My Core box. How to turn a near obsolete PC in a Lab Domain Controller.


Hello folks,


I was reading Mohamud’s post and it made me think of my own lab environment. I had been thinking about writing about it for a while now, but something always came up.  So, this morning I gathered the documentation i had kept when i setup my environment (and yes for those who doubt, i do document my setups) and  actually got to it.


When i started my preparation for the EnergizeIT demos, and for other screen casts I am planning. I realized I needed to rebuild the domain setup for my lab.  I also wanted to check out a few scenarios discussed with TechDays attendees during the “Streamlining Administration of Your Deployments of Active Directory Using Group Policy Preferences, Templates, and Scripting” session.


So I started looking for a spare machine for the DC.  I know, I can do all this virtualized, but I wanted to setup a permanent infrastructure I can work with for the long haul. Therefore I was looking for a DC, I could setup in my wiring closet in my home office and leave it there.


I found some pieces from different computers in storage (yes, I’m a pack rat… I never throw out anything.) an ATX case, an ASUS P4B motherboard, a Pentium 4 processor (2.2GHz) and 768MB of memory (1×512 + 1×256) and an old DVD reader. The only part I had to source outside was the HHD. For that I bought a 250GB drive, and I was good to go.


As you can guess the hardware platform is fairly weak. So, a core installation should be perfect, small footprint and more resources dedicated to what it is needed for.


I was off to the races. Booted from the DVD of Windows 2008 Enterprise Server x86, and I proceeded with the installation. I will spare you the details of the initial installation, I believe that most of us can click next… 😉


Ok, now I have a core server.  WOOOOHOOOO!!!!


But, at this point,   it does nothing!!!!


Here comes the part that is fun. How do I turn this brick into something useful? What will I need it for? Hmmm… Planning… Something I should spend more time doing. Anyway, I need the following:



  1. An Active Directory Domain controller

  2. A File server

  3. A DHCP and DNS servers

Ok. Now that I knew what I needed, I proceeded with the configuration


Find interface index and set IP address


Before anything else i needed to establish connectivity. The following command identified the interfaces currently installed.


netsh interface ipv4 show interface


This returned:


Idx  Met   MTU   State        Name
—  —  —–  ———–  ——————-
  2   50   1500  connected    Local Area Connection
  1   50 4294967295  connected    Loopback Pseudo-Interface 1


I needed to apply the changes to the idx= 2 interface.


netsh interface ipv4 set address name=”2″ source=static address=”192.168.1.50″ mask=”255.255.255.0″ gateway=”192.168.1.1″


now that I have an IP address, I need to define name resolution. Since I will be setting up a DNS server on this box later I configured the DNS settings to point to the following



  1. 127.0.0.1 (local host)

  2. 206.248.154.22 (my ISP DNS)

netsh interface ipv4 add dnsserver “Local Area Connection” 127.0.0.1
netsh interface ipv4 add dnsserver “Local Area Connection” 206.248.154.22 index=2


Enter activation key & Activate Server


In order to enter the proper product key (which I forgot do during the installation) and to activate my server i executed the SLMGR.VBS script from the c:\windows\system32 directory:


cscript slmgr.vbs -ipk ABCDE-FGHIJ-KLMNO-PQRST-UVWXY (enter a new product key)
cscript slmgr.vbs -ato (Activate the server)


Enable automatic updates


To verify the current setting, type:


cscript scregedit.wsf /AU /v


To enable automatic updates, type:


cscript scregedit.wsf /AU 4 (not “/4” like I’ve seen it everywhere documented on the net.)


Rename the computer


To rename the computer from “WIN-GT7XU399GSZ” to “CENTRAL”, type:


Netdom renamecomputer win-gt7xu399gsz /NewName:Central


Restart the computer


I needed to restart the server in order to have the new name active:


Shutdown /r /t 0



Once the server is restarted, it’s now time to install the DNS role, the DHCP role and the Active Directory Domain Services role.


Install DNS service


The command to install the DNS Role is:


start /w ocsetup DNS-Server-Core-Role


Active Directory Domain Services role and create a Domain Controller


The dcpromo command in a server core need to be accompanied by an unattended text file since the dcpromo graphical interface cannot be displayed.


The unattend.txt Content is:


[DCINSTALL]
AutoConfigDNS=Yes
DomainNetBiosName=Homenet
NewDomainDNSName=homenet.local
ReplicaOrNewDomain=Domain
NewDomain=Forest
ForestLevel=3
DomainLevel=3
SafeModeAdminPassword=PassW0rd12#
RebootOnCompletion=No


The dcpromo command is


dcpromo /unattend:c:\unattend.txt


I specified “RebootOnCompletion=No” in my unattend.txt file since i want to validate that no error occurred during the dcpromo process. I restarted the server after the verification using the following command.


Shutdown /r /t 0


Once the Domain controller is created and that that server has rebooted, I needed to enable a few items:












Enable remote desktop SCregEdit.wsf /ar 0
Enable Remote Management WinRM quickconfig
Enable firewall for remote management netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes

Enabling the Remote Administration firewall rules allows pretty much any MMC to connect. However, there may be situations where you only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:





























MMC Snap-in


Rule Group


Event Viewer


Remote Event Log Management


Services


Remote Service Management


Shared Folders


File and Printer Sharing


Task Scheduler


Remote Scheduled Tasks Management


Reliability and Performance


“Performance Logs and Alerts” and “File and Printer Sharing”


Disk Management


Remote Volume Management


Windows Firewall with Advanced Security


Windows Firewall Remote Management


You need to enable these on the DC firewall in order to allow the MMC to connect across the network. To do so, use the following command:


Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes


Where <rule group> is the name in the above table.


Install DHCP server


To install the DHCP server on the DC I simply installed the role, set the service to start automatically and started it using the following command:


start /w ocsetup DHCPServerCore


sc config dhcpserver start= auto


net start dhcpserver


Install File Services role


The last role I needed installed is the File service role. This one installed by using:


start /w ocsetup FRS-Infrastructure


Done!


My Core DC is now installed and ready to assist me in testing new scenarios and to build my demos. The only thing remaining is to spin up a Vista or another Windows 2008 box so i can use the management tools to manage my DC remotely.


I hope this is useful for you. If you have scenarios you would like us to try out don’t hesitate to contact me. Now that I have a proper lab…. 😉


Cheers!


Signature


Pierre Roman, MCSE, ITIL| Microsoft Canada Co.| IT Pro Advisor | pierre.roman@microsoft.com
phone: 613-212-2370 mobile: 613-715-2311



IT Pro blog | Twitter | Facebook | LinkedIn

Comments (2)

  1. Mohamud says:

    Hi Pierre,

    I have been using a script to install updates on my Core Hyper-V test server. The script is available from MSDN: http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

    Since I added the SCE2007 virtual machine to manage updates, I no longer use the script for the Core Hyper-V server.

    Just thought this might help someone else.

    Mohamud

  2. Pierre Roman says:

    Thanks for the info Mohamud.

    Pierre