(http://www.windowsnetworking.

com)
Home
Home

Articles & Tutorials

KBase Tips

Products

Reviews

Free Tools

Blogs

Forums

W hite Papers

Contact Us

Articles & Tutorials

Windows Server 2008

Running Windows Server 2008 R2 Installing and Creating the Lab Domain Controller (Part 1)
by Th oma s Sh in d er [Published on 24 Sep t. 2009 / Last Updated on 24 Sep t. 2009 ]
Like 4 Tw eet 1 13 22

How to install and create the Lab Domain Controller in Windows Server 2008 R2. If you would like to read the next part of this article series please go to Running Windows Server 2008 R2 Installing and Creating the Lab Domain Controller (Part 2) (/articles_tutorials/Running-Windows-Server-2008-R2-Installing-Creating-Lab -Domain-Controller-Part2.html).

I ntr oduction
It has been a long time since I have done one of those old school articles that starts from the beginning and does not assume that you are already a Windows Server pro. Over the last few years I have written hundreds of articles on much of the arcane of Windows computing. In most of these articles, I take a lot for granted in terms of what I expected you to know. I did that because there was some little trick, some hard to configure feature, or some obscure issue in configuration that I wanted to demonstrate. While all that stuff is pretty interesting to the three people who are interested in those issues, it sort of leaves everyone else out. A long, long time ago, in a world far away, this site was called World of Windows Networking or WOWN. During those days, the site was filled with a lot of articles that showed you how to get common Windows networking tasks done. This was a lot less of the Active Directory, Group Policy, installation and other non-networking complexities covered at that time. While the site has matured and focused more on experienced IT professionals, there is still some value in providing content for people entering into the business and who want to learn the basics. That got me to thinking about doing an article and perhaps a series from the ground up. What better time to try something like this than with the recent release of Windows Server 2008 R2? OK, so I thought I would do a basic lets install Windows Server 2008 R2 articlebut then I thought how about using this as a launch point for a broader series? The more I thought about it, the better it sounded. Since there is a ton of great new networking and security features in Windows Server 2008 R2, why not start with building the lab network first, and then take you into all the cool features? That way we can be working with the same basic lab network and go through the long trip together. Let us do it. The first step is to pick the virtualization software of your choice. For this kind of lab network I prefer VMware Workstation. I do not have strong technical reasons for preferring VMware Workstation, I just prefer to use it because I have been using this application for almost a decade and know how it works. I do not have to learn a new language like I do with Hyper-V and it works nicely for me. However, if you want to use Hyper-V or ESX, those are good options too. As this series builds, I expect that we will need to be running up to 8 virtual machines at a time. Because of this, I recommend that you have a computer that can support at least 8 GB of RAM and has a quad core processor. For all the articles I will be writing in this series, I will be using a workstation that has 12 GB of DDR3 triple channel memory and a quad core Core i7 processor. If you are using any quad core Xeon or quad core Core 2 processor, youll be in good shape. Of course, AMD equivalents are good too. We will start with installing the first machine on our lab network. This is going to be a Windows Server 2008 R2 machine using one virtual processor and 512 MB of virtual memory. During the installation, I am going to use bridged networking on my virtual NIC. Some people like to use NAT, and that should be fine. The point is that you will want to be able to connect a live network so that you can access updates during the initial installation. After the initial installation is complete, well move this virtual machine to another virtual network, since we want it to be placed behind a virtual TMG firewall. The TMG firewall VM will have the live network connection and all the other VMs will be located behind it. In VMware Workstation 6.5 I will create a new virtual machine and bind the Windows Server 2008 R2 .iso file to the CD drive so that it boots that .iso. When the machine first starts up, you will see the first page of the installation wizard that asks for what Language to install, Time and currency format and Keyboard or input method. Click Next after making your selections.

Figure 1

So much for introductions! The installer gives you the option to Install now . Lets do it.

