When I started putting together my standard virtual machines for development and demonstrating SharePoint 2010, I wanted to have a domain controller that I could share and use for any new image. That way I don't need to continually recreate my service accounts and test users every time, which means the effort I put into creating AD groups and populating user properties is also re-used.
Why server core? Server core flavours of Windows Server don't provide a UI, and are usually used to build specialized, minimal servers to provide a specific capability. The domain controller described here runs fine with 512 MB RAM and though I've assigned it a 10 GB hard drive my own uses only about 5 GB of storage. They aren't used more because it's a pain to install and configure services; without a UI that means the action is at the command-line. By providing the steps here you can get past the pain, and AD thereafter is managed from any other Windows Server (like a SharePoint server) using the AD Management UI you're used to.
I intended to post this months ago and haven't had time to "flesh it out," but a few people have asked and I'd rather not delay it further. I did find a few references around the web on how to build a server core DC, but all seemed to skip something or other, so this is actually the most complete (or was when I wrote it). If you just want a regular (i.e. non-server core) DC then go check out this post from Kirk Evans: http://blogs.msdn.com/b/kaevans/archive/2010/04/17/creating-a-windows-server-2008-r2-domain-controller.aspx
Some steps are written like a pseudo-batch file with comments or instructions marked with "REM," while other parts are more step-like. I built mine on VMWare, but you could execute this on any virtualization platform or even bare metal. A few note: "Type this command, or replace the quotes and spaces after you paste it." If you don't do this, then I guarantee that some commands will fail. As near as I can figure, this is because of internal conversions between character sets when cutting and pasting.
Here we go!
These steps build a server with:
- Windows Server 2008 R2 Server Core
- DNS Role
- Active Directory Domain Controller (DC) Role
- IP address: 192.168.5.2 (you can use your own, just be consistent)
- Gateway to the internet via host machine at IP: 192.168.5.1 (ditto)
Create a new VM
Install Windows Server 2008 R2 Server Core
REM Allow terminal services
cscript C:\Windows\System32\Scregedit.wsf /ar 0
REM Allow Remote Desktop
Note: Type this command, or replace the quotes and spaces after you paste it.
netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes
REM Allow Remote Administration
Note: Type this command, or replace the quotes and spaces after you paste it.
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
REM Set newname in the next line to the preferred machine name:
netdom renamecomputer %computername% /newname:CoreDC
REM Restart
shutdown /r /f /t 0
REM Note the default gateway shown by this command, it should match your host machine's IP
ipconfig /all
REM Note the interface name shown by this command, you will use it to set a static IP
netsh interface ipv4 show interface
REM Update this command with the connection name, preferred static IP, and gateway (host) IP
REM Note: Type this command, or replace the quotes and spaces after you paste it. If not an error message is displayed.
netsh interface ipv4 set address name=”Local Area Connection” source=static address=192.168.5.2 mask=255.255.255.0 gateway=192.168.5.1 1
REM Check that the static IP took effect
ipconfig /all
REM Add DNS and DC roles with a new forest, all machines should be Windows Server 2008 or above
dcpromo /unattend /InstallDns:yes /dnsOnNetwork:yes /replicaOrNewDomain:domain /newDomain:forest /newDomainDnsName:contoso.dev /DomainNetbiosName:contoso /databasePath:"c:\Windows\ntds" /logPath:"c:\Windows\ntdslogs" /sysvolpath:"c:\Windows\sysvol" /safeModeAdminPassword:Contoso123 /forestLevel:3 /domainLevel:3 /rebootOnCompletion:yes
Create and configure additional servers
- Install Windows Server 2008 R2
- Install updates
- Set an IP address in the same VMWare subnet (e.g. 192.168.5.x)
- Use your new DNS/DC as the DNS server
- Update the machine name and connect to the infusion.dev domain
- In VMWare, add a second network card using NAT. You may need to adjust the DNS settings to match those used by your host machine.
- Open a browser to confirm that you have internet access
- Install the Remote Server Administration Tools (RSAT) on at least one machine
- Control Panel, Programs and Features, Windows Features, Add Features
- Expand Remote Server Administration section, select AD and DNS checkboxes
- A restart will be required
Wow, this Saturday offers 21 sessions in 3 tracks, all for free. Given the billable rate of this speaker list, this has to be the best bargain you'll see for a while. And I'm going to go ahead and reveal a secret here - attendees at SharePoint Saturday will be eligible for a great discount on the SharePoint Summit, coming to Toronto this January 31 through February 2. The only catch? You need to attend to get the discount. But I'm sure you wnat to be there anyway, this is a world-class event and a great way to kick-start or build on your SharePoint knowledge.
I'll be there Saturday afternoon with a session I call "Strategies for building SharePoint capacity." This is for managers, sponsors, development and test leads, and perhaps the IT Ops leads who manage the pipeline. The focus is on building the team and pipeline - what the people in each role can expect from each other and what each is responsible for, in order to make the whole process work. Like many things this harkens back to the mantra of dog trainers: “Don’t train dogs, train owners.” This session is training for SharePoint owners. Learn what great SharePoint teams look like, understand the planning and capabilities that make it so, and how to build solid teams to manage both its hosting and your solution delivery pipeline. I'll also be providing examples and anecdotes from recent projects.
Thanks to Kanwal and his dedicated crew of volunteers for putting this together, and to all the sponsors for making the day possible. Afterwards I expect we'll head across the street from Microsoft Canada to the Firkin to decompress over a SharePint. Register today, space is limited and it's rapidly filling up. See you Saturday!
SharePoint Saturday Toronto Registration