Active Directory: Configure Child Domain Different Subnet using Hyper-v
** **
Credits
This article was orginally published by Sainath IRP_MJ_CREATE, but due to technical platform issues the original article got corrupted and was republished
Introduction
With the need of virtual infrastructure getting high attention for performing testing either in Mid-size or Enterprise organization, need for quick network turnover time is required. There are many scenarios where Engineers have to demonstrate their applications with a day in their hand, Hyper-v saves you from those scenarios. Be it for learning, testing or presentation, the below guide will provide configuration of domains across multiple subnets in Hyper-v environment.
This lab is built on the following
| Servers | Description |
| Windows server 2012 ( standard / Enterprise) - X 2 | Server hosted for Active Directory |
| Windows Sever 2008 R2 / Windows Server ( standard or Enterprise)2012 | Server hosted as Router |
Note*: Licensing should be managed accordingly*
| Services | Description |
| Hyper-v | Install the service on one of the Windows Server 2012. |
| DNS infrastructure on both servers | DNS service for name resolution |
| IP Subnets – X 2 | 192.168.1.x and 10.25.10.x |
| Routing and Remote Access | Routing between two subnets |
Steps
Assuming that administrators have successfully installed and configured Windows Servers with latest service packs, below are the detail steps needs to be followed
Step 1: Install role
Install and configure Hyper-v role on the Physical server, the role can be installed through Server Manager à Manage à Add Roles and Features
**http://pp2.s3.amazonaws.com/e9800405157f40ad/c8c85915dd4b428aa2903c1ba5ec87e3.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/dcc6d2bd9eb14796a5d875832b5de662.jpg **
Click Next from the above screen.
**http://pp2.s3.amazonaws.com/e9800405157f40ad/33f207da997f4de48bbd9fad70b09338.jpg **
Select Role base or Feature based installation and select Next .
**http://pp2.s3.amazonaws.com/e9800405157f40ad/7f8642a5ff3a48699e54cd9a177efe0f.jpg **
Select the server from the Server Pool, as I have only one server configured in the Server pool, I have selected my server for Hyper-v installation.
**http://pp2.s3.amazonaws.com/e9800405157f40ad/a6c3ab568e69481fabe92e3e7cc5550b.jpg **
As you can see from above that Hyper-v role is already installed. Perform the above steps to successfully install the Hyper-v on either windows Server 2012 or Windows Server 2008 R2 operating systems.
Once the Hyper-v is installed, it should be configured for Storage and Networking, in an Enterprise Organization, there will be dedicated Storage provisioned for the virtual machines to be hosted, and the VLANs that needs to be configured, Administrators who are performing this lab can communicate with the respective Storage / Networking teams for obtaining the LUN and Network Subnet (VLAN) information. I have selected external USB for my lab and hosting all my VMs on the USB disk which has 1 TB of disk space.
Note: To utilize advance capabilities of Hyper-v features, it is advisable to use Windows Server 2012 Operating Systems.
Step 2: Configuring Hyper-v networking with multiple subnets.
Hyper-v Virtual Switch Manager provides 3 different types of Network that can be configured on the Virtual machines such as
- External – Enable virtual machines to access Internet
- Internal – Communication between Virtual machine and Host
- Private – Communication between virtual machines and not with Host.
Either Internal / private networks are advisable for testing purpose which will not introduce any problems when the routing and remote access is introduced between networks, I have configured Internal network switch for this lab. To configure Internal Network / Private Network, launch Hyper-v Manager ( virtmgmt.msc ) and navigate to Virtual Switch Manager which would open the below window
http://pp2.s3.amazonaws.com/e9800405157f40ad/8516b5f37d7840cfa8bd04a5c013caf4.jpg
Click on Create Virtual Switch and enter the required information,
http://pp2.s3.amazonaws.com/e9800405157f40ad/9521970f628d4a02988c02903e810def.jpg
Step 3: Network connections
On the Hyper-v Host, navigate to Network Connections and enter the IPv4 address as shown below
First Adapter:
http://pp2.s3.amazonaws.com/e9800405157f40ad/e4921dd0bb594dcc8570eae4209bb304.jpg
Second Adapter:
http://pp2.s3.amazonaws.com/e9800405157f40ad/11a5279893da46e6b0579c5e244d4a8a.jpg
Step 4: Guest OS
Install the Guest Operating Systems and configure the following
- a) Windows License
- b) Windows Firewall Ports
- c) Windows Updates
- d) User accounts and add them to respective local groups ( if required )
- e) IPV4 Network addresses.