Figure 2 The .iso file actually has all the versions of Windows Server 2008 R2 on it and we can choose the option we want to install here. Note that you can even install the Server Core versions from here. I would rather pull a bobcats tail while in a phone booth with that cat, so we would not be doing a core installation. Let us choose the Windows Server 2008 R2 Enterprise (Full Installation) option and click Next.

Figure 3 Put a checkmark in the I accept the license terms checkbox on the license terms page and click Next.

Figure 4 Which type of installation do you want? Honestly, I want one that works and does what I tell it to do, but that is not a choice here. This is a clean install, so the upgrade option does not make sense. Click the Custom (advanced) option. Notice that there is no Next option on this page, just to throw you off a little bit.

Figure 5 Here you decide where you want to install the system files (which used to be called boot files in the past, but the new crew of Microsoft engineers did not take the Windows NT 4 MCSE training, so they do not know that with Windows NT based system and above, you boot the system files and you system the boot files). I created a 24 GB dynamic virtual disk file for the OS which will be more than enough room. Remember, with dynamic disk files they only use the space they need they do not fully allocate all the space until it is needed. Click Next.

Figure 6 Yay! Installation is starting and it is going to take a very long time. Give it an hour or two and come back and see what happened on your own installation.

Figure 7 During first log on the installer will ask you to create a password. Click OK when you see the display as it appears below.

Figure 8

Enter a password and confirm the password and do not click OK (because there is no OK to click). Instead, click that arrow thing that does not have a name, which sits to the right of the confirm password text box.

Figure 9 Very good! The password has been changed. Click OK.

Figure 10 You might remember the Initial Configuration Tasks windows if you used Windows Server 2008. If you have not used Windows Server 2008 and are moving up from Windows Server 2003, the Initial Configuration Tasks window provides you access to many of the things you need to do once the operating system software is installed. After looking at some of the options in this window, you might notice that many of the options that you configured during installation for earlier versions of Windows are now configured here. The goal was to make for fewer inputs during installation and leaving them for the end. Very nice!

Figure 11 From the Initial Configuration Tasks window, I will set the following: Set time zone Configure networking Provide computer name and domain I will take care of the other stuff once I get this machine an IP address on the network. I will rename this computer FFWIN2008R2DC, since this is going to be a domain controller in my FFLAB domain. FF is short for Forefront as well be doing a lot of Forefront testing on this lab network. The IP addressing information is: IP address 10.0.0.2 Default Gateway 10.0.0.1 DNS 10.0.0.2 WINS 10.0.0.2 Sure, we probably will not need WINS much, but you never know, and it is not like it is going to suck up a lot of memory or processor cycles in the lab environment. The default gateway will be a TMG 2010 firewall which we will install in a later article.

Pr omoting the W indow s Ser v er 2008 R2 V ir tual M achine to a Domain Contr oller
The next step is to make this machine a domain controller. If you are coming from the Windows Server 2003 world, you will find this step to be a lot different. Yes, you will still need to run dcpromo from the Run command, but there is a little twist here you need to install the Active Directory Domain Controller role. Server roles are sort of a new concept in Windows Server 2008 where major server services are considered roles. The Active Directory Domain Controller role is a bit different, because it is actually a two-step process to get the Active Directory DC installed: first you install the role and second you run dcpromo. Enter the Server Manager and click the Roles node in the left pane of the console. Then click the Add Roles link in the right pane.

Figure 12 This brings up the Before You Begin page. If this is the first time you have installed a role using the Server Manager, then go ahead and read the information on this page. If you are an old pro with the Server Manager, go ahead and click Next.

Figure 13 Here you select what Server Roles you want to install. We will install other Server Roles later, but we want the DC role installed first. Select Active Directory Domain Services by putting a checkmark in the checkbox. Notice that the wizard will show you a number of features that will be installed along with the Active Directory Server Role. Click the Add Required Features button to get those features installed with the Active Directory Server Role.

