Step-by-step configuring additional domain controller on Server 2008 R2 Core

Important documentation:

Unattended mode to install and remove Active Directory Domain Services
Active Directory Technet Links

Our tasks include:

– install Server 2008 R2 SP1 Core (i hope, you have already done it)
– change server name
– set NIC settings
– activate server
– turn on Windows Update Services and download/install the latest applicable updates
– turn on Remote Desktop connection to our server
– promote server to additional DC in existing domain
– check result

Installation steps

1. After successful installation Server 2008 R2 change your administrator password, log on to server and change server name using sconfig.cmd. Then restart your server.

Sconfig.cmdrenamepc

2. Set static IP (recommended) or enable DHCP (don’t forget to reserve your ip on DHCP server) on your NIC using option 8 of sconfig.cmd

nic_settings_1
Select option 8 and your NIC index
Choose option 1 to set  IP address
Choose option 1 to set IP address
Type D or S to use DHCP or Static IP Address
Type D or S to use DHCP or Static IP Address

3. Use cscript c:\windows\system32\slmgr.vbs to your server activation 

Server 2008 R2 Core Activation
Use -ipk parameter to change your product key and -ato for activation with one

4. Turn on Windows Update Services and download/install latest updates using sconfig.cmd again

Select option 5 to set WSU for automatic searching updates
Select option 5 to set WSU for automatic searching updates
Select option 6 to download and install updates
Select option 6 to download and install updates
Select A to download and install ALL applicable updates
Select A to download and install ALL applicable updates
Wait while WSU downloads and installs ALL applicable update, then restart your server to apply ones
Wait while WSU downloads and installs ALL applicable update, then restart your server to apply ones

5. Enable RDP for remote management using sconfig.cmd option 7

Select option 7 > e to enable rdp and choose option 2 to allow any RDP versions
Select option 7 > e to enable rdp and choose option 2 to allow any RDP versions

6. I hope, you read about unattanded installation domain controller (Unattended mode to install and remove Active Directory Domain Services) . So, we have to create additional file with configuration of promotion (dcpromo). Type notepad yourfilename.txt. By default, your file saves in %USERPROFILE%.Creating_file_for_dcpromo

Paste to this file following strings (don’t forget to edit them 🙂 ) and save txt:

[DCINSTALL]
UserName=rlevchenko
UserDomain=test.com
Password=Pass123
InstallDNS=Yes
ConfirmGC=Yes
ReplicaOrNewDomain=replica
ReplicaDomainDNSName=test.com
SafeModeAdminPassword=Pass123
RebootOnCompletion=Yes

Then execute dcpromo /unattend:<path of the answer file>. Notice, after dcpromo implementation server will automatically reboot because of RebootOnCompletion=Yes.

7. Check dcpromo log for any warnings or error

checking_dcpromo_log
Type cd %systemroot%\debug and open DCPROMO.LOG. Verify that there no any errors and warnings during replica creation

8. On your primary controller check that new server for replica has been added 

WIN+R - type dssite.msc and check that new replica server has been added. Also , check new server properties for replica sources
WIN+R – type dssite.msc and check that new replica server has been added. Also , check new server properties for replica sources

9. Check DNS-records

Open DNS dnsmgmt.msc  and check that A record has been added
Open DNS dnsmgmt.msc and check that A record has been added

10. Check Domain Controller container in Active Directory Users and Computers

Open dsa.msc -> Domain Controllers and check that new DC has been added successfully
Open dsa.msc -> Domain Controllers and check that new DC has been added successfully

12. Our installation is complete. Thanks for your comments!

SCCM 2012 Step-by-step installation guide

Before deployment you have to:

– install IIS, BITS on your SCCM server
– open 1433 and 4022 ports on SQL Server
– create “System Management” container with right permissions
– extend AD schema
– check SQL Server settings

Read “How to..” below. Wait,wait and carefully read and check

Supported Configurations for Configuration Manager

Notice, only SCCM SP1 fully supports Windows 8 and Server 2012.

