Deploying Windows Server 2012 R2 Essentials in an Existing Active Directory Environment

Deploying Windows Server 2012 R2 Essentials in an Existing Active Directory Environment

  • Comments 51
  • Likes

[This post comes to us courtesy of Rituraj Choudhary from Global Business Support]

In this post we will discuss deploying Windows Server 2012 R2 Essentials in an existing Active Directory domain. Some key points to keep in mind in this scenario are:

  • The Windows Server 2012 R2 Essentials once deployed, must be the domain controller at the root of the forest and domain, and must hold all the FSMO roles.
  • Windows Server 2012 R2 Essentials can only be deployed into a single domain. Also, a read-only domain controller cannot exist in this domain.
  • It can be installed in a pre-existing Active Directory domain only on the pretext that you are migrating to Windows Server 2012 R2 Essentials. Note that there is a grace period of 21 days for completing the entire migration from previous versions of Windows Server Essentials or Small Business Server editions.

Note: If you are planning to deploy a Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with Windows Server Essentials Experience role in an existing Active Directory environment, please follow our previous post.

Here are the steps we need to cover for this deployment:

Before beginning the deployment of Windows Server 2012 R2 Essentials in the existing domain, make sure you plan, rehome and reconfigure your Line of Business applications, so that they are available during and post migration, as per your business requirements.

The first step towards the deployment of the Windows Server 2012 R2 Essentials in an existing domain is to complete the initial setup. Once the installation is complete and the server reboots, log on with the local administrator account.

Important: When you log on to the server desktop, you will see Configure Windows Server Essentials wizard that gets triggered automatically. Click Cancel (1) to cancel this wizard at this time, and confirm the cancellation by clicking Yes (2) to the subsequent warning.

Make sure you are connected to the local network. To double-check, you may ping the internal domain name to verify that it resolves to the IP address of the source domain controller.

In most probability you would like to change the name of the server conventionally. Make sure to do that right now, if you intend to. The simplest way would be to open a PowerShell window as an administrator on the target Windows Server 2012 R2 Essentials and issue the following command:

Rename-Computer <new name>
<new name> is the new name of the local computer in the above command.

For example:

Restart the computer for the changes to take effect. Please note that the Configure Windows Server Essentials wizard will show up again and you need to cancel it.

Confirm the new computer name by issuing command hostname on a PowerShell or a Command Prompt window.

The next step is to add this Windows Server 2012 R2 Essentials to the domain as a replica domain controller. To accomplish this, open Server Manager. On the Server Manager Dashboard, click Manage, and then click Add Roles and Features.

On the Add Roles and Features Wizard that shows up subsequently, proceed through by clicking Next on each of these pages: Before You Begin, Installation Type, and Server Selection with the default options selected. On the Server Roles page, click to select Active Directory Domain Services.

This action pops up a new dialog to add some features. Click Add Features to add the features that are required for Active Directory Domain Services. Click Next on Features and AD DS (Active Directory Domain Services) pages, and Install on the Confirmation page.

Once the installation is complete, click Close to close the wizard.

Back on the Server Manager, click the Notifications flag, and click Promote this server to a domain controller to promote the server to a domain controller.

This action should bring up the Active Directory Domain Services Configuration Wizard. On the Deployment Configuration page, select the option Add a domain controller to an existing domain, and then click Select… button next to the Domain field.

You need to enter the domain administrator credentials here, so that it picks up the domain name that exists in the local network.

Select the existing domain name here. Once you click OK, the Domain field should now populate with the FQDN of the domain name, e.g. contoso.local. Click Next.

On the Domain Controller Options page, leave the default options selected, and enter a Directory Services Restore Mode (DSRM) password. Keep it safe so you won't lose it. Now click Next.

Proceed on these pages with the default options selected: DNS Options, Additional Options, Paths, Preparation Options, and Review Options. On the Prerequisite Check page, after certain checks are validated, you will be presented with an option to install. Click Install to proceed.

Note: After you click Install, the server would automatically reboot at the end of the promotion operation.

PowerShell Script:

We have put the GUI options on the blog post for better grasp and visibility by an end user. You may also choose this PowerShell Script over the GUI.

Import-Module ServerManager

Add-WindowsFeature AD-Domain-Services

Import-Module ADDSDeployment

Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "contoso.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true
' * contoso.local is the domain name in this example
' * The server will reboot automatically to complete the operation

After the reboot, you would be presented with the domain account to log in with since the server is joined to the domain at this point. After the logon, it will wind up the process of domain controller promotion. You can then verify the domain join and domain controller functionality on a PowerShell window as:

Dir ENV:\U*
Import-Module ActiveDirectory

You would again see the Configure Windows Server Essentials wizard pop up. Let's minimize the wizard this time.

Let us now transfer the FSMO roles to the new server. Check the current FSMO role holder domain controller using the command:

netdom query fsmo

These FSMO roles should be with your source server currently.

