Should I really be listening to this guy?

Sunday, July 11, 2010

How to use the dcpromo Command for Windows Server 2008 R2

I get this question a lot so I figured I would make a quick how to on the promotion of a Windows server to a domain controller. This post assumes that you are using Windows Server 2008 R2 and is not meant to be used for any previous additions of Windows Server. With that said, this information will still be applicable for older Windows Server operating systems.

Before getting to the how to, I want to first provide a little understanding to the user about what a domain controller is and how it functions. A domain controller is, at its core, a server running Windows Server with the Active Directory Domain Services Role installed. Active Directory Domain Services or AD DS keeps information about the domain’s entire forest's  information. The most basic function of having a domain is so that a single set of credentials can be used on many systems instead of a set for each system. A domain controller is required to manage such a domain and the dcpromo command is where to start.

There are different versions of domain controllers such as Read Only Domain Controllers etc. That is beyond the scope and purpose of this post but I encourage you to look into it if you have the need or interest. http://technet.microsoft.com/en-us/library/cc770627(WS.10).aspx

The first step to getting the promotion underway is to use the dcpromo command. In Windows Server 2008 R2 you can simply type “dcpromo” into the start menus search bar.Type Dcpromo

 

Once the command is presented click it or simply press enter

 

 

 

 

 

 

 

This will bring up the Active Directory Domain Services Installation Wizard. To be as thorough as possible, I am going to go through the Advanced setup of the wizard. You may choose to the simple installation, but I encourage you to use the advanced mode. It is not as scary as it sounds and it will provide you with more control over the installation process which is always a good thing.

Advanced 

Select the checkbox for Advanced Installation and click Next

 

 

 

 

 

 

A disclaimer will show up in the next window. This disclaimer describes that there is a new security function included in Windows Server 2008 and Windows Server 2008 R2 that requires the use of stronger cryptography algorithms when establishing security channel sessions. All this really means is that older version of Windows Server may have a harder time authenticating against Server 2008 and 2008 R2 domain controllers. If you know that you use older versions of Windows Server, you should investigate further and see if it will be a problem for your organization. Disclaimer

 

Review the Disclaimer and click Next

 

 

 

 

 

The next window to appear will ask you what kind of deployment you want to create. This is where you can choose from three different options:

1. Create a brand new domain with a new forest. (This is the option that I will cover for the rest of this post. With that said I encourage you to continue to use this post for reference because this option covers most of the bases of the other installations)

2. Add a domain controller to an existing domain. If you already have a domain setup and want to add another domain controller for redundancy use this deployment (it is highly recommended to have at least two domain controllers for any domain).

3. Create a new domain in an existing forest. It is possible to create new domain in another domain’s forest. Within in my own organization we have a top level domain of .edu and parent level domain of colostate and a child level domain of business. Put all together, or the expressed as the fully qualified domain name (FQDN), it is: BUSINESS.COLOSTATE.EDUDeployment

 

For this post I am choosing to cover how to create a new domain in a new forest. This option is the most comprehensive and I am confident that if you use this as a guide, you could successfully use any of the other options.

 

 

 

 

After choosing to create a new domain in a new forest, you will be asked to supply the Fully Qualified Domain Name (FQDN). If you plan on registering your domain name for use outside of your own network, it must not be in current use.FQDN'

 

I chose the name ITPlease.Net and clicked Next

 

 

 

 

 

Next up you are asked to specify the NetBIOS name. This is the name that is used to identify resources on the NetBIOS network. This means that the name must be unique within your network. Your system created a NetBIOS name based off of the computer’s name you used during windows installation, but it can be changed during this installation to match the domain. netbios

 

I chose to use the default and clicked Next

 

 

 

 

 

The next step asks you to specify the forest functional level for you new forest. This part assumes that you have done appropriate planning for your new domain. In simple terms this part is asking what version of operating systems you plan to use when deploying new domain controllers anywhere in the forest. Please note that if you choose the Windows Server 2008 R2 functional level, the next step in setup will be skipped (The next step asks you to specify the Domain functional level. This is asking what operating systems will be used for deploying new domain controllers in this domain)Forest functional

 

I chose the Windows Server 2008 R2 forest functional level which skipped the domain functional level step. Click Next

 

 

 

 

 

The next step is to choose additional options for this domain controller. By default, if this is the first domain controller in this domain, the global catalog option is permanently selected. At least one global catalog server is needed in every domain. A global catalog is a distributed data repository containing all the information about every object in a domain. This repository is searchable which makes authentication faster. It also contains partial information about other domains in the network. For more information refer to: http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

There is also the option to install DNS or Domain Name System. This feature is used to map computer names or website names to specific IP addresses. This makes things more user friendly. For example you could type 74.125.95.147 into your browser or you could simply type www.google.com. DNS

 

Choose to install DNS and click Next

 

 

 

 

 

A disclaimer will come up telling you that DNS delegation could not be created because none could be found. This is true because there is no DNS installed for this domain yet.DNS diclaimer

 

Click Yes

 

 

 

After choosing to continue, you will be asked where you want to install the database, log and sysvol files. You may choose locations other than the default if you wish.Location

 

 

I chose to leave them in the default location and clicked Next

 

 

 

 

Next you will be prompted to apply a new restore password. Directory Services Restore Mode can be used to take active directory offline within a domain controller. Use a strong password and document it in a secure location.Restore

 

 

Type the password twice and click Next

 

 

 

 

Finally review your final configurations.Summary

 

 

Click Next

 

 

 

The installation process of Active Directory Domain Services will begin. Depending on your hardware this installation can take quite some time. Once it is complete, the machine will need a restart to be fully upgraded to a new domain controller.

 

Congratulations! You have now created your very own domain using the dcpromo command in Windows Server 2008 R2.

If you have more questions or would like to express anything about this post, please feel free to comment.

 

Websites used to make this article:

http://technet.microsoft.com/en-us/library/cc755059(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

1 comment:

  1. Well made tutorial! Needed something like this for one of my home servers

    ReplyDelete