Category: Windows

Install Domain controller Windows 2012

Guys, i have created a youtube channel to share knowledge and get suggesion/feedback on my videos, please have a look at below video and very important one do CLICK on SUBSCRIBE to get notified as and when new is uploaded (FSMO ROLES transfer, migrate from 2003 to 2016, 2012, 2008, troubleshooting steps on server performance, basic esxi command lines). Note: this is my first video, please support. https://youtu.be/0JFxWTu3vww
YouTube
How to install domain controller windows 2012

[Video]

We are more than 800 members “i request everyone to spend few minutes to watch and subscribe to the channel plz”…Thank you all.
Posted by Sheikvara
+919003270444, +919840688822

[WS2016]INSTALLING AND CONFIGURING IIS ON WINDOWS SERVER 2016 NANO -PART01

LEAVE A COMMENT

I believe the best method to learn any technology is to teach someone or implement it. I prefer to deploy and try out for myself. Having said that I’m open to teaching if required. I have recently started exploring the feasibility of using Windows Server 2016 Nano for the Production environment. There are at least four use cases for Windows Nano one of them is using Windows IIS Server which I will describe here. Given that I know I have IIS role available on Nano I was examining to put this in right learning form. The closest and easiest I could think of Web Server is required for vSphere Update Manager (VUM) when it is configured in Air-Gapped mode.

So let’s get rolling so that we can take a look at it.

Here is the list of things we need to Build an Air Gapped VUM

  1. Web Server in DMZ
  2. Operating System for Web Server
  3. Storage space for Update Repository
  4. Optional but Strongly recommended to have Certificate Authority configured.

 

Installing Nano Server with IIS Package

Nano server can be deployed using two methods. The First method which is very popular is PowerShell and second method know to few is the GUI based. I’ll cover here PowerShell approach while GUI based approach is covered here

So what we need to achieve our goal. [Pre-requisites]
  1. Windows 2016 ISO
  2. Windows 10 or Windows 2016 Machine (Yes can’t do this on Windows 8.1. The dism version which ships with Windows 8.1 is older and cannot be replaced or upgraded using Windows Assessment and Deployment Kit (ADK).
  3. Working directory
I will cover it in two part. In part01 I will cover how to Package, Install and Configure Nano server. In part02 I will cover how to set up IIS server.

 

As a first step, you must import Nano Server PowerShell package. Where is this package? Well, it is in Windows 2016 ISO. Double click ISO. It will automatically mount. Open Powershell ISE (Elevated Prompt) and run following command to import NanoServerImageGenerator Module

Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose
Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose

To confirm whether the NanoServerImageGenerator Module is imported, type the following command. Yes ! Only three commands and 99% of the time you will use only one command.

Get-Command -Module NanoServerImageGenerator
Get-Command -Module NanoServerImageGenerator

Now before you start the process of creating the image, you might need to find the package name. To find package name, you must install package provider.

If the above installation is successful, then you should be able to find the following command

and the output of the command will be exactly as below

Find-NanoServerPackage
Find-NanoServerPackage

Create Nano Server Image

Once our pre-requisites are ready, then we can start building Nano Image. As mentioned above, you need either Windows 10 or Windows Server 2016 to create this image and working directory. I have used Windows Server 2016.

Now let’s begin the process of creating Nano Image. I’ll be building Virtual Image. Assuming you are still in Powershell session, type the following command. Below screen capture is from Powershell and not from PowerShell ISE. I’m not aware how to create multiple lines of codes in Powershell ISE. After pressing Enter on the preceding command, you will be prompted for the Administrator password. Supply the password to begin image building process.

New-NanoServerImage
New-NanoServerImage

I have tabulated the parameter of the command below and provided explanation against each.

Parameters Comments
Edition Standard or Enterprise a decision If you will use Hyper-V
Deployment Type Guest or Host. Guest is for Virtual Machine and Host is for Hyper-V. If you are going to host Hyper-V role on it, then the role is Host
Package The package you wish to deploy. To find out the package available, please refer to screen capture with Title ‘Find-NanoServerPackage’ above. In my case, I have to select IIS Package
IPv4 You will typically deploy Server with Static IP. For IP Address, Subnet Mark, Gateway and DNS Server
EnableRemoteManagementPort Enable Remote Management. This port is a must.
ComputerName Name of the server. This name is the Guest OS name
MediaPath Path to ISO. It is the path of ISO image
TargetPath Path where to create Image i.e. VHDX file which will be our working directory
InterfaceNameorIndex Name of the Network Card. In all cases it is Ethernet.

There are other parameters which I have not used here as it is not required.

Now our image is ready to be deployed, So let’s deploy it. Before you do that copy .vhdx file into Hyper-V working directory.

I’m using Hyper-V manager. Detailed eight steps procedure is captured in the screen capture below.

Deploy Nano Image using Hyper-V manager
Deploy Nano Image using Hyper-V manager

A point to note is in Step:04 you must select Generation:02 as we have selected VHDX extension while creating NanoServer Image.

