My Core box. How to turn a near obsolete PC in a Lab Domain Controller.

My Core box. How to turn a near obsolete PC in a Lab Domain Controller.

  • Comments 2
  • Likes

Hello folks,

I was reading Mohamud’s post and it made me think of my own lab environment. I had been thinking about writing about it for a while now, but something always came up.  So, this morning I gathered the documentation i had kept when i setup my environment (and yes for those who doubt, i do document my setups) and  actually got to it.

When i started my preparation for the EnergizeIT demos, and for other screen casts I am planning. I realized I needed to rebuild the domain setup for my lab.  I also wanted to check out a few scenarios discussed with TechDays attendees during the “Streamlining Administration of Your Deployments of Active Directory Using Group Policy Preferences, Templates, and Scripting” session.

So I started looking for a spare machine for the DC.  I know, I can do all this virtualized, but I wanted to setup a permanent infrastructure I can work with for the long haul. Therefore I was looking for a DC, I could setup in my wiring closet in my home office and leave it there.

I found some pieces from different computers in storage (yes, I’m a pack rat... I never throw out anything.) an ATX case, an ASUS P4B motherboard, a Pentium 4 processor (2.2GHz) and 768MB of memory (1x512 + 1x256) and an old DVD reader. The only part I had to source outside was the HHD. For that I bought a 250GB drive, and I was good to go.

As you can guess the hardware platform is fairly weak. So, a core installation should be perfect, small footprint and more resources dedicated to what it is needed for.

I was off to the races. Booted from the DVD of Windows 2008 Enterprise Server x86, and I proceeded with the installation. I will spare you the details of the initial installation, I believe that most of us can click next... ;)

Ok, now I have a core server.  WOOOOHOOOO!!!!

But, at this point,   it does nothing!!!!

Here comes the part that is fun. How do I turn this brick into something useful? What will I need it for? Hmmm... Planning… Something I should spend more time doing. Anyway, I need the following:

  1. An Active Directory Domain controller
  2. A File server
  3. A DHCP and DNS servers

Ok. Now that I knew what I needed, I proceeded with the configuration

Find interface index and set IP address

Before anything else i needed to establish connectivity. The following command identified the interfaces currently installed.

netsh interface ipv4 show interface

This returned:

Idx  Met   MTU   State        Name
---  ---  -----  -----------  -------------------
  2   50   1500  connected    Local Area Connection
  1   50 4294967295  connected    Loopback Pseudo-Interface 1

I needed to apply the changes to the idx= 2 interface.

netsh interface ipv4 set address name="2" source=static address="192.168.1.50" mask="255.255.255.0" gateway="192.168.1.1"

now that I have an IP address, I need to define name resolution. Since I will be setting up a DNS server on this box later I configured the DNS settings to point to the following

  1. 127.0.0.1 (local host)
  2. 206.248.154.22 (my ISP DNS)

netsh interface ipv4 add dnsserver "Local Area Connection" 127.0.0.1
netsh interface ipv4 add dnsserver "Local Area Connection" 206.248.154.22 index=2

Enter activation key & Activate Server

In order to enter the proper product key (which I forgot do during the installation) and to activate my server i executed the SLMGR.VBS script from the c:\windows\system32 directory:

cscript slmgr.vbs -ipk ABCDE-FGHIJ-KLMNO-PQRST-UVWXY (enter a new product key)
cscript slmgr.vbs -ato (Activate the server)

Enable automatic updates

To verify the current setting, type:

cscript scregedit.wsf /AU /v

To enable automatic updates, type:

cscript scregedit.wsf /AU 4 (not “/4” like I’ve seen it everywhere documented on the net.)

Rename the computer

To rename the computer from “WIN-GT7XU399GSZ” to “CENTRAL”, type:

Netdom renamecomputer win-gt7xu399gsz /NewName:Central

Restart the computer

I needed to restart the server in order to have the new name active:

Shutdown /r /t 0

Once the server is restarted, it’s now time to install the DNS role, the DHCP role and the Active Directory Domain Services role.

Install DNS service

The command to install the DNS Role is:

start /w ocsetup DNS-Server-Core-Role

Active Directory Domain Services role and create a Domain Controller

The dcpromo command in a server core need to be accompanied by an unattended text file since the dcpromo graphical interface cannot be displayed.

The unattend.txt Content is:

[DCINSTALL]
AutoConfigDNS=Yes
DomainNetBiosName=Homenet
NewDomainDNSName=homenet.local
ReplicaOrNewDomain=Domain
NewDomain=Forest
ForestLevel=3
DomainLevel=3
SafeModeAdminPassword=PassW0rd12#
RebootOnCompletion=No

The dcpromo command is

dcpromo /unattend:c:\unattend.txt

I specified “RebootOnCompletion=No” in my unattend.txt file since i want to validate that no error occurred during the dcpromo process. I restarted the server after the verification using the following command.

Shutdown /r /t 0

Once the Domain controller is created and that that server has rebooted, I needed to enable a few items:

Enable remote desktop SCregEdit.wsf /ar 0
Enable Remote Management WinRM quickconfig
Enable firewall for remote management netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Enabling the Remote Administration firewall rules allows pretty much any MMC to connect. However, there may be situations where you only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:

MMC Snap-in

Rule Group

Event Viewer

Remote Event Log Management

Services

Remote Service Management

Shared Folders

File and Printer Sharing

Task Scheduler

Remote Scheduled Tasks Management

Reliability and Performance

“Performance Logs and Alerts” and “File and Printer Sharing”

Disk Management

Remote Volume Management

Windows Firewall with Advanced Security

Windows Firewall Remote Management

You need to enable these on the DC firewall in order to allow the MMC to connect across the network. To do so, use the following command:

Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes

Where <rule group> is the name in the above table.

Install DHCP server

To install the DHCP server on the DC I simply installed the role, set the service to start automatically and started it using the following command:

start /w ocsetup DHCPServerCore

sc config dhcpserver start= auto

net start dhcpserver

Install File Services role

The last role I needed installed is the File service role. This one installed by using:

start /w ocsetup FRS-Infrastructure

Done!

My Core DC is now installed and ready to assist me in testing new scenarios and to build my demos. The only thing remaining is to spin up a Vista or another Windows 2008 box so i can use the management tools to manage my DC remotely.

I hope this is useful for you. If you have scenarios you would like us to try out don’t hesitate to contact me. Now that I have a proper lab.... ;)

Cheers!

Signature

Pierre Roman, MCSE, ITIL| Microsoft Canada Co.| IT Pro Advisor | pierre.roman@microsoft.com
phone: 613-212-2370 mobile: 613-715-2311

IT Pro blog | Twitter | Facebook | LinkedIn

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi Pierre,

    I have been using a script to install updates on my Core Hyper-V test server. The script is available from MSDN: http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

    Since I added the SCE2007 virtual machine to manage updates, I no longer use the script for the Core Hyper-V server.

    Just thought this might help someone else.

    Mohamud

  • Thanks for the info Mohamud.

    Pierre