Figure 14 After selecting the Active Directory DC Server Role, you will see information about that Server Role. Some interesting things to note here: You should install at least two DCs on your network for fault tolerance. Installing a single DC on a network is an invitation for disaster. However, since this is a lab network and we can take snapshots of our DCs, were not so concerned about this requirement. DNS is required. However, when we run dcpromo, we will install the DNS server role to support Active Directory services. You need to run dcpromo after installing the role. You wont have to go through extra steps like this when installing other server roles, as the entire role installation can be done through the Server Manager. The Active Directory Domain Services role is the only one that takes two steps to get it installed. Note that installing the Active Directory Domain Services Role also installs DFS Namespaces, DFS Replication and File Replication Services all of these are used by Active Directory Domain Services so theyre automatically installed.

Figure 15 Click Install to install the files required to run dcpromo.

Figure 16 Yay! Installation was successful. Click Close.

Figure 17 Now go to the Start menu and type dcpromo in the search box. You will find it in the list as shown in the figure below. Click dcpromo.

Figure 18 This starts the Welcome to the Active Directory Domain Service Installation Wizard. We do not need advanced options in this scenario, so just click Next.

Figure 19 On the Operating System Compatibility page, you are warned that your NT and non-Microsoft SMB clients are going to have problems with some cryptographic algorithms used by Windows Server 2008 R2. We dont have this problem on our lab network so just click Next.

Figure 20 On the Choose a Deployment Configuration page, select the Create a new domain in a new forest option. We do this because, of all reasons, this is a new domain in a new forest :)

Figure 21 On the Name the Forest Root Domain page, enter the name of the domain in the FQDN of the forest root domain text box. In this example we are going to name the domain fflab.net. That is short for Forefront Lab. You can name it whatever you like, but if you use a name that is already in use on the Internet (that is to say, a name that has already been registered, then be aware of potential split naming issues). Click Next.

Figure 22 On the Set Forest Functional Level page, select the Windows Server 2008 R2 option (not the Windows Server 2003 option you see in the figure below). We want to select the Windows Server 2008 R2 option so that we can take advantage of all the cool new features included in Windows Server 2008 R2. Click Next.

Figure 23 On the Additional Domain Controller Options page, we have only a single choice: DNS server. The Global catalog option is checked and not an option because this is the only DC so far in this domain, so it has to be a Global Catalog server. The Read-only domain controller (RODC) option is deselected because you have to have another non-RODC on the network to enable this option. Select the DNS server option and click Next.

Figure 24 A dialog box will appear that says that a delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. The reason for this is that this is the first DC on the network. Dont worry about this and click Yes to continue.

Figure 25 Leave the Database, Log Files and SYSVOL folder in their default locations and click Next.

Figure 26 On the Directory Service Restore Mode Administrator Password, enter a strong password in the Password and Confirm password text boxes.

Figure 27 Confirm the information on the Summary page and click Next.

Figure 28 Active Directory will install. The first DC installs pretty quickly. Put a checkmark in the Reboot on completion checkbox so that the machine automatically reboots when DC installation is complete.

Figure 29 The machine will automatically restart since we selected that option. The installation will be complete when you log on. If I recall correctly, with Windows Server 2008, there was some configuration that took place after you logged on, but that is not happening with Windows Server 2008 R2. The DNS service was installed during Active Directory installation, so we do not need to worry about that. There are several other services we want to install on this domain controller. These include: DHCP WINS Enterprise Certificate Services Unfortunately, only DHCP and Certificate Services are considered roles. The WINS service is considered a feature. I suppose they had a reason for this, but I was not at that meeting and did not get the memo. If you would like to read the next part of this article series please go to Running Windows Server 2008 R2 Installing and Creating the Lab Domain Controller (Part 2) (http://www.windowsnetworking.com/articles_tutorials/Running-Windows-Server-2008-R2-Installing-Creating-Lab -Domain-Controller-Part2.html).

