallDns:$true -Verbose

Once the above Cmdlet is executed, PowerShell is going to ask you for the
SafeModeAdministratorPassword for future recovery purpose. Enter the password which you want and confirm once again to continue the installation.
Once the Installation is complete, System will reboot itself and at the next logon screen, it’s going to present you the Domain Administrator login option. You can use the same credentials which you used for Local Administrator to login and manage the server.

Note: Once the server is promoted to be a Domain Controller, your local accounts will be disabled automatically. These accounts will be useful if in case you Demote the Domain Controller role from the server

Additional Settings that you may want to do.

  • Checking the Domain Name using PowerShell

Get-WmiObject win32_computersystem

  • To enable PowerShell Remoting to manage the server from a remote machine.

Enable-PSRemoting -Force -Verbose

  • Adding Users to the New Domain Single or Multiple users (GUI & PowerShell)

    New-ADUser -Name ‘UserName’

  •  
  • Set a password for a user account

    Net user ‘UserName’ *

  • Adding user account to some of the Domain Administration groups

Add-ADGroupMember Administrators -Members ‘UserName’

 Add-ADGroupMember “Domain Admins” -Members ‘UserName’

 Add-ADGroupMember “Schema Admins” -Members ‘UserName’

 Add-ADGroupMember “Enterprise Admins” -Members ‘UserName’

  • Set the account to Active and check the overall details of the User Account

Net user ‘UserName’ /active

  • To Get the user account details

net user ‘UserName’ or Get-AdUser -Filter {DisplayName-like “User Display Name”}

To Know how to create bulk AD users, click here

18 Comments

  1. Hi, I think your website might be having browser compatibility issues.
    When I look at your blog site in Ie, it looks fine but when opening in Internet Explorer, it has some overlapping.

    I just wanted to give you a quick heads up! Other then that,

  2. Howdy! I could have sworn I’ve been to this website before but after going through some of the articles I realized
    it’s new to me. Anyways, I’m definitely pleased I found it and I’ll be bookmarking it and checking
    back frequently!

  3. Attractive section of content. I just stumbled upon your blog
    and in accession capital to assert that I get in fact enjoyed account your blog posts.
    Anyway I’ll be subscribing to your feeds and even I achievement you access consistently fast.

  4. I as well as my guys were actually digesting the good ideas from your web site then at once I had a terrible feeling I never expressed respect to you for those secrets. The men ended up for that reason warmed to read them and have really been enjoying them. Appreciation for actually being quite kind as well as for making a decision on certain amazing subject matter most people are really wanting to be informed on. My sincere regret for not expressing gratitude to you earlier.

  5. That is a great tip especially to those fresh to the blogosphere.

    Brief but very precise information… Appreciate your sharing this one.
    A must read article!

  6. Very nice post. I just stumbled upon your blog and wanted to mention that
    I’ve really enjoyed surfing around your blog posts. After all
    I’ll be subscribing in your feed and I hope you write once more very soon!

  7. Great blog you have got here.. It’s difficult to find high quality writing like yours nowadays.
    I truly appreciate individuals like you! Take care!!

Leave a Reply to Lynda Cancel reply

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar