I was reading Mohamud’s post and it made me think of my own lab environment. I had been thinking about writing about it for a while now, but something always came up. So, this morning I gathered the documentation i had kept when i setup my environment (and yes for those who doubt, i do document my setups) and actually got to it.
When i started my preparation for the EnergizeIT demos, and for other screen casts I am planning. I realized I needed to rebuild the domain setup for my lab. I also wanted to check out a few scenarios discussed with TechDays attendees during the “Streamlining Administration of Your Deployments of Active Directory Using Group Policy Preferences, Templates, and Scripting” session.
So I started looking for a spare machine for the DC. I know, I can do all this virtualized, but I wanted to setup a permanent infrastructure I can work with for the long haul. Therefore I was looking for a DC, I could setup in my wiring closet in my home office and leave it there.
I found some pieces from different computers in storage (yes, I’m a pack rat… I never throw out anything.) an ATX case, an ASUS P4B motherboard, a Pentium 4 processor (2.2GHz) and 768MB of memory (1×512 + 1×256) and an old DVD reader. The only part I had to source outside was the HHD. For that I bought a 250GB drive, and I was good to go.
As you can guess the hardware platform is fairly weak. So, a core installation should be perfect, small footprint and more resources dedicated to what it is needed for.
I was off to the races. Booted from the DVD of Windows 2008 Enterprise Server x86, and I proceeded with the installation. I will spare you the details of the initial installation, I believe that most of us can click next… 😉
Ok, now I have a core server. WOOOOHOOOO!!!!
But, at this point, it does nothing!!!!
Here comes the part that is fun. How do I turn this brick into something useful? What will I need it for? Hmmm… Planning… Something I should spend more time doing. Anyway, I need the following:
- An Active Directory Domain controller
- A File server
- A DHCP and DNS servers
Ok. Now that I knew what I needed, I proceeded with the configuration
Find interface index and set IP address
Before anything else i needed to establish connectivity. The following command identified the interfaces currently installed.
netsh interface ipv4 show interface
Idx Met MTU State Name
— — —– ———– ——————-
2 50 1500 connected Local Area Connection
1 50 4294967295 connected Loopback Pseudo-Interface 1
I needed to apply the changes to the idx= 2 interface.
netsh interface ipv4 set address name=”2″ source=static address=”192.168.1.50″ mask=”255.255.255.0″ gateway=”192.168.1.1″
now that I have an IP address, I need to define name resolution. Since I will be setting up a DNS server on this box later I configured the DNS settings to point to the following
- 127.0.0.1 (local host)
- 126.96.36.199 (my ISP DNS)
netsh interface ipv4 add dnsserver “Local Area Connection” 127.0.0.1
netsh interface ipv4 add dnsserver “Local Area Connection” 188.8.131.52 index=2
Enter activation key & Activate Server
In order to enter the proper product key (which I forgot do during the installation) and to activate my server i executed the SLMGR.VBS script from the c:\windows\system32 directory:
cscript slmgr.vbs -ipk ABCDE-FGHIJ-KLMNO-PQRST-UVWXY (enter a new product key)
cscript slmgr.vbs -ato (Activate the server)
Enable automatic updates
To verify the current setting, type:
cscript scregedit.wsf /AU /v
To enable automatic updates, type:
cscript scregedit.wsf /AU 4 (not “/4” like I’ve seen it everywhere documented on the net.)
Rename the computer
To rename the computer from “WIN-GT7XU399GSZ” to “CENTRAL”, type:
Netdom renamecomputer win-gt7xu399gsz /NewName:Central
Restart the computer
I needed to restart the server in order to have the new name active:
Shutdown /r /t 0
Once the server is restarted, it’s now time to install the DNS role, the DHCP role and the Active Directory Domain Services role.
Install DNS service
The command to install the DNS Role is:
start /w ocsetup DNS-Server-Core-Role
Active Directory Domain Services role and create a Domain Controller
The dcpromo command in a server core need to be accompanied by an unattended text file since the dcpromo graphical interface cannot be displayed.
The unattend.txt Content is:
The dcpromo command is
I specified “RebootOnCompletion=No” in my unattend.txt file since i want to validate that no error occurred during the dcpromo process. I restarted the server after the verification using the following command.
Shutdown /r /t 0
Once the Domain controller is created and that that server has rebooted, I needed to enable a few items:
|Enable remote desktop||SCregEdit.wsf /ar 0|
|Enable Remote Management||WinRM quickconfig|
|Enable firewall for remote management||netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes|
Enabling the Remote Administration firewall rules allows pretty much any MMC to connect. However, there may be situations where you only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:
Remote Event Log Management
Remote Service Management
File and Printer Sharing
Remote Scheduled Tasks Management
Reliability and Performance
“Performance Logs and Alerts” and “File and Printer Sharing”
Remote Volume Management
Windows Firewall with Advanced Security
Windows Firewall Remote Management
You need to enable these on the DC firewall in order to allow the MMC to connect across the network. To do so, use the following command:
Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes
Where <rule group> is the name in the above table.
Install DHCP server
To install the DHCP server on the DC I simply installed the role, set the service to start automatically and started it using the following command:
start /w ocsetup DHCPServerCore
sc config dhcpserver start= auto
net start dhcpserver
Install File Services role
The last role I needed installed is the File service role. This one installed by using:
start /w ocsetup FRS-Infrastructure
My Core DC is now installed and ready to assist me in testing new scenarios and to build my demos. The only thing remaining is to spin up a Vista or another Windows 2008 box so i can use the management tools to manage my DC remotely.
I hope this is useful for you. If you have scenarios you would like us to try out don’t hesitate to contact me. Now that I have a proper lab…. 😉
Pierre Roman, MCSE, ITIL| Microsoft Canada Co.| IT Pro Advisor | firstname.lastname@example.org
phone: 613-212-2370 | mobile: 613-715-2311