Microsoft is going to publish final release SP1 in January,2013 (i hope so). Now, it’s only SP1 Beta with  some bugs inside

To resolve error with installing NETFX3 feature on Windows Server 2012 use my previous post about preparation and installing DPM 2012

———————

Open 1433 and 4022 ports on your SQL Server. Without this step you will receive an error “Firewall exception for SQL Server” 

netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022

———————

You need to install BITS and IIS services (default settings+IIS 6 WMI Compatibility) on your SCCM server

Install-WindowsFeature Web-Common-HTTP,Web-Default-Doc,Web-Dir-Browsing,Web-HTTP-Errors,Web-Static-Content,Web-HTTP-Redirect,Web-HTTP-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Stat-Compression,Web-Filtering,Web-ISAPI-Ext,Web-Mgmt-Tools

Install-WindowsFeature -Name BITS

———————

SCCM does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.

SCCM server account must have “Full Control” permisson on System Management container. You can add this permission leter, but SCMM installation will  detect warning “Verify site server permissions to publish to Active Directory” and let you to continue setup.

Open adsiedit.msc

adsiedit

Right click on “CN=System” and create new object

new-object

Select class “Container” and click “Next”containere

Type the name of container “System Management” and Nextnameofcontainer

Open your AD Users and Computers, change view to “Advanced feature”. advancedfeatureon

Go to System -> System Mananagement and click on “Delegate control..”delegation

Add your SCCM server to delegation of controladdingSCCMserv

Select “Create a custom task …”delegation_2

Click “Next”

delegation_3

Select “Full Control” and click “Next”

delegation_4

———————

Extend AD schema for SCCM. If you have installed SCCM 2007, you do not have to extend AD schema!

Open extadsch.exe in YourCDdriveLetter:\SMSSETUP\BIN\X64extschema

Check result using log file C:\ExtAdSch.txtextschema_1

———————

Check your SQL Server service account. By default, SQL sets build-in account to run SQL Server service. This account does not have necessary permissions (sysadmin role in SQL) that SCCM wants to see. For example, during installation SCCM interrupts with following error:

Fail to create SQL Server Certificate, ConfigMgr cannot be completed

sql_cert_error_sccm

To resolve this you have to temporarily change service account . In this example, my local account have sysadmin role in SQL Server. After successful SCCM installation do not forget to change it back.

sql_fix

SCCM requires SQL Server to reserve a minimum of 8 Gb of memory for the central administration site and primary site and a minimum of 4 Gb for the secondary site. Without SQL Server memory settings SCCM prerequisites checker will show you warning:

SQLServer is configured for unlimited memory usage

Just set minimum and maximum of memory in SQL Server settings using SQL Server Management Studio as shown on picture

sqlmemory

INSTALLATION

1. Choose your deployment method and click “Next”. Do not choose typical installation. Some important settings are not covered in this method.sc_1

2. Type your product keysc_2

3. Accept all license termssc_3

4. Click on “Browse” to set path for downloaded required files or download them automatically using setting above and click “Next”sc_5

5. Select your SCCM languages and click “Next”sc_6

6. Select your client languages and click “Next”sc_7

7. Define Site code (xxx) and name , click “Next”sc_8

8. Join or create new primary site. Click “Next”sc_9

9. Define your SQL FQDN, instance name (just leave it blank) and database namesc_10

10. Click “Next” againsc_11

11. I don’t have a PKI infrastructure, so i choose use HTTP server communicationsc_12

12. Click “Next”sc_13

13. CEIP is a useful program, but now ” i don’t want to join…”. Click “Next”sc_14

14. Summary information. Click “Next”sc_15

15. I checked manually that my SCCM server have Full Control in “System Management” containter. WSUS SDK warning related with version of WSUS services. Just ignore it or update your WSUS.sc_16

16. Done!sccm_final

Don’t forget to update SCCM Server before your configuration! http://support.microsoft.com/kb/2706783 or just wait to SP1 release 🙂

Leave your comments! Thanks!