Run the following commands on an elevated PowerShell window on Windows Server 2012 R2 Essentials to transfer all the FSMO roles on Windows Server 2012 R2 Essentials:

Move-ADDirectoryServerOperationMasterRole –Identity <Target-DC> 0,1,2,3,4
* <Target-DC> is the name of the new Windows Server 2012 R2 Essentials in the above command.

You can either say 'a' once or 'y' 5 times for each operation master roles transfer in the subsequent prompts.

That is pretty much it. You may again run the netdom query fsmo command to verify that they are now with the new Windows Server 2012 R2 Essentials.

Let us now restore the Configure Windows Server Essentials wizard from the Taskbar or Server Manager under Notifications, and click Configure on the Configure Windows Server Essentials page.

This should take a few minutes. Click Close on the Results page after the configuration is complete.

Change the scope options on the DHCP server on the existing domain to point to the new Windows Server 2012 R2 Essentials as the DNS server.

Follow up by demoting the source server. The shortest way to accomplish this is to run the command Uninstall-ADDSDomainController on an elevated PowerShell window on the source server.

Please note that this process reboots the server automatically to complete the operation. After the source server reboots, you may remove the Active Directory Domain Services role from the Server Manager on the source server.

You are now ready to use your new Windows Server 2012 R2 Essentials. You may now proceed to add client PCs using the connect wizard so that it shows up in the DEVICES tab of the Windows Server Essentials Dashboard, set up Remote Web Access etc. and other Essentials features as per your requirement.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • hej folKens ha det fjong

  • Cannot open my mail account

  • Need new address for mail account

  • Great Blog . I have read this blog and I really like this blog .

    I think that will helpful for any person .
    I just come internet for learn more about">Buy Email Database
    I need to know some answer about this topic..

  • Thanks for the overview!

    I'm planning a migration of an SBS2003 server to server 2012 R2 Ess with a mix of XP & Win7 clients:

    - will the XP clients continue to work during the 21day grace period when the 20212 server "lives" besides the SBS2003 server
    - will the LOB applications continue to work on the SBS2003 server during the 21day grace period. As such I could plan the move to the 2012 Ess server during the 21 days.
    - Do I need to re-add the Win7 clients to the 2012 Ess R2 server or will the migration (via replica DC) take care of this? If so, will the essentials features be added (like PC backup) to the Win7 clients without re-adding them via the 2012 Ess R2 connect computer Wiz?

    Thanks for your help!


  • I followed your scenario but I am stuck on this part: "Move-ADDirectoryServerOperationMasterRole –Identity 0,1,2,3,4". My 2012R2 Essentials servers replies with this error after executing the command:
    Move-ADDirectoryServerOperationMasterRole : Could not find attribute: 'dNSHostName' on object: 'CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname (not showing real one",DC=local'.
    Any ideas on what goes wrong?

  • nice try,
    but did you test that with an SBS2003? I have the problem, that the Essentials Server (after joining the domain) does not find an ADWS Server for connecting the powershell to AD. When installing the AD Gateway Services on the SBS2003, the Essentials is able to use the powershell. So far so good, but in three weeks? To be more clear: the Essentials installs the ADWS and starts it, but the powershell is not able to find and connect to it! Any ideas?
    Thx L.

  • I have gone through your post and finds this extremely informative.

  • @Wouter Pinkhof

    If you get the dNSHostName attribute error, you can resolve it by right clicking PowerShell and running it as an administrator.

  • Great article with graphics, thank you so much!!! All the steps worked perfectly for me coming from 2003 std to 2012 R2 Essentials... except the end!

    The Essentials wizard, that we had minimized, "Configuration encountered some issues" please click retry. Not sure how to proceed.

  • @Dan - reply to myself... found the fix. In case this helps anyone else::::

    The post-config wizard won't let you configure the Essentials Experience role because it's unable to start the 'Windows Server Essentials Management Service' system service. This service is configured to run under the \ServerAdmin$ account. This account must have 'Log on as a service' rights.

    Go to Group Policy Management
    Edit your policy, such as the 'Default Domain Controllers Policy'
    Go to Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ User Rights Assignment
    Edit 'Log on as a service' and add 2 accounts: \ServerAdmin$ and \MediaAdmin$
    The ServerAdmin$ is enough to let the wizard finish the configuration. The MediaAdmin$ is needed for the 'Windows Server Essentials Media Streaming Service'.

    SECONDLY, make sure DNS is
    Hope this helps.

  • How about the DHCP migration ? Does it require special steps or could I follow standard DHCP migration tools like netsh ?

  • I have tried this but, the server manager will not open until I complete the configuration wizard. Any work around?

  • thanks

  • We ran into the "cannot find attribute DNSHostname on Object ..." on our migration too. We were running Powershell as Admin. Earlier when running the Domain, we got a warning that DNS forwarder had to be manually setup. Wonder if there is a connection...