Chad’s Quick Notes - Installing a Domain Controller with Server 2016 Core
I will admit with Windows Server 2012 R2 I usually installed the full gui version and then once I had the server the way I wanted it, I would uninstall the gui. With this no longer being possible with Windows Server 2016 I had to dust off my notes on how to leverage sconfig and powershell to configure new domain controllers running Windows Server 2016 Core. Here is my notes on what I did.
Setting up a DC to host a new domain.
Go through the installation and put in the new password.
In the core console run “powershell.exe”.
Then run:
1: Rename-computer -newname 2016-DC01
![clip_image001[4]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image00142.png "clip_image001[4]")
Hold off on rebooting until after you set the Static IP and DNS.
Edit: Locate the Nic card you want to set up IP information for by running
Get-NetAdapter
Use the name of the adapter as the interfaceAlias.
1: $ipaddress = "10.0.0.2"
2: $dnsaddress = "127.0.0.1"
3: New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
![clip_image001[6]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image00163.png "clip_image001[6]")
Update the DNS Server.
1: Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dnsaddress
![clip_image001[8]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image00183.png "clip_image001[8]")
Restart the server.
1: Restart-Computer
Log back into the server,
Edit: Great recommendation below is to make sure the Time Zone is set
get-timezone
Set-TimeZone -Id "Mountain Standard Time"
Install and configure the first Domain Controller in a new forest/domain named “sixteen.contoso.ad”. (I have to many contoso labs built)
1: Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
![clip_image001[10]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001103.png "clip_image001[10]")
1: Install-ADDSForest -DomainName sixteen.contoso.ad
Provide the safemodeadministratorpassword
![clip_image001[12]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001121.png "clip_image001[12]")
Then confirm you want the server to be configured and rebooted.
![clip_image001[14]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001141.png "clip_image001[14]")
The usual warnings should prompt and eventually be prompted for sign out.
![clip_image001[16]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001161.png "clip_image001[16]")
Log back in and do some initial validation.
Validate the new DC
Use DCDIAG
Make sure AD/DNS services are running
1: Get-Service adws,kdc,netlogon,dns
![clip_image001[18]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001181.png "clip_image001[18]")
Check for sysvol and netlogon shares
1: Get-smbshare
![clip_image001[20]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001201.png "clip_image001[20]")
Review logs
1: get-eventlog "Directory Service" | select entrytype, source, eventid, message
2: get-eventlog "Active Directory Web Services" | select entrytype, source, eventid, message
![clip_image001[22]](https://msdntnarchive.z22.web.core.windows.net/media/2016/10/clip_image001221.png "clip_image001[22]")
With this being the first DC shouldn’t be to much to check
Making a Windows 2016 Server a Domain Controller in an existing domain
Here we go, at the PowerShell prompt on the new server run the following.
Rename-computer -newname 2016-DC02
$ipaddress = "10.0.0.3"
$dnsaddress = "10.0.0.2"
New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dnsaddress
Restart-computer
Set-TimeZone -Id "Mountain Standard Time"
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
#see if any updates are available and patch prior by using sconfig or
$AutoUpdates = New-Object -ComObject "Microsoft.Update.AutoUpdate"
$AutoUpdates.DetectNow()
Install-ADDSDomainController -DomainName "sixteen.contoso.ad" -credential $(get-credential)
At the Windows PowerShell credential prompt use credentials for the domain you plan on this Domain Controller hosting.
Set the SafeModeAdministratorPassword, then validate that the server is to be configured and restarted.
Once the new Domain Controller restarts and comes back up, leverage the Validation Section to make sure it looks good. Also leverage some of the replication cmdlets to validate replication is working.
1: Get-ADReplicationFailure -scope SITE -target Default-First-Site-Name | FT Server, FirstFailureTime, FailureClount, LastError, Partner -AUTO
2: Get-ADReplicationPartnerMetadata -Target * -Partition * | Select-Object Server,Partition,Partner,ConsecutiveReplicationFailures,LastReplicationSuccess,LastRepicationResult
That is all I'm going to cover in this blog I hope you find it useful.
Chad
Additional Resources
Touch-Free PowerShell DCPROMO in Windows Server 2012
Comments
- Anonymous
October 26, 2016
The comment has been removed - Anonymous
October 26, 2016
The comment has been removed - Anonymous
October 28, 2016
The comment has been removed - Anonymous
November 18, 2016
Typo fixInstall-ADDSDomainController -DomaindomainName "sixteen.contoso.ad" -credential $(get-credential)should beInstall-ADDSDomainController -DomainName "sixteen.contoso.ad" -credential $(get-credential)- Anonymous
July 16, 2017
I failed at this point.I got a message that "Verification of prerequisites for Domain Controller promotion failed. The specified argument 'ConfirmGc' was not recogniz..."
- Anonymous
- Anonymous
March 29, 2017
Fast jag skulle kunna säga att jag har tappat minnet och mitt ID-kort. Då kan jag ju inte uppge min idnetitet. - Anonymous
April 24, 2017
Sep03Natalie Brazgel (FB Comment 8/27/11) You guys are great! Thanks for taking a picture with me and signing my cd last night! Love your music!(8/26 & 27/11 | Mexican Fiesta | Milwaukee, WI) - Anonymous
May 25, 2017
Hello.Very nice article but one very important Thing missing.Set correct time and timezone, before you promote to Domain Controller.To set timezone use : set-timezoneTo get timezones use :get-timezone * | moreto set time in case it's wrong use : set time "Friday, May 26, 2017, 10:25:00 AM"- Anonymous
May 25, 2017
set-time sorry.
- Anonymous
- Anonymous
May 26, 2017
TIP: If the domain was originally set up under 2000 or 2003, ensure that SYSVOL replication is handled by DFSR, not FRS.If you need to migrate to DFSR, ensure that FRS replication is healthy (no journal wrap, etc.) -- even if you have only one DC.Here's a guide for migration to DFSR: https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/ - Anonymous
July 16, 2017
Hi,I found a mistake. Ethernet in" 1: Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dnsaddress"must be Ethernet0.Regards,- Anonymous
July 17, 2017
I will flag it to make sure to use the name of your Ethernet connection. on a new hyper-v vm with only 1 nic. Mine comes up as Ethernet.- Anonymous
August 29, 2017
oh sorry...
- Anonymous
- Anonymous
- Anonymous
October 23, 2017
Rahul,have you tried benchmarking WP + Nginx + fastcgi_cache versus WP + Nginx + W3TC? What are your thoughts and preferred setup between the two?I have been using WP + Nginx + fastcgi_cache flawlessly after reading your tutorial, but wonder if I would have any performance gain with W3TC instead.Keep up the great work!