Share via

Windows Server 2012 R2 Base Configuration for Public Cloud

  • Article

Overview

This article describes how to configure the DC1, APP1, and CLIENT1 computers of the Corpnet subnet of the Windows Server 2012 R2 Base Configuration test lab so that they are connected to your organization intranet, yet logically isolated from your production network. The following figure shows the new configuration:

This logical isolation is done through the corp.contoso.com domain hosted on DC1 and manual DNS configuration of APP1 and CLIENT1. The new configuration allows DC1, APP1, CLIENT1, and additional logical Corpnet subnet computers to be:  

  • Connected to the Internet through your organization network to automatically install updates, access Internet resources in real time, and participate in public cloud technologies such as Microsoft Office 365 and Microsoft Azure.
  • Hosted on different virtualization servers, instead of hosting them and other computers of the Corpnet test lab subnet on a single isolated internal subnet of a single virtualization server.
  • Remotely managed by your computer that is also connected to your organization subnet. For example, you can use a Remote Desktop Connection or a virtual machine portal, such as Microsoft Configuration Manager Virtual Machine Manager.

Key differences from the Test Lab Guide: Windows Server 2012 R2 Base Configuration are the following:

  • DC1 is no longer a DHCP server. It must either have a static IPv4 address configuration or a DHCP client reservation. Because APP1, CLIENT1, and other logical Corpnet subnet computers are configured with the IPv4 address of DC1 as their DNS server, the IPv4 address of DC1 must not change over time.
  • APP1 is now a DHCP client, rather than statically configured.
  • APP1 and CLIENT1 are manually configured to use the static or DHCP-reserved IPv4 address of DC1 as their DNS server and with the DNS domain suffix corp.contoso.com.
  • To provide name resolution for intranet and Internet resources, the DNS Server service on DC1 is configured to forward DNS queries to the addresses of intranet DNS servers.
  • To gain access to Web-based Internet resources, the computers of the logical Corpnet subnet must be configured to use the proxy server of the organization intranet. Please see your network administrator for the additional configuration that needs to be done to these computers, if needed.
  • Configuration procedures are done almost exclusively through Windows PowerShell.

There are three steps to setting up the logical Corpnet subnet of the Windows Server 2012 R2 Base Configuration test lab on an organization intranet.

  1. Configure DC1.
  2. Configure APP1.
  3. Configure CLIENT1.

Note: You must be logged on as a member of the Domain Admins group or a member of the Administrators group on each computer to complete the tasks described in this guide. If you cannot complete a task while you are logged on with an account that is a member of the Administrators group, try performing the task while you are logged on with an account that is a member of the Domain Admins group.

Important: The instructions for configuring the computers of the Corpnet logical subnet of the Base Configuration test lab is designed to be as simple as possible and require as few computers as possible. In some cases, servers provide multiple roles that would normally be placed on different servers. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network.

The following sections provide details about how to perform these steps.

Step 1: Configure DC1

DC1 provides the following services:

  • A domain controller for the corp.contoso.com Active Directory Domain Services (AD DS) domain.
  • A DNS server for the corp.contoso.com DNS domain.

DC1 configuration consists of the following:

  • Install the operating system.
  • Change the computer name to DC1.
  • Configure TCP/IP properties.
  • Configure DC1 as a domain controller and DNS server.
  • Configure DC1 to forward DNS requests to organization intranet DNS servers.
  • Create a user account in Active Directory.

Install the operating system

Install Windows Server 2012 R2 Datacenter as a standalone server.

  1. Start the installation of Windows Server 2012 R2 Datacenter (evaluation copy).
  2. Follow the instructions to complete the installation, specifying Windows Server 2012 R2 Datacenter (full installation) and a strong password for the local Administrator account. Log on using the local Administrator account.
  3. Run Windows Update to install the latest updates for Windows Server 2012 R2.

Change the computer name to DC1

Run the following Windows PowerShell commands at an administrator-level Windows PowerShell command prompt. Long command lines are indented for readability.

Windows PowerShell commands

 

Rename-Computer DC1

Restart-Computer

 

Configure TCP/IP properties

Configure a static IPv4 address configuration for DC1 (as needed).

Windows PowerShell commands

 

New-NetIPAddress StaticIPAddress -InterfaceAlias "Ethernet" -PrefixLength PrefixLength

Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses (ListOfDNSServerAddresses)

Configure the TCP/IP protocol with DNS settings.

Windows PowerShell command 

 

Set-DnsClient –InterfaceAlias "Ethernet" –ConnectionSpecificSuffix corp.contoso.com

 

Configure DC1 as a domain controller and DNS server

Configure DC1 as a domain controller and DNS server for the corp.contoso.com domain. 

 Windows PowerShell commands

 

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Install-ADDSForest -DomainName corp.contoso.com

 

Create a user account in Active Directory

Create a user account in Active Directory that will be used when logging in to CORP domain member computers.

 Windows PowerShell commands

Note that the first command results in a prompt to supply the User1 account password.

 

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=corp,DC=contoso,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com"

 
Step 2: Configure APP1

APP1 provides web and file sharing services. APP1 configuration consists of the following:

  • Install the operating system.
  • Configure TCP/IP properties.
  • Join the computer to the CORP domain.
  • Install the Web Server (IIS) role on APP1.
  • Create a shared folder on APP1.

Install the operating system

Install Windows Server 2012 R2 Datacenter as a standalone server.