See Also
Deploying a Hosted Mode BranchCache Server - Part 2: The Lab Network and Order of Operations (http://www.windowsnetworking.com/articles-tutorials/windows-7/DeployingHosted-Mode-BranchCache-Server-Part2.html) on 9 Dec. 2009 (2009-12-09 15:15) by Thom as Shinder Running Windows Server 2008 R2 - Installing and Creating the Lab Domain Controller (Part 2) (http://www.windowsnetworking.com/articles-tutorials/windows-server2008/Running-Windows-Server-2008-R2-Installing-Creating-Lab-Domain-Controller-Part2.html) on 10 Nov. 2009 (2009-11-10 08:00) by Thom as Shinder Deploying BranchCache Hosted Mode - Part 3: Installing BranchCache and Configuring GPO Support for BranchCache (http://www.windowsnetworking.com/articlestutorials/windows-7/Deploying-Hosted-Mode-BranchCache-Server-Part3.html) on 9 Dec. 2009 (2009-12-09 09:00) by Deb Shinder Deploying Vista Part 19: Managing Windows Deployment Services (Continued) (http://www.windowsnetworking.com/articles-tutorials/windows-vista/Deploying-VistaPart19.html) on 14 May 2009 (2009-05-14 17:00) by Mitch Tulloch Deploying Vista - Part 30: Configuring Deployment Points (http://www.windowsnetworking.com/articles-tutorials/windows-vista/Deploying-Vista-Part30.html)
on 14 May 2009 (2009-05-14 16:56) by Mitch Tulloch

Using Windows Server 2008 R2 to Publish Internal Resources (http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Using-Windows-Server-2008-R2Publish-Internal-Resources.html) on 11 Jan. 2011 (2011-01-11 08:00) by Deb Shinder Windows Server 2012 R2 - Storage Spaces (Part 1) (http://www.windowsnetworking.com/articles-tutorials/windows-server-2012/windows-server-2012-r2-storage-spacespart1.html) on 18 Aug. 2013 (2013-08-18 15:30) by Scott D. Low e Deploying Vista Part 27: Automating a Light Touch Installation (http://www.windowsnetworking.com/articles-tutorials/windows-vista/Deploying-Vista-Part27.html)
on 14 May 2009 (2009-05-14 16:57) by Mitch Tulloch

The New Philosophy for Server Management in Windows Server 8 (Part 2) (http://www.windowsnetworking.com/articles-tutorials/wireless-networking/New-Philosophy-ServerManagement-Windows-Server-8-Part2.html) on 28 June 2012 (2012-06-28 13:50) by Brien M. Posey Deploying Vista Part 15: Implementing Windows Deployment Services (http://www.windowsnetworking.com/articles-tutorials/windows-vista/Deploying-Vista-Part15.html)
on 14 May 2009 (2009-05-14 17:07) by Mitch Tulloch

Microsoft Exchange Server Resource Site: Articles & Tutorials (http://www.msexchange.org/)

Network Security Articles for Windows Server 2003, 2008 & Vista (http://www.windowsecurity.com/)

The essential Virtualization resource site for administrators. (http://www.virtualizationadmin.com/)

Microsoft ISA Server Firewall Resource Site: Articles & Tutorials (http://www.isaserver.org/)

CloudComputingAdmin.com | Cloud Computing Resource Site for IT Pros (http://www.cloudcomputingadmin.com/) About Us

Networking & Server software / hardware for Windows 2003, 2000, NT & Linux (http://www.wservernews.com/) Contact Us

TechGenix Ltd is an online media company which sets the standard for providing free high quality technical content to IT professionals. (http://www.techgenix.com)

Advertise With Us

WindowsNetworking.com is in no way affiliated with Microsoft Corp. Copyright 2014, TechGenix Ltd (http://www.techgenix.com/). All rights reserved. Please read our Privacy Policy (/pages/privacy.html) and Terms & Conditions (/pages/terms.html).