{"id":19,"date":"2015-02-11T10:53:45","date_gmt":"2015-02-11T10:53:45","guid":{"rendered":"http:\/\/ropse.com\/?page_id=19"},"modified":"2015-03-18T12:08:48","modified_gmt":"2015-03-18T12:08:48","slug":"windows-2012-domain-installation","status":"publish","type":"page","link":"https:\/\/ropse.com\/?page_id=19","title":{"rendered":"Windows 2012 \u2013 Domain Installation"},"content":{"rendered":"<p>start<br \/>\n<strong>Roaming profiles,\u00a0context menu:<\/strong><br \/>\ncopy the winx folder to the roaming profile folder:<br \/>\nC:\\Users\\Alex\\AppData\\Local\\Microsoft\\Windows\\WinX\\<br \/>\nC:\\Users\\Alex\\AppData\\Roaming\\Microsoft\\Windows\\WinX\\<\/p>\n<p><strong>Domain controller link:<\/strong><br \/>\n<span style=\"font-size: 10pt;\"><a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/22622.building-your-first-domain-controller-on-2012-r2.aspx\">http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/22622.building-your-first-domain-controller-on-2012-r2.aspx<\/a><\/span><\/p>\n<p><strong>See:<\/strong><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-89\" src=\"http:\/\/ropse.com\/wp-content\/uploads\/2015\/02\/attachment.png\" alt=\"attachment\" width=\"25\" height=\"25\" srcset=\"https:\/\/ropse.com\/wp-content\/uploads\/2015\/02\/attachment.png 256w, https:\/\/ropse.com\/wp-content\/uploads\/2015\/02\/attachment-150x150.png 150w\" sizes=\"(max-width: 25px) 100vw, 25px\" \/><span style=\"font-size: 10pt;\"><a href=\"http:\/\/ropse.com\/wp-content\/uploads\/2015\/02\/stepbystepguideforsettingupwindowsserver2012domaincontroller-130711080426-phpapp01.pdf\" target=\"_blank\">stepbystepguideforsettingupwindowsserver2012domaincontroller-130711080426-phpapp01<\/a><\/span><\/p>\n<hr \/>\n<p>Building Your First Domain Controller on 2012 R2<\/p>\n<div class=\"post-content user-defined-markup\">So you want to build an Active Directory <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Domain\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> domain<\/span><\/span><\/a>? Congratulations! This guide is not really meant for the seasoned admins who eat, sleep, &amp; breathe <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Active_Directory\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> Active Directory<\/span><\/span><\/a>. It is meant for the folks who have a real job, but since they own a computer at home, they are now the company&#8217;s network administrator. J You know who you are. I will go through the process in as non-techie terms as possible, but will link to online documentation just in case you want to dive deeper. In this post I walk through setting up a brand new 2012R2 Standard edition <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Server\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> Server<\/span><\/span><\/a>. While technically I am building out a virtual machine, a physical machine would be the same process. So why build a domain in the first place? There are many reasons to need or want a domain;<\/div>\n<div class=\"post-content user-defined-markup\">\n<ul>\n<li>Software like Exchange Server and many 3<sup><span style=\"font-size: small;\">rd<\/span><\/sup> party vendors require having Active Directory in your environment.<\/li>\n<li>Centralized security \u2013 All user accounts are stored in the domain so users will be able to log into any PC in the domain and all Active Directory integrated apps with the same account \u2013 that means no more password post-it notes attached to monitors<\/li>\n<li>Centrally manage user and computer policies to control things like how long a password should be and what drive letters should be mapped for users<\/li>\n<li>Many, many other reasons.<\/li>\n<\/ul>\n<\/div>\n<p>But this isn\u2019t a walkthrough on why, but how. Lets start:<\/p>\n<hr \/>\n<p><strong>Step 1 \u2013 Evaluate<\/strong><\/p>\n<ul>\n<li>The Server &#8211; While Active Directory doesn&#8217;t tend to be processor intensive or memory intensive in small environments, minimally I would recommend 8 \u2013 16 Gb of Ram, Quad-core processor, and around 100 GB&#8217;s of free hard drive space \u2013 Microsoft has some guidance on the amount of memory and processing power Active Directory located <a title=\"Capacity planning for Active Directory\" href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/14355.capacity-planning-for-active-directory-domain-services.aspx\" target=\"_blank\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> here<\/span><\/span><\/a> .