  1. Start the installation of Windows Server 2012 R2 Datacenter.
  2. Follow the instructions to complete the installation, specifying a strong password for the local Administrator account. Log on using the local Administrator account.
  3. Run Windows Update to install the latest updates for Windows Server 2012 R2.

Configure TCP/IP properties

On DC1, run the ipconfig command from a Windows PowerShell command prompt to obtain its IP address.

On APP1, configure TCP/IP to use the IP address of DC1 as its primary DNS server and the corp.contoso.com connection-specific suffix.

Windows PowerShell commands

 

Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses DC1IPAddress

Set-DnsClient –InterfaceAlias "Ethernet" –ConnectionSpecificSuffix corp.contoso.com

To check name resolution and network communication between APP1 and DC1, run the ping dc1.corp.contoso.com command at the Windows PowerShell command prompt and verify that there are four replies.

Join the computer to the CORP domain

 Windows PowerShell commands

 Note that you must supply the User1 account domain credentials after entering the Add-Computer command.

 

Add-Computer -NewName APP1 -DomainName corp.contoso.com

Restart-Computer

After APP1 restarts, click Switch User, and then click Other User and log on to the CORP domain with the User1 account.

Install the Web Server (IIS) role on APP1

Install the Web Server (IIS) role to make APP1 a web server.

 Windows PowerShell command

 

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Create a shared folder on APP1

Create a shared folder and a text file within the folder on APP1.

 Windows PowerShell commands

 

New-Item -path c:\files -type directory

Write-Output "This is a shared file." | out-file c:\files\example.txt

New-SmbShare -name files -path c:\files -changeaccess CORP\User1

Note that the “Install the operating system on APP1,” “Configure TCP/IP properties,” and “Join APP1 to the CORP domain” procedures in this section can also be used to add more Windows Server 2012 R2-based server computers to the logical Corpnet subnet.

Step 3: Configure CLIENT1

CLIENT1 configuration consists of the following:

  • Install the operating system.
  • Configure TCP/IP properties.
  • Join CLIENT1 to the CORP domain.
  • Test access to intranet resources on the logical Corpnet subnet.

Install the operating system

Install Windows 8.1 Enterprise on CLIENT1.

  1. Start the installation of Windows 8.1 Enterprise (evaluation copy).
  2. When you are prompted for a PC name, type CLIENT1.
  3. When you are prompted by the Settings dialog, click Use express settings.
  4. At the Log on prompt, click Don't want to sign in with a Microsoft account? Click Local account.
  5. When you are prompted for a user name, type User1. Type a strong password twice, type a password hint, and then click Finish.
  6. Run Windows Update to install the latest updates for Windows 8.
  7. Click Yes, turn on sharing and connect to devices when prompted.

Configure TCP/IP properties

Configure TCP/IP to use the IP address of DC1 as its primary DNS server and the corp.contoso.com connection-specific suffix.

Windows PowerShell commands

 

Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses DC1IPAddress

Set-DnsClient –InterfaceAlias "Ethernet" –ConnectionSpecificSuffix corp.contoso.com

 

To check name resolution and network communication between CLIENT1 and DC1, run the ping dc1.corp.contoso.com command at the Windows PowerShell command prompt and verify that there are four replies.

Join CLIENT1 to the CORP domain

Join CLIENT1 to the corp.contoso.com domain. 

 Windows PowerShell commands

Note that you must supply the User1 account domain credentials after entering the Add-Computer command.

 

Add-Computer  -DomainName corp.contoso.com

Restart-Computer

After the computer restarts, log on as CORP\User1.  

Test access to intranet resources from the logical Corpnet subnet

Verify that you can access APP1 web and file share resources from CLIENT1.

  1. From the Start screen, click the Internet Explorer icon.
  2. In the Address bar, type http://app1/, and then press ENTER.  You should see the default IIS 8 web page for APP1.
  3. From the Start screen or the desktop taskbar, click the File Explorer icon
  4. In the address bar, type \app1\Files, and then press ENTER.
  5. You should see a folder window with the contents of the Files shared folder.
  6. In the Files shared folder window, double-click the Example.txt file. You should see the contents of the Example.txt file.
  7. Close the example.txt - Notepad and the Files shared folder windows.

If you use the URL http://app1.corp.contoso.com/ in the Address bar of Internet Explorer, you might receive The website cannot be found error message. This happens when the CLIENT1 computer has been configured with a proxy server, which attempts to resolve the app1.corp.contoso.com name on the behalf of the CLIENT1 computer. Because the corp.contoso.com DNS domain is not part of your organization's DNS infrastructure, the proxy server cannot resolve the name.

Note that the “Install the operating system on CLIENT1,” “Configure TCP/IP properties,” and “Join CLIENT1 to the CORP domain” procedures in this section can also be used to add more Windows 8.1-based client computers to the logical Corpnet subnet.

Snapshot the Configuration

This completes the configuration of the logical Corpnet subnet of the Base Configuration test lab. To save this configuration for additional test labs, do the following:

  1. On all physical computers or virtual machines in the logical Corpnet subnet, close all windows and then perform a graceful shutdown.
  2. If your lab is based on virtual machines, save a snapshot of each virtual machine and name the snapshots Corpnet Base Configuration. If your lab uses physical computers, create disk images to save the Base Configuration.

For a list of additional Microsoft TLGs, see Test Lab Guides.