Contents

1. Introduction ............................................................................................................................................... 3 1.1. 2. 3. Setup .............................................................................................................................................. 3

Introduction to Active Directory Services .............................................................................................. 4 Installing and Configuring Active Directory Services........................................................................... 5 3.1. 3.2. Joining to Domain ........................................................................................................................... 5 Promoting Member Server to Additional Domain Controller .......................................................... 7

1.

Introduction

This document covers the steps involved to install and Configure Active Directory Domain Services on Windows Server 8 Beta edition. The article provide image assist for every step outlined below and possible one line description about each step involved in installing Directory service on Windows Server 8.

1.1. Setup
Below table contains Servers used in the lab followed by the different services required for successful implementation of Directory service on Windows server 8. Servers Configuration Services Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2008 R2

Windows Server 2008 R2

Specification Microsoft Hyper-v Server, 8GB Ram , Intel Dual core processor Active Directory Domain Controller DNS Server ( optional ) Can be installed the DNS service on the domain controller Additional Domain Controller Additional Domain DNS Server ( optional ) Can be installed the DNS service on the domain controller Dynamic Host Configuration Protocol

Services Configuration Services Active Directory Domain

Specification Active Directory Forest 1 Active Directory Domain 2 Additional Domain Controller 1

Network Connectivity

Microsoft Active Directory Domain Domain Naming Server Dynamic Host Configuration Protocol Firewall Configuration Group Policy Management Distributed File System

1 NIC connecting external , 1 Internal Network connecting between virtual machines and Microsoft Host Hosted on Virtual Machine Configured on virtual machine Configured on Virtual Machine to provide DHCP address for virtual machine clients Open port 139, RPC, 443, 445 Configured on Virtual Machine / Active Directory domain Configured on Virtual machine

2.

Introduction to Active Directory Services

Active Directory domain services are used primarily to manage Users and Resource management across Enterprise infrastructures spanning the physical subnets across the globe. Active Directory domain provides distributed database to store and manage application data, user data and computer data respectively. Active directory structure comprises of Single forest, with multiple domains and child domains. Administrator can configure active directory domain based on the physical subnets , it is advisable to install directory server on the physical site. Active directory provides different security boundaries in the form of
a) b) c) Forest Domain Organizational Units

We would understand the different functionality provided by Active directory service in Windows Server 8 from the below sections.

3.

Installing and Configuring Active Directory Services

After successfully deploying Windows Server 8 on the Virtual machine, upon the logon, it prompts users to change the administrative password. The default security policy requires users to change the password for the first time ,as shown in the below screen.

3.1. Joining to Domain

Upon login, add the server to existing active directory domain. Windows Server 8 do not has the iconic Start Menu , but it provides start through which users / administrators can perform the common tasks.

Click Windows key + R for run command, type Ncpa.cpl > right click on Network adapter properties > assign the Static IP address. If server is unable to ping or access resources across VMs , please make sure that the Virtual Host properties should be configured for appropriate Network adapter , as shown below. For my lab I have created Internal network called as Internal Testing Network.

Navigate to Computer > right click Properties > Computer Name > Change configure the server to join to the existing Active directory domain, as shown below . Under Domain add the domain ( Eg: contoso.com) and click OK, after successfully joining the server to existing Active directory domain, it should be restarted.

3.2. Promoting Member Server to Additional Domain Controller

In our lab, I have added Windows Server 8 Beta server to existing domain , to promote the member server to additional domain controller follow the below steps. Please note that when you run dcpromo.exe you will see the following message, the Active directory domain services is integrated with Server Manager.

Please follow the below steps to add Active Directory Domain Services Step1: Click Server Manager Icon from the Task bar

Step2: Click on Add roles and Features as show below

Step 3: Click Next from the above wizard

Step4: The Add roles and Features wizard is new when compared to Windows Server 2008 R2 which allows you to select a server from Server pool or select a virtual hard disk. For our test we will select the first option Select a server from the server pool , you can see from below that my server is listed under Server Pool and click Next.

Step5: The next wizard will allow administrators to add the Active directory domain services, and click Next

Step6: Click Next without selecting any Features

Step7:Click Next from the below wizard

Step8: On the Confirmation wizard select Restart the destination server automatically if required click Install.

Step9: The Active directory domain services will be installed on the server.

The below wizard shows that Active directory domain services components got successfully installed.

After configuration completes successfully, following are the wizards would get installed and configured with Domain services
a) b) c) d) Active Directory Users and Computers Active Directory Domains and Trust Active Directory Sites and Services Active Directory Administrative Center

From the above services administrators would be able to manage day-day Active directory operations which includes managing existing Active directory domain, User management, Group management, Security delegation, OU creation, Pre-configured RODC , Configuring and managing Active Directory Sites and services, Active Directory replication , Active directory Trust etc.. Note: We havent configured the server as Domain controller, we will be promoting the server to Additional domain controller using the below steps. If administrators wonder why DCPromo.exe doesnt provide the UI to promote to Additional domain controller or to create new domain in existing forest, below are few additional steps we need to perform. Click on Server Manager and navigate to AD DS role as shown below

Click on More which is towards right end of Configuration Required for Active Directory Domain Services , administrators will view the below wizard

From the above wizard click on Promote this server to a domain which would bring the following wizard

From the above wizard, administrator can perform the following actions
a) b) c) d) Add additional Domain Controller to an Existing Domain Add new Domain to Existing Active directory Forest Add new child domain to existing Active Directory Forest Create a New Active directory Forest.

In our lab we will create a child domain to existing domain using the below procedure. Step1: Select Add a new domain to an existing forest option from the above wizard which gives administrators to configure either Child domain or create a new domain under existing Active directory Tree.

We will select Child Domain from the above wizard

Step2: Under Parent Domain Name click Select button. The wizard will prompt for the domain administrator credentials to retrieve the domains under the forest, as seen from below screen

Note: The above procedure is mandatory otherwise the Next tab will not be activated and supplies the appropriate credentials.

Step3: Upon click Next, the wizard provide the option to configure the new Domain controller either
a) b) c) d) e) Domain Functional Level Global Catalog server DNS server RODC server Site Name selection

Select the domain functional level appropriately, site name and enter the password for DSRM and click next.

Step4: The below wizard will configure DNS delegation by default, as we are deploying new domain under existing DNS name space which is Corp.test.local, which is shown below

Step5: The below wizard provides the option to change NetBios name , I have configured as Win8DC

Step6: Specify the Sysvol folder path location , I kept them as default

Step7: The next wizard provides option to review the settings that we have configured earlier, optional is to view powershell script.

Step8: click Next , the wizard will run Prerequisites check which validates the configuration by checking the Forest root domain, replication health state across all the domains within the Forest. The pre-requisite check wasnt available with Windows Server 2008 R2 and this provides administrator to deploy active directory domain in structured format.

Conclusion:
The above article outline the steps involved in preparing Windows Server 8 on Virtual machine and configuring the server as Child Domain Controller. This article provided the information with screenshots and step-by-step guide.

Sainath is a MVP for Directory Services and works for Avanade Asia Pte Ltd, Singapore. He is an active Speaker at Microsoft Singapore Windows User Group and blogs about Directory services , Winternals and Virtualization. He is the Reviewer of Microsoft Operations Framework for Active Directory , Windows Server, Hyper-v and Certificate Services and beta tester for Windows Server 2008 R2 , SCVMM