<\/li>\n<li>The Network \u2013 Chances are you have a router, that hands out\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/20580.wiki-glossary-of-technology-acronyms.aspx#IP\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">IP<\/span><\/span><\/a> Addresses to computers to allow them to get to the network and ultimately to the internet \u2013 this is a great time to figure out what the IP Range that it has is and any passwords that are needed to configure it are. The reason behind this would be that Active Directory stores information about itself in\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#DNS\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">DNS<\/span><\/span><\/a> \u2013 I will go through the basics of DNS when the time comes, just think of DNS as how Internet Explorer knows how to find <a href=\"http:\/\/www.facebook.com\/\" target=\"_blank\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">www.facebook.com <img decoding=\"async\" title=\"This link is external to TechNet Wiki. It will open in a new window.\" src=\"http:\/\/social.technet.microsoft.com\/wiki\/cfs-file.ashx\/__key\/communityserver-components-sitefiles\/10_5F00_external.png\" alt=\"\" border=\"0\" \/> <\/span><\/span><\/a>. The networking piece is an important part and where things can go wrong if not set up correctly. Microsoft has published a good explanation of DNS <a title=\"DNS Explaination\" href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc737203(v=ws.10).aspx\" target=\"_blank\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> here<img decoding=\"async\" title=\"This link is external to TechNet Wiki. It will open in a new window.\" src=\"http:\/\/social.technet.microsoft.com\/wiki\/cfs-file.ashx\/__key\/communityserver-components-sitefiles\/10_5F00_external.png\" alt=\"\" border=\"0\" \/> <\/span><\/span><\/a>.<\/li>\n<li>Domain \u2013 What are you going to call this creature you are about to build? In my test lab I build out a fictional company called Matrix.loc (Yes I really liked the movie). There are a few things to note about the name, Matrix is the fictional company name and loc is a fake root domain. The fake root domain could easily be .com, edu, .net and I would have made it that if I actually owned those names on the internet \u2013 I don&#8217;t own them so I use a fake root name. It won&#8217;t matter the server will still be able to get to the internet as will the clients.<\/li>\n<\/ul>\n<hr \/>\n<p><strong>Step 2 \u2013 Set Server up<\/strong><\/p>\n<ul>\n<li>Get the server setup, cabled, powered up and if need be get\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/20580.wiki-glossary-of-technology-acronyms.aspx#OS\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">OS<\/span><\/span><\/a> installed on it<\/li>\n<li>First screen will ask for a password \u2013 fill that out \u2013 the server will finalize the settings, reboot and then allow you to log in. <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou1.png\" alt=\" \" \/><\/li>\n<li>When you finally log into the server for the first time \u2013 Server Manager will start up<\/li>\n<li>Select Local Server on the left and you should see a screen similar to below: <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou2.png\" alt=\" \" \/><\/li>\n<li>NOTE: there are a few things we need to change here \u2013 first being Computer name (Nobody will remember that name if they needed to)<\/li>\n<li>Click on the Server&#8217;s Name (The Blue text) this screen will show up \u2013 Click Change<img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou3.png\" alt=\" \" \/><\/li>\n<li>Type in the name that you want for this\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Domain_Controller\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">domain controller<\/span><\/span><\/a> in the screen that comes up like below<img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou4.png\" alt=\" \" \/><\/li>\n<li>Click OK when done, and then close the screen behind \u2013 Reboot when it asks you to<\/li>\n<li>Login to windows when ready and when Server Manager comes back up, click on Local Server again and validate the Name change <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou5.png\" alt=\" \" \/><\/li>\n<li>Now let&#8217;s validate that the internet is working so we can get some network settings written down. I went to <a href=\"http:\/\/www.bing.com\/\" target=\"_blank\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">www.bing.com <img decoding=\"async\" title=\"This link is external to TechNet Wiki. It will open in a new window.\" src=\"http:\/\/social.technet.microsoft.com\/wiki\/cfs-file.ashx\/__key\/communityserver-components-sitefiles\/10_5F00_external.png\" alt=\"\" border=\"0\" \/> <\/span><\/span><\/a> and after the Internet Enhanced configuration prompts I was able to get to the internet.