The above steps should be performed on the 3 operating systems such as
- 1) First Domain Controller ( wind server 2012 ) – 192.x.x.x network
- 2) Child Domain Controller ( windows server 2012 ) – 10.x.x.x network
- 3) Router ( RRAS ) – both adapters
Important: RRAS system / Router should be configured with multiple NICs and Multiple NICs should be added through Hyper-v Manager as shown below
After installing the RRAS server, right the server name à Settings which will open the below wizard
http://pp2.s3.amazonaws.com/e9800405157f40ad/bde9bdfae0cf481fa4aa17d65491ef99.jpg
From the Add Hardware options, select Network Adapter which should add second adapter to the RRAS server.
Step 5: Network config guest
Navigate to Network Connections ( ncpa.cpl ) and ensure the below settings are configured as shown below
First Adapter
http://pp2.s3.amazonaws.com/e9800405157f40ad/69609aeb0960441fb7c52c7d4e84e5b7.jpg
Second Adapter:
**http://pp2.s3.amazonaws.com/e9800405157f40ad/5098288c5be34ef4b41773a5b022cf82.jpg **
Step 6: Router
** **configuring the Router is the primary step before installing the Domain controllers on the respective Networks. Navigate to the Router Virtual machine and login with the user account which has administrator privileges to install the services.
Note: I have installed Windows Server 2008 R2 as Router.
Navigate to Server Manager à Add Role Wizard and click Next
**http://pp2.s3.amazonaws.com/e9800405157f40ad/a4f1621fbf73418db154cc45f051ad46.jpg **
Select Network Policy and Access Services ( installed ) from the Add roles wizard.
http://pp2.s3.amazonaws.com/e9800405157f40ad/f72be6380099421ea008301f0b4281d3.jpg
Select Routing and Remote Access à Click Finish to install the role successfully.
Step 7: RRAS
Open Routing and Remote Access from Administrative Tools. Right Click on Server and click Properties which will open the below wizard.
**http://pp2.s3.amazonaws.com/e9800405157f40ad/ffb1211930ec4a7b884a21962c4ae22b.jpg **
Select Local Area Network ( LAN ) Routing only and click OK .
Step 8: Routing subnets
From the Router, ensure the routing is successful between 2 subnets. You can use PING to perform the tests, if ICMP is blocked in the environment, administrators can quickly connect to windows shares on either network which will ensure the connectivity is successful.
http://pp2.s3.amazonaws.com/e9800405157f40ad/62f93632493347ed906e3edcd200e313.jpg
From the above result, successful ping is performed between two subnets successfully.
Default Gateway Configuration
Post configuration of RRAS, there is a need to change the Virtual Machines Default Gateway. The DG should be pointing to RRAS as shown below
http://pp2.s3.amazonaws.com/e9800405157f40ad/c27186fb74014c02867b5588901fbf6b.jpg
Step 9: Forest Root Domain Installation
Navigate to **Forest Root Domain (**This will be the first Domain in the Active Directory Forest and the First Domain Controller). Below are the steps to configure the first Domain in the Active Directory Forest.
Install Active Directory Domain Services role:
**http://pp2.s3.amazonaws.com/e9800405157f40ad/fcc5469cf42b488ca0a7ae1a732eb3e0.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/4f0a8d0a339f482f8b37c9104d11ffaf.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/e2cab23cc17e45fca92809ceb07ad792.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/96a838933f364d12ac13df323f94f6a2.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/69264c0c88b6421f89544ea925d67a7c.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/12a1e9655202488694eb375237456da5.jpg **
**http://pp2.s3.amazonaws.com/e9800405157f40ad/e895b95d33bf45e9932af36d273b5522.jpg **
Note: Some of the snapshots are collected from my previous post, server name might be different but steps remains same.