After you press Finish, Nano VM is created, and it is ready to be powered on. Why not power it on then? Power on the Virtual Machine. VM will be powered on immediately, but it will take few seconds to join to the domain and Install IIS Package. After that few seconds gap, you will be looking at the console of brand new Nano Server

Nano Server is now up and Running
Nano Server is now up and Running

There is no practical need to login to this console as we have already configured IP Address, DNS and domain join. In the below screen I have logged in using contoso.com credentials. This screen is referred as Nano Server Recovery Console. The recovery console screen is to reset Networking configuration.

As we are here, let’s take a look at our available options.

Logged into Nano Server using Domain Account
Logged into Nano Server using Domain Account

I always like to enable Ping on all Windows Server leaving firewall enabled. Click on Inbound firewall rules, press Enter scroll down till you see ICMP IPv4 shown below. Press enter to modify the rule by press F4 which will toggle Enable or Disable. It is the only rule you can change in this console. You might think, hey! Wait I can achieve similar thing from GroupPolicy. But GroupPolicy is not supported on Nano

Though I have shown how to achieve it here, it is not the requirement.

Disable ICMP Ping rule in Windows Nano Server
Disable ICMP Ping rule in Windows Nano Server

Manage Nano Server using Server Manager

Open Server Manager from our working server and follow the steps mentioned or the screen capture for the steps

  1. Click on All Servers
  2. Right click and Add Server
  3. Select Find Now and choose the NanoIIS03 from the list
  4. Move the compute

 

Manage Nano Server using Server Manager
Manage Nano Server using Server Manager

If Firewall ports are opened, the Online status will be immediately visible.

Nano Server Added to Server Manager
Nano Server Added to Server Manager

Before We conclude this post, let me walk you through the basic configuration you might have to do on the nano server.

Set Time Zone on Nano Server

Time Zone must be changed to match to your region. It is critical to check if the time of the server is matching.  If the time difference is more than 5 minutes Domain, Join will fail.

Remote into nano Server using our familiar command

Set Time Zone on Nano Server

Increase the Disk Size on Nano Server
  1. Right click on Nano server, then select settings
  2. Find the Hard Drive and press Edit as shown below
Press Edit to Expand Disk Online
Press Edit to Expand Disk Online

Provide the new size.  Note I have skipped few unimportant screens. In below example, I have increased the size from 4 GB to 10 GB

Enter New Size to Expand Disk

Enter New Size to Expand DiskPress finish which will increase the disk size. This action will increase the disk size but not at the disk level. To the extent the C:\ you need to get disk and partition details in a variable and then use max size method to increase it.

  1. Get Partition command will give details of Partition available on Nano Server. I’m assuming you still have the remote session on nano server.
  1. Select the right partition. In my case, it is Disk 0 and Partition 4. Capture output of this command in variable $Extvol.
  1. Extend partition using Resize-Partition command. Most important variable essential to extend the partition is

Following screen capture is sequence of command executed in PowerShell

Extend the Volume using Powershell

Extend the Volume using Powershell.

In case you wish to avoid PowerShell in extending disk you can easily do so by installing file server role. All you need is to add -storage shown below

In the second post, I will cover how to create IIS site and configure it to host the repository of vSphere Updates.

 

Reference Link – http://www.vzare.com/installing-and-configuring-iis-on-windows-server-2016-nano/

 

