How to: Build a Server Core Domain Controller

When I started putting together my standard virtual machines for development and demonstrating SharePoint 2010, I wanted to have a domain controller that I could share and use for any new image. That way I don't need to continually recreate my service accounts and test users every time, which means the effort I put into creating AD groups and populating user properties is also re-used.

 

Why server core? Server core flavours of Windows Server don't provide a UI, and are usually used to build specialized, minimal servers to provide a specific capability. The domain controller described here runs fine with 512 MB RAM and though I've assigned it a 10 GB hard drive my own uses only about 5 GB of storage. They aren't used more because it's a pain to install and configure services; without a UI that means the action is at the command-line. By providing the steps here you can get past the pain, and AD thereafter is managed from any other Windows Server (like a SharePoint server) using the AD Management UI you're used to.

 

I intended to post this months ago and haven't had time to "flesh it out," but a few people have asked and I'd rather not delay it further. I did find a few references around the web on how to build a server core DC, but all seemed to skip something or other, so this is actually the most complete (or was when I wrote it). If you just want a regular (i.e. non-server core) DC then go check out this post from Kirk Evans: http://blogs.msdn.com/b/kaevans/archive/2010/04/17/creating-a-windows-server-2008-r2-domain-controller.aspx

 

Some steps are written like a pseudo-batch file with comments or instructions marked with "REM," while other parts are more step-like. I built mine on VMWare, but you could execute this on any virtualization platform or even bare metal. A few note: "Type this command, or replace the quotes and spaces after you paste it." If you don't do this, then I guarantee that some commands will fail. As near as I can figure, this is because of internal conversions between character sets when cutting and pasting.

 

Here we go!

These steps build a server with:
- Windows Server 2008 R2 Server Core
- DNS Role
- Active Directory Domain Controller (DC) Role
- IP address: 192.168.5.2 (you can use your own, just be consistent)
- Gateway to the internet via host machine at IP: 192.168.5.1 (ditto)

 

Create a new VM
Install Windows Server 2008 R2 Server Core

 

REM Allow terminal services
cscript C:\Windows\System32\Scregedit.wsf /ar 0

 

REM Allow Remote Desktop
Note: Type this command, or replace the quotes and spaces after you paste it.
netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes

 

REM Allow Remote Administration
Note: Type this command, or replace the quotes and spaces after you paste it.
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes

 

REM Set newname in the next line to the preferred machine name:
netdom renamecomputer %computername% /newname:CoreDC

 

REM Restart
shutdown /r /f /t 0

 

REM Note the default gateway shown by this command, it should match your host machine's IP
ipconfig /all
REM Note the interface name shown by this command, you will use it to set a static IP
netsh interface ipv4 show interface

 

REM Update this command with the connection name, preferred static IP, and gateway (host) IP
REM Note: Type this command, or replace the quotes and spaces after you paste it. If not an error message is displayed.
netsh interface ipv4 set address name=”Local Area Connection” source=static address=192.168.5.2 mask=255.255.255.0 gateway=192.168.5.1 1

 

REM Check that the static IP took effect
ipconfig /all

 

REM Add DNS and DC roles with a new forest, all machines should be Windows Server 2008 or above
dcpromo /unattend /InstallDns:yes /dnsOnNetwork:yes /replicaOrNewDomain:domain /newDomain:forest /newDomainDnsName:contoso.dev /DomainNetbiosName:contoso /databasePath:"c:\Windows\ntds" /logPath:"c:\Windows\ntdslogs" /sysvolpath:"c:\Windows\sysvol" /safeModeAdminPassword:Contoso123 /forestLevel:3 /domainLevel:3 /rebootOnCompletion:yes

 


Create and configure additional servers
- Install Windows Server 2008 R2
- Install updates
- Set an IP address in the same VMWare subnet (e.g. 192.168.5.x)
- Use your new DNS/DC as the DNS server
- Update the machine name and connect to the infusion.dev domain
- In VMWare, add a second network card using NAT. You may need to adjust the DNS settings to match those used by your host machine.
- Open a browser to confirm that you have internet access

 

- Install the Remote Server Administration Tools (RSAT) on at least one machine
- Control Panel, Programs and Features, Windows Features, Add Features
- Expand Remote Server Administration section, select AD and DNS checkboxes
- A restart will be required

No Comments