You might ask why AD DS on Server Core? If the reasons are not obvious for you, with Server Core you have minimum resource utilization, less patching overhead and smaller attack surface which result in more performance, more security and less administration headaches.
Because no server GUI will be available on Server Core, everything will be done through PowerShell. Let’s get started.
Server Core Installation
This is the traditional Windows Server installation, so I will not go through the deployment steps.
Don’t miss though, to select the Server Core version.
Once the OS is installed. All you will have is black screen and a prompt to change your admin password.
Press Ctrl+Alt+Del and go ahead with the password change.
Server Core Postpone Configuration
Usually in server core installation, sconfig is there to rescue. Type sconfig to configure the server name, IP, and configure remote access.
The Server Configuration utility (Sconfig) provides a text-based menu system to make your admin tasks easier on Server Core based boxes. Check out this link to get more details.
All we need to press are option 2, 7, and 8 and follow the instructions to configure these settings.
For instance, to configure the network settings, you would go through these steps:
- Press 8 to enter Network Settings menu
- Press 1 to choose the network adapter to configure. In my case, I have only one NIC so 1 is the only option I have.
- Press 1 to set the network adapter address.
- Press S to set a static IP, a subnet mask and a default gateway. I will assign 192.168.16.21/24 to my DC.
- Once done. Press 2 now to set the DNS Servers. Because this is a domain controller, it will the loopback address 127.0.0.1.
After all is set, press 13 to restart the server and you should have something similar to this when checking the configuration with
From now on, all what will do will be from PowerShell. So we’ll need to launch the PowerShell console from the cmd.
At this stage, all is ready to make our server a domain controller. This will be done in two steps: the first one is installing Active Directory Domain Services and the second is promoting the server to a Domain Controller.
Installing Active Directory Domain Services
In PowerShell, Windows server roles are named modules but referenced as WindowsFeature. The cmdlet to install a WindowsFeature (module) is Install-WindowsFeature followed by the actual feature name, which in this case is AD-Domain-Services. The full cmdlet would look like this.
It’s not that obvious to find the exact name of the module we want to install and very handy comdlet can help to achieve this. Use Get-WindowsFeature to get all the module names and their full name in PowerShell. This command also shows if the module is already installed, available, or removed.
It’s gonna take some time to load the module for installation. So be patient and the installation should be successful.
Promoting the Server to a Domain Controller
Now that AD DS services are installed, let’s make our server a domain controller. Because this is the first DC in our forest, the cmdlet used for this purpose is Install-ADDSForest. This cmdlet can have several arguments if you want to customize the AD installation, but we will use the minimum here. Installing a Active Directory forest named contoso.local and installing DNS services along with AD DS in our first Domain Controller.
Type the following cmdlet and provide the SafeModeAdminPass when prompted. Confirm the installation by typing Y.
Install-ADDSForest -DomainName contoso.local -InstallDNS
The installer will go through some prerequisites verification steps then start the installation of AD DS.
Once the installation is done. The server will restart automatically and prompt to enter the domain administrator credentials.
Let’s create an AD user in our freshly installed DC. The user will be created in the root domain location.
New-ADUser -Name "Mourad Didouche" -GivenName "Mourad" -Surname "Didouche" -SamAccountName "mdidouche" -UserPrincipalName "firstname.lastname@example.org" -Path "DC=contsoo,DC=local" -AccountPassword(Read-Host -AsSecureString "Type Password for User") -Enabled $true
We can check that our user is effectively created with the Get-ADUser cmdlet.
Get-ADUser -Filter 'Name -like "*Mourad"'
Domain Controller Remote Management
At this stage, we may also manage our Domain Controller from our Windows 10 machine after joining it to the domain and installing RSAT (Remote Server Administration Tools for Windows 10).
Before moving ahead, If you are facing any issue pinging or connecting to the server form your management PC, make sure your Windows firewall is disabled bu running the following cmdlet.Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
- Joining the Win10 PC to the domain.
- Making sure installation is successful by checking the Role Administration Tools for AD DS is there in Control Panel > Programs > Turn Windows features on or off.
- Launching the Active Directory Users and Computer from the Win 10 management PC from Start > Windows Admin Tools
- Checking the connectivity to the domain controller and users creation.
In this post, we went through the installation of Active Directory on Windows Server Core 2016 and we had an idea on how it was easy to manage it from a full GUI Windows 10 management PC. In the next post, we will explore the steps to install Exchange 2019 on Server Core.
|Previous: Exchange 2019 on Server Core – Introduction||Next: Installing Exchange Server 2019 on Windows Server Core 2016|