February 10, 2014

Add Windows Server 2012 as a Domain Controller

Windows Server 2012 provides advancements to every area of IT services, and that certainly includes Active Directory. Whether you're looking to take advantage of Dynamic Access Control, begin virtualizing your Active Directory infrastructure, or start using one of the other amazing features that Windows Server 2012 Active Directory offers, it all begins with getting a Windows Server 2012 added as a domain controller.

What Happened to dcpromo?

Similar to previous versions of Windows Server, you start the process of making a server into a domain controller by adding the Active Directory Domain Services roles to your computer. However, in Windows Server 2012, you do not run dcpromo to promote your server to a domain controller. In Windows Server 2012, dcpromo has been deprecated.

So what replaces dcpromo in Windows Server 2012? There are now two ways to promote your server to a DC. The first option is to use PowerShell. This provides the ability to script the process, save the script, or batch the process out to multiple servers. The second option is a task made available in Server Manager that can be run to begin the promotion wizard.

Who Can Install Active Directory on Windows Server 2012?

If you are going to be creating the first domain in a new forest, log on as the local Administrator. If you're adding a new domain in an existing forest, be a member of the Enterprise Admins group for the forest you're going to join. To add a new domain controller to an existing domain, be a member of the Domain Admins group.

Once you're logged into the server with the correct account, you'll next add the Active Directory Domain Services feature to your server. You can install the Active Directory Services feature on to Windows Server 2012 by both PowerShell and Server Manager.

The fastest method of installing features in Windows Server 2012 is with PowerShell; let's take a look at the steps needed to accomplish this.
Install Active Directory Domain Services on Windows Server 2012 with PowerShell

Add-WindowsFeature -name ad-domain-services -IncludeManagementTools

It doesn't get any easier than that, but in case you want to do it the hard way, I'll show you how to add the Active Directory feature to your Windows Server 2012 using Server Manager, too.

Install Active Directory Domain Services on Windows Server 2012 with Server Manager
  1. Open Server Manager, then select Manage and click on "Add Roles and Features"
  2. Click Next on the "Before you begin" window
  3. Select Role-based or feature-based installation and then click Next
  4. Click Select a server from the server pool, click the name of the server to install Active Directory Domain Services to, and then click Next (If you wanted to install this on a remote server, you have to first create a server group containing the remote server)
  5. Click Active Directory Domain Services. When the Add Roles and Features Wizard dialog box opens, select Add Features, then Next
  6. On the Active Directory Domain Services page, review the information and then click Next
  7. On the Confirm installation selections page, click Install
  8. On the Results page, verify Installation succeeded, and click Promote this server to a domain controller to start the Active Directory Domain Services Configuration Wizard

The nice part about using the Server Manager method is that it takes you directly into running the Active Directory Domain Services Configuration Wizard, which is the utility which replaced the deprecated dcpromo.

Now that you've installed the features, you will need to promote the server into a domain controller.

How to Promote a Server to a Domain Controller in Windows Server 2012 with Server Manager

After installing the Active Directory Domain Services feature on your server, you can promote the server to a domain controller. If you have just finished the feature installation, the AD DS Configuration Wizard begins automatically.

However, if the feature installation has already been closed, you can start the Active Directory Domain Services Configuration Window by clicking the Tasks icon along the top of Server Manager.

1. Choose your Deployment Configuration.
  • To install a domain controller to an existing domain, specify the domain name.
  • To install a new domain in existing forest, choose "Child" or "Tree" domain, then browse for forest structure.
  • To install a new forest, specify the new forest name.
  • Then click Next.   
2. Choose your Domain Controller Options.
  • To create a new forest or domain, select the functional levels, click Domain Name System (DNS) server, specify the Directory Services Restore Mode password, and then click Next.
  • To add a DC to a domain, choose Domain Name System (DNS) server, Global Catalog (GC), or Read Only Domain Controller (RODC) as needed, choose the site name, and type the Directory Services Restore Mode password and then click Next.
3. If installing a DNS Server, you may need to Update DNS delegation. To update, enter credentials with permission to create DNS delegation records in the parent DNS zone. (To help determine if you need to update DNS delegation, see the Microsoft TechNet article Understanding Zone Delegation. For more information on any errors that may be generated by updating DNS delegation, see DNS Options.

4. If installing a Read Only Domain Controller (RODC), specify the group that will manage the RODC. Add or remove accounts to the Allowed or Denied password replication groups. Click Next.

5. On the Additional Optionspage, choose one of the following options:
  • To create a new domain, type or verify the NetBIOS name of the domain.
  • To add a DC to a domain, select a domain controller to replicate the AD DS installation data from (or the wizard can select "any"). 
6. Specify where the directories for the Active Directory database, the log files, and the SYSVOL folder will be. Click Next.
    Warning: Do not attempt to store any of the above on a Resilient File System data volume.
7. You may need to specify alternate credentials to run adprep on the Preparation Options page.
8. If you want to reuse these steps again, click View Script, and copy the text of the PowerShell script.
9. Verify your server was successfully promoted on the results page, then click Close.

A reboot is required and it happens automatically by default.

You can also automate this process with PowerShell.

How to Promote a Server to a Domain Controller in Windows Server 2012 with PowerShell

There are three PowerShell cmdlets, which coincide with the three deployment options:
Install-ADDSDomainController     Creates a new domain controller in an existing domain
Install-ADDSDomain     Creates a new domain in an existing forest
Install-ADDSForest     Creates a new forest

How to Add a Domain Controller using PowerShell


To use Install-ADDSDomainController, only three things are required:

    * domain name - which must be passed through the DomainName parameter
    * credentials - that are in the Domain Admins group of the domain
    * Directory Services Restore Mode password - which can either be passed through the SafeModeAdministratorPassword parameter, or it can be provided when prompted.

There are many more optional parameters that can be used, which specify everything from where to find the installation media, to whether or not to reboot when it's completed.

The simplest example of this is:

Install-ADDSDomainController "mydomain.local"

How to Add a Domain Forest using PowerShell

To use Install-ADDSDomain, you must also specify the parent domain name. Just as when using PowerShell to add a domain controller, you may either supply the Directory Services Restore Mode password in the cmdlet, or provide it when prompted.

This is an example of how to create a new domain in a forest with PowerShell:

Install-ADDSDomain  -NewDomainName  mychildn  `
-ParentDomainName mydomain.local; `
-InstallDNS `
-CreateDNSDelegation `
-DomainMode Win8 `
-ReplicationSourceDC  dc0.mydomain.local


Note: The ` character is used to continue the command on the next line

How to Add a New Forest with PowerShell

To use Install-ADDSForest, all that needs to be provided is the forest name. A prompt will allow the Directory Services Restore Mode password to be entered, and DNS is installed by default during a forest installation.

An example of this would be:

Install-ADDSForest "mydomain.local"

Or you could be more specific:

Install-ADDSForest –DomainName mydomain.loca  `
 -CreateDNSDelegation  `
 -DomainMode Win8   `     
 -ForestMode Win8


Though Windows Server 2012 removes the dcpromo that system engineers have been using since 2000, they have not removed the functionality. If a GUI is preferred by an active directory engineer, they may still have much of the look and feel provided through Server Manager. If a script or a command line interface is preferred, new cmdlets in PowerShell provide all of the flexibility of the GUI, with the added benefit or scalability and reusability.

No comments:

Post a Comment