<\/li>\n<li><img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou6.png\" alt=\" \" \/><\/li>\n<li>\n<div>Let&#8217;s assign a static IP to the network card as you do not want the servers IP changing on you<\/div>\n<ul>\n<li>Grab the current settings from\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#PowerShell\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">Powershell<\/span><\/span><\/a> \u2013 Click the Icon <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou7.png\" alt=\" \" \/>on the task bar or open a command prompt and type &#8220;IPconfig \/All&#8221; The resulting output will be a lot but scroll up and you will see a section like below <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou8.png\" alt=\" \" \/> The highlighted area are the most important:<\/li>\n<li>Refer back to your router information and check the scope of address that it hands out: For instance Linksys routers hands out normally 192.168.1.100 to 192.168.1.150 (50 addresses) my network hands out 192.168.1.64 to 192.168.1.253 (190 devices) This is important to be able to assign an IP to your new server that is still on the network defined by the\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Subnet\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">subnet<\/span><\/span><\/a> mask but outside of the client scope, I am choosing 192.168.1.50 for my new domain controller for example.<\/li>\n<li>Right click this icon<em><strong><img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou9.png\" alt=\" \" \/> <\/strong><\/em>on the taskbar and select &#8220;Open Network and Sharing Center&#8221;<\/li>\n<li>Select the &#8220;Change adapter settings&#8221; on the left<\/li>\n<li>Right click on your network adapter and select properties<\/li>\n<li>On the screen that comes up click &#8220;Internet Protocol Version 4 (TCP\/IPv4) and then click the Properties button <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou10.png\" alt=\" \" \/><\/li>\n<li>Make your ip settings match mine with the exception of the IP address (If you selected another one) , Gateway depending on your routers config, and DNS most likely this will be your router if not refer back to the ipconfig \/all output and have your dns settings match that. <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou11.png\" alt=\" \" \/><\/li>\n<li>Once that&#8217;s done lets validate that the internet still works \u2013 if so let&#8217;s go to step 10, if not we need to redo step 9 to make sure there isn&#8217;t anything that was missed.<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Download and install all windows updates for the server \u2013 to do that right click the little flag icon by the clock and open the action center.<\/div>\n<ul>\n<li>On the left there will be a Windows Update link, click that and turn on Automatic Updating.<\/li>\n<li>Check for updates \u2013 this will take a bit to gather all of the updates that may be waiting for you.<\/li>\n<li>Go ahead and install any updates found and let the server reboot if it needs to. With the operating system being 2012 R2 there may not be a lot of updates.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>Step 3 &#8211; Promote to Domain Controller<\/strong><\/p>\n<ul>\n<li>\n<div>Once everything is up and running again \u2013 it&#8217;s time to finally install the Directory Services role<\/div>\n<ul>\n<li>In Server Manager, Local Server Click Manage and then Add Roles and Features<img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou12.png\" alt=\" \" \/><\/li>\n<li>Click next on the first screen<\/li>\n<li>Keep the defaults (Role-based or feature-based installation) on Installation type and click Next<\/li>\n<li>Keep the defaults (Select a server from the server pool), make sure your new server is highlighted, click Next<\/li>\n<li>Put a check mark next to &#8220;Active Directory Domain Services&#8221; on Server Roles , Click Add Features on the popup screen, click Next<\/li>\n<li>On the features screen, click Next<\/li>\n<li>On\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#AD_DS\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">AD DS<\/span><\/span><\/a> screen, Click Next<\/li>\n<li>And finally on the confirmation screen, click Install<\/li>\n<li>At this point the Active Directory binaries will be installed, once that finishes click the Close button<\/li>\n<\/ul>\n<\/li>\n<li>The binaries are installed but where is my Active Directory? At this point you should be looking at Server Manager, and at the top of the screen there should be a flag next to the word manage with a yellow caution symbol.<img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou13.png\" alt=\" \" \/><\/li>\n<li>When you click the flag a window will open telling you that there is still some configuration that is needed to make this server a domain controller. <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou14.png\" alt=\" \" \/><\/li>\n<li>Click the &#8220;Promote this server to a domain controller&#8221; link<\/li>\n<li>\n<div>Select the option to &#8220;Add a new <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#Forest\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\"> forest<\/span><\/span><\/a>&#8221; and then type the domain name that you want, then click Next <img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou15.png\" alt=\" \" \/><strong>NOTE:<\/strong> Here are some guidelines to stay away from:<\/p>\n<\/div>\n<ul>\n<li>No single label names i.e. Matrix<\/li>\n<li>Don&#8217;t over complicate it, if the name of your company is Brads Totally Awesome Computer Repair and Web Design, I would never create a domain called bradstotallyawesomecomputerrepairandwebdesign.local. In Fact the domain name should be less than 15 characters for technical reasons. In the example above I would shorten it up to something like BTAC.local \u2013 trust me your users will thank you J<\/li>\n<li>Avoid using special characters in the domain name like |\/\\?