Chad’s Quick Notes - Installing a Domain Controller with Server 2016 Core

 

I will admit with Windows Server 2012 R2 I usually installed the full gui version and then once I had the server the way I wanted it, I would uninstall the gui.  With this no longer being possible with Windows Server 2016 I had to dust off my notes on how to leverage sconfig and powershell to configure new domain controllers running Windows Server 2016 Core.  Here is my notes on what I did.

Setting up a DC to host a new domain.

Go through the installation and put in the new password.

clip_image001

In the core console run “powershell.exe”.

Then run:

    1: Rename-computer -newname 2016-DC01

clip_image001[4]

Hold off on rebooting until after you set the Static IP and DNS.

Edit: Locate the Nic card you want to set up IP information for by running

 Get-NetAdapter

image

Use the name of the adapter as the interfaceAlias.

    1: $ipaddress = "10.0.0.2"
    2: $dnsaddress = "127.0.0.1"
    3: New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24

clip_image001[6]

Update the DNS Server.

    1: Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dnsaddress

clip_image001[8]

Restart the server.

    1: Restart-Computer

Log back into the server,

Edit: Great recommendation below is to make sure the Time Zone is set

 get-timezone

image

 Set-TimeZone -Id "Mountain Standard Time"

image

Install and configure the first Domain Controller in a new forest/domain named “sixteen.contoso.ad”. (I have to many contoso labs built)

    1: Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

clip_image001[10]

    1: Install-ADDSForest -DomainName sixteen.contoso.ad

Provide the safemodeadministratorpassword

clip_image001[12]

Then confirm you want the server to be configured and rebooted.

clip_image001[14]

The usual warnings should prompt and eventually be prompted for sign out.

clip_image001[16]

Log back in and do some initial validation.

Validate the new DC

Use DCDIAG

Make sure AD/DNS services are running

    1: Get-Service adws,kdc,netlogon,dns

clip_image001[18]

 

Check for sysvol and netlogon shares

    1: Get-smbshare

clip_image001[20]

 

Review logs

    1: get-eventlog "Directory Service" | select entrytype, source, eventid, message
    2: get-eventlog "Active Directory Web Services" | select entrytype, source, eventid, message

clip_image001[22]

With this being the first DC shouldn’t be to much to check

Making a Windows 2016 Server a Domain Controller in an existing domain

Here we go, at the PowerShell prompt on the new server run the following.

 Rename-computer -newname 2016-DC02
 $ipaddress = "10.0.0.3"
 $dnsaddress = "10.0.0.2"
 New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
 Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dnsaddress
 Restart-computer
  
 Set-TimeZone -Id "Mountain Standard Time"
  
 Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
  
 #see if any updates are available and patch prior by using sconfig or
 $AutoUpdates = New-Object -ComObject "Microsoft.Update.AutoUpdate"
 $AutoUpdates.DetectNow()
  
 Install-ADDSDomainController  -DomainName "sixteen.contoso.ad" -credential $(get-credential)

At the Windows PowerShell credential prompt use credentials for the domain you plan on this Domain Controller hosting. 

Set the SafeModeAdministratorPassword, then validate that the server is to be configured and restarted.

Once the new Domain Controller restarts and comes back up, leverage the Validation Section to make sure it looks good. Also leverage some of the replication cmdlets to validate replication is working.

    1: Get-ADReplicationFailure -scope SITE -target Default-First-Site-Name | FT Server, FirstFailureTime, FailureClount, LastError, Partner -AUTO
    2: Get-ADReplicationPartnerMetadata -Target * -Partition * | Select-Object Server,Partition,Partner,ConsecutiveReplicationFailures,LastReplicationSuccess,LastRepicationResult

That is all I'm going to cover in this blog I hope you find it useful.

Chad

Additional Resources

Touch-Free PowerShell DCPROMO in Windows Server 2012