1. Download Local Administrator Password Solution (LAPS).
2. Install LAPS on your management machine.
3. For LAPS to function we need to update AD schema with the two new attributes:
Migration process from File Replication Service (FRS) to Distributed File System (DFS Replication) is done through four migration states:
Before proceeding with migration let’s look at prerequisites.
Get all Domain Controllers by Hostname, IPv4 and Operating System.
Get-ADDomainController -Filter * | Format-Table Hostname, IPv4Address, OperatingSystem -AutoSize
Gets the domain information for the domain “fabrikam.com”.
Get-ADDomain fabrikam.com
Display domain wide FSMO Roles (RID Master, PDC Emulator, Infrastructure Master).
Get-ADDomain | Format-List RIDMaster, PDCEmulator, InfrastructureMaster
Get the forest information of the “fabrikam.com” forest.
Get-ADForest fabrikam.com
Display forest wide FSMO Roles (Schema Master and Domain Naming Master).
Get-ADForest | Format-List SchemaMaster, DomainNamingMaster
Get the default domain password policy from a specified domain.
Get-ADDefaultDomainPasswordPolicy -Identity fabrikam.com
In today’s blog post we will install new Windows Server 2012 AD Forest that contains two Domain Controllers. We are going to use PowerShell DSC to help us make this deployment.
For this example, we have 3 VM’s:
Active Directory database (NTDS.dit) in logically segmented into directory partitions (also referred to as a Naming Context):
Group Policy Central Store provides one central location for ADMX/ADML files in your organization.
By creating GPO Central Store all Group Policy Management Consoles (GPMC) are going to pull templates required to create and edit GPOs from this central location and by doing this all Administrators are going to work with the same set of policies.
Providing ADMX/ADML files through Central Store is simply easier than making sure every GPO Administrator has all required ADMX/ADML files on all computers running GPMC.
Note: by implementing Central Store your old GPOs that you have created before implementing Central Store are still going to work without a problem (don’t use this as excuse for not doing backup before creating Central Store).
In series of 4 posts, through examples I am going to show how to install and configure Forest Root Domain Controller and Additional/Backup Domain Controller on Windows Server 2012 R2 Core in Virtual Machine running on Hyper-V Server 2012.
1. Change Computer Name to “VDC01” and restart computer with the following commands:
PS C:\>Rename-Computer -NewName VDC01 PS C:\>Restart-Computer
2. Enable Remote Desktop and select “Allow only clients running Remote Desktop with Network Level Authentication <more secure>” with the following commands:
PS C:\>set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-Name "fDenyTSConnections" -Value 0
PS C:\>Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
PS C:\>set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "UserAuthentication" -Value 1
3. Configure static IP and DNS settings with following commands:
PS C:\>New-NetIPAddress –InterfaceIndex 12 –IPAddress 192.168.1.10 -PrefixLength 24 -DefaultGateway 192.168.1.1 PS C:\>Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses ("192.168.1.11","127.0.0.1")
Note: to check InterfaceIndex value run following command:
PS C:\> Get-NetAdapter -Name * | Format-Table –AutoSize
1. To Install AD Domain Services run following command from Powershell:
PS C:\>Install-WindowsFeature -Name AD-Domain-Services
2. Promote server to a forest root domain controller with Powershell script:
# # Windows PowerShell Script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSForest ` -CreateDNSDelegation:$false ` -DatabasePath "E:\NTDS" ` -DomainMode "Win2012R2" ` -DomainName "domainname.hr" ` -DomainNetBIOSName "DOMAINNAME" ` -ForestMode "Win2012R2" ` -InstallDNS:$true ` -LogPath "E:\NTDS" ` -NoRebootOnCompletion:$false ` -SYSVOLPath "E:\SYSVOL" -Force:$true
3. Check and make sure that preferred and alternate DNS servers have the right IP address entered (in this case 192.168.1.11 and 127.0.0.1):
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Preferred DNS Server: 192.168.1.11
Alternate DNS Server: 127.0.0.1
amatijasec 