&#8221;&gt;&lt;:*, periods are ok as long as it is not the first character, dashes (-) are OK but still wouldn&#8217;t use as first character<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>On the Domain Controller Options screen<\/div>\n<ul>\n<li>Select the\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#FFL\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">Forest functional<\/span><\/span><\/a> and\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#DFL\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">Domain functional level<\/span><\/span><\/a> \u2013 The wizard will pick the highest functional level that the OS will support, so defaults are usually the best bet.<\/li>\n<li>In the section labeled &#8220;Specify domain controller capabilities&#8221; again the defaults are the best option<\/li>\n<li>There is a section that can be hard to see for the\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#DSRM\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">DSRM<\/span><\/span><\/a> password, which should be something that is easily remembered or stored securely somewhere, as the only time you will need this password is during a disaster<\/li>\n<li>Click Next<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/windorks.files.wordpress.com\/2014\/01\/011814_0709_buildingyou16.png\" alt=\" \" \/><\/li>\n<li>On the DNS options screen, ignore the warning about the delegation and click Next<\/li>\n<li>On the Additional options page, make sure that the name of your domain is listed as the\u00a0<a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/16757.active-directory-glossary.aspx#NetBIOS\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">NetBios<\/span><\/span><\/a> domain name, sometimes there will already be a computer or printer on the network with the same name so if your NetBios name ends in a 0, we will need to change the name of that device before we continue. For my Domain of Matrix.loc the NetBios name is Matrix \u2013 Click Next<\/li>\n<li>On the Paths screen, defaults should be fine but if you so desired you could change them to another local harddisk or partition.<\/li>\n<li>On review options click Next<\/li>\n<li>The server will now check to make sure all the prerequisites for the domain controller is satisfied, there will be some warnings, but that should be fine, review and Click Install<\/li>\n<li>Once the install completes the server will reboot<\/li>\n<li>Once rebooted you will sign into your new domain<\/li>\n<\/ul>\n<p>Once the domain is up and running there are a few things that will need to be done to fully utilize Active Directory<\/p>\n<ol>\n<li>Users will need to be created<\/li>\n<li>Client computers will need to point their Nics dns settings to the servers IP<\/li>\n<li>Computers will need to be joined to the domain<\/li>\n<\/ol>\n<p>&#8211;Alex&#8211;<\/p>\n<p>Ethernet Settings, joining the domain:<\/p>\n<ul>\n<li>Set IP Address<\/li>\n<li>Point default gateway to router&#8217;s IP<\/li>\n<li>Point DNS server to domain IP<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>start Roaming profiles,\u00a0context menu: copy the winx folder to the roaming profile folder: C:\\Users\\Alex\\AppData\\Local\\Microsoft\\Windows\\WinX\\ C:\\Users\\Alex\\AppData\\Roaming\\Microsoft\\Windows\\WinX\\ Domain controller link: http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/22622.building-your-first-domain-controller-on-2012-r2.aspx See: stepbystepguideforsettingupwindowsserver2012domaincontroller-130711080426-phpapp01 Building Your First Domain Controller on 2012 R2 So you want to build an Active Directory domain? Congratulations! This guide is not really meant for the seasoned admins who eat, sleep, &amp; breathe Active &hellip; <a href=\"https:\/\/ropse.com\/?page_id=19\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Windows 2012 \u2013 Domain Installation<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":12,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/pages\/19"}],"collection":[{"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ropse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19"}],"version-history":[{"count":8,"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/pages\/19\/revisions"}],"predecessor-version":[{"id":150,"href":"https:\/\/ropse.com\/index.php?rest_route=\/wp\/v2\/pages\/19\/revisions\/150"}],"wp:attachment":[{"href":"https:\/\/ropse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}