Step 10: DC promotion
Promoting the server to domain controller which can be performed by navigating to Server Manager à AD DS
http://pp2.s3.amazonaws.com/e9800405157f40ad/370f6f1f6af74cd0ad6ac52aff6d37e7.jpg
Click on More which is towards right end of “Configuration Required for Active Directory Domain Services “, administrators will view the below wizard
http://pp2.s3.amazonaws.com/e9800405157f40ad/652651ee96cf4f0bb071f0477b875263.jpg
From the above wizard click on “Promote this server to a domain” which would bring the following wizard
Select Add a New Forest from the below wizard
http://pp2.s3.amazonaws.com/e9800405157f40ad/17b89da029454b2da054fa76d45a8dd3.jpg
Enter the domain name ( FQDN ) and click next . ( Provide the necessary administrator credentials to perform the action)
We have successfully installed and configured Active directory Forest Root Domain on the first Domain Controller.
Child Domain Configuration
Step 11: Network connectivity
Before installing Child Domain on different subnet, ensure the network connectivity is successful between ( 192.x.x.x and 10.x.x.x Networks ) and proceed by promoting the member server to domain controller / Add child domain to the existing Active Directory Forest.
Perform the above steps outlined under ( Forest Root domain Installation / Step9 and Step10) , while on below wizard select Add a new domain to an existing forest.
http://pp2.s3.amazonaws.com/e9800405157f40ad/04304a21c2c34fbc9f1c453b41ca890c.jpg
Enter the Forest Root domain / Parent domain to which child domain is configured, select the valid credentials and finish the configuration. This steps would ensure that both Root domain and child domains are configured successfully.
Note: if there is no internetworking established between 192.x.x.x and 10.x.x.x Administrators would fail to create child domain.
Creating Active Sites, Subnet and Site Link Objects
After successfully installing the Primary and Child Active directory Domains, it is required to create the necessary Site Object, Subnet object and Site link Objects to perform the successful replication of Naming contexts. Below are the steps to configure them accordingly.
Note1: Creating Sites is not required unless the site has Dedicated Domain Controller or any services requires site topology information ( DFS ).
Note2: To create Subnet / Sites, the user should be member of Enterprise Administrator Group.
a) Create Site Object
Open Active Directory Sites and Services application and perform the below actions
**http://pp2.s3.amazonaws.com/e9800405157f40ad/9ba657d09da64696bc33f9a5ee163af8.jpg **
Under Name: <Enter the name of the site you wish to create>
And select the Site Link Object listed below. The site link provides direct communication between the domain controllers in different Sites.
b) Create Subnet Object
Create the subnet object which represent the physical subnet of the organization.
http://pp2.s3.amazonaws.com/e9800405157f40ad/3e0df4621535407590f4fa547c138347.jpg
Enter the prefix Eg: 192.168.1.1/24 , select the Site object and click OK.
c) Create site Link Object
Site link object establishes successful communication between the domain controllers.
**http://pp2.s3.amazonaws.com/e9800405157f40ad/91712533d28d4eddb118a8a75c9e317b.jpg **
After creating the respective objects, it’s time to move the Domain Controllers from Default First Site Name to respective Sites, Administrators can right click on the server and click Move and select the Site that acts as place holder.
Validating Replication: After moving the servers to new subnets, administrators should test the Replication status between the servers, this can be achieved either through command line utilities (REPADMIN) or through GUI application called Active Directory Replication Status Tool (Downloadable through TechNet)
The output of the tools is as below.
http://pp2.s3.amazonaws.com/e9800405157f40ad/86256e68e3754702babc69212bba47fb.jpg
Summary
This article demonstrates End-End process involved in creating the Infrastructure to stage Multiple Active Directory Domains across Subnets.