Sheikvara

+919840688822, +919003270444

Active Directory Domain Migration from 2003 to 2012 R2…

Author – Manish Sharma
This Post is for an Active Directory services Migration from Windows Server 2003 to Windows Server 2012R2, these all the Steps are used by myself for an live Migration without any Downtime.
Present Server Form :-
Determine your Present scenario, as we have  two AD Server working on   Windows server 2003.
1  NS1.domain.com ( Server 2003 ) – Domain Controller with all the FSMO Roles.
2 NS2.domain.com (Server 2003) – Another Domain Controller in the same domain.
Bullet Points for Migrations :-
3 first we will demote the server (NS2) to a member server.
4 Disjoin the member server from the domain.
5 Remove the server from the network.
6 Install and configure the ADDS and DNS Roles on NS2
7 Add this new server NS2 to Domain as an additional Domain Controller
8 Transfer the FSMO roles to new server (i.e. on NS2)
9 Now Demote the NS1.
10 Format and install Windows Server 2012R2 on NS1
11 add NS1 to Domain
12 Install and configure the ADDS and DNS Roles on NS1
13 Add this new server NS1 to Domain as an additional Domain Controller
14 Transfer FSMO Roles to NS1 server to make it Primary ADDS Server.
15 Test the Functionality/Errors via repadmin or dcdiag command.
Need to Consider :-
However, before performing such tasks, there is a little data gathering that needs to be done. we need to note the following:
16 Is the server the last Domain Controller in the domain? – This means once removed, the domain will no longer exists and any objects associated with the domain will be deleted. (will not do this)
17 Is the server acting as the only Global Catalog Server? – It is crucial that each domain have at least on Global Catalog Server. So before you remove this Domain Controller, you need to make sure that the domain contains another Global Catalog server.
18 Does the server hosts Operation Master (FSMO) roles? – It is important to note down any FSMO roles assigned to the Domain Controller before removing it from the network. When the server is being demoted, any FSMO roles are transferred to another Domain Controller in the domain. Thus we need to verify if this was done correctly.
19 Does the server hosts any other Server Roles? – If the server hosts any other roles, removing the server from the network may cause certain services to stop working. It is important to migrate these roles any other Server Roles from the Domain Controller before demoting the server.
Prerequisite for Migration :-
20 Take the Backup of System State via ntbackup to all the server you have as a AD services installed.
21 Check the FSMO role, Which Server hold that roles via command line –  “netdom query fsmo” result would be like that :-
             C:\>netdom query fsmo
Schema owner                NS1.domain.com
Domain role owner           NS1.domain.com
PDC role                    NS1.domain.com
RID pool manager            NS1.domain.com
Infrastructure owner        NS1.domain.com
The command completed successfully.
               So here “NS1.domain.com” having all the FSMO Roles.
 for more details about FSMO Roles please refer the URL :- “https://support.microsoft.com/en-us/kb/324801″
Plan for Migration:-
As we found the in FSMO query result, all the FSMO roles is having NS1 server so that we can Start with NS2 Server.
Demote the Server from AD “NS2.domain.com” from the active Directory
22 Start with DCPROMO command.
23 Do not select “this server is the last domain controller in the domain”.
24 Set the new Password for the Administrator, “after remove from AD this server will act as a member server” in existing Domain Controller.
25 Complete the Process.
26 Remove the server from Domain, as after removed the AD, the server now a member server of Active Directory Domain Controllers.
27 Format and Install Windows Server 2012 R2.
28 Configure IP Address, Host name and add this Server to AD Domain.\
29 Add Roles, Active Directory Domain Services and DNS Server.
30 Completes the Process ADDS.
31 Now this Server is a Additional Domain Controller into your Existing Forest.
FSMO Roles Transfer to this New Server (NS2)
Transfer the Schema Master Role
Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.
Register Schmmgmt.dll
32 Click Start, and then click Run.
33 Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
34 Click OK when you receive the message that the operation succeeded.
Transfer the Schema Master Role
35 Click Start, click Run, type mmc in the Open box, and then click OK.
36 On the File, menu click Add/Remove Snap-in.
37 Click Add.
38 Click Active Directory Schema, click Add, click Close, and then click OK.
39 In the console tree, right-click Active Directory Schema, and then clickChange Domain Controller.
40 Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
41 In the console tree, right-click Active Directory Schema, and then clickOperations Master.
42 Click Change.
43 Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the Domain Naming Master Role
44 Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
45 Right-click Active Directory Domains and Trusts, and then clickConnect to Domain Controller.
NOTE: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.
46 Do one of the following:
· In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
-or-
· In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
47 In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
48 Click Change.
49 Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
50 Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
51 Right-click Active Directory Users and Computers, and then clickConnect to Domain Controller.
NOTE: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.
52 Do one of the following:
· In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
-or-
· In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
53 In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
54 Click the appropriate tab for the role that you want to transfer (RID, PDC,or Infrastructure), and then click Change.
55 Click OK to confirm that you want to transfer the role, and then click Close.
Check the FSMO roles on New server (NS2) with command if all have been Transferred successfully.
C:\>netdom query fsmo
Schema owner                NS2.domain.com
Domain role owner           NS2.domain.com
PDC role                    NS2.domain.com
RID pool manager            NS2.domain.com
Infrastructure owner        NS2.domain.com
The command completed successfully.
               So here “NS2.domain.com” having all the FSMO Roles.
So Now we are good to go to do the Same Steps with NS1 to Demote it and Promote after a Fresh installation of Windows Server 2012 R2.
After a Fresh Installation of NS1 we can transfer all the FSMO roles with the help of  the same steps as we did for NS2 to this NS1 Server to keep this server as a Primary Domain or ADDS server.
Check the FSMO roles on New server (NS1) with command if all have been Transferred successfully.
C:\>netdom query fsmo
Schema owner                NS1.domain.com
Domain role owner           NS1.domain.com
PDC role                    NS1.domain.com
RID pool manager            NS1.domain.com
Infrastructure owner        NS1.domain.com
The command completed successfully.
               So here “NS1.domain.com” having all the FSMO Roles.
After ADDS Migration Server Form :-
After Successfully Migration our Server Farm would be…
56  NS1.domain.com ( Windows Server 2012R2 ) – Domain Controller with all the FSMO Roles.
57 NS2.domain.com (Windows Server 2012R2 ) – Another Domain Controller in the same domain.
All the steps are done by me, and listed all the major Points here in this post, although if found inexactitudes, please do let me know.
your valuable suggestions are always welcomed !!!
Posted By Sheikvara
+919840688822, +919003270444