Building My Capture and Deployment Server – Part IV: Setting up Active Directory

This is the fourth part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In Part III, I configured Network Address Translation. In this part, I will configure Active Directory as one of the prerequisites for Windows Deployment Services.

Configure Active Directory

Since i will want to use Windows Deployment Services (WDS) to deploy images to virtual machines, I will have to install the prerequisites. There are three requirements for WDS; Active Directory, DNS, and DHCP. Luckily Active Directory also requires DNS, so we will kill two birds with one stone here.

In Server Manager, right click Roles and select Add Roles. Click next on the first screen.

Building My Capture and Deployment Server - Part IV - 01

Put a check in the box next to Active Directory Domain Services.

Building My Capture and Deployment Server - Part IV - 02

If you do not have the .NET 3.5.1 feature enabled, you will be prompted to install it as well. Click Add Required Features. As a side note, I have .NET 4 framework installed, but it  the requirements are coded to check for this specific feature. It is an interesting situation.

Building My Capture and Deployment Server - Part IV - 03

After adding the required feature, click Next twice and click Install.

Building My Capture and Deployment Server - Part IV - 04

Once the installation finishes, close the Add Roles Wizard. The next step is to run dcpromo.exe. Click on Start, Run, and type dcpromo.exe and hit OK. The Active Directory Domain Services Installation Wizard will appear. Click Next twice.

Building My Capture and Deployment Server - Part IV - 05

Here we will select to create a new domain in a new forest. Click Next.

Building My Capture and Deployment Server - Part IV - 06

Select a fully qualified domain name (FQDN) for the new domain. I selected “contoso.local”. After click Next, the wizard checks to see if that name is already in use in the local network.

Building My Capture and Deployment Server - Part IV - 07

Once the check passes, you will be prompted to select a Forest functional level. Since I don’t have any legacy servers or applications to worry about, I select Windows Server 2008 R2 level and click Next.

Building My Capture and Deployment Server - Part IV - 08

The wizard does a quick check for DNS and then prompts me to install it along with making this server a Global Catalog for Active Directory. Click Next.

Building My Capture and Deployment Server - Part IV - 09

Here the wizard is complaining because my External NIC is configured for DHCP and it warns me that without a static IP address, some clients might not be able to find the DNS server. Since the internal NIC does have a static IP, and it is the only network that I care about for this DNS server to support, I choose to continue with DHCP.

Building My Capture and Deployment Server - Part IV - 10

Here it is complaining that there is not authoritative parent zone for DNS. Since this is the first DNS server in the network, this is expected. Click Yes to continue.

Building My Capture and Deployment Server - Part IV - 11

We’re now prompted to select locations for the Active Directory database, the log file, and the sysvol folder that houses GPOs, startup scripts, etc. I left it at the default settings and clicked Next.

Building My Capture and Deployment Server - Part IV - 12

Select a password for the Directory Services Restore Mode. This is for use if Active Directory becomes corrupted, or a malicious admin deletes all the users. You can boot a domain controller into restore mode and restore a backup of the Active Directory database.

Building My Capture and Deployment Server - Part IV - 13

We do a final review of the settings we selected and kick off the configuration. This will take a little while and require a reboot.

Building My Capture and Deployment Server - Part IV - 14

Building My Capture and Deployment Server - Part IV - 15

Once the install is finished, it will prompt you to restart.

Building My Capture and Deployment Server - Part IV - 16

Once the restart is completed, we have a fully functioning Active Directory and DNS server.

As a side note on the DNS. With the settings as they are now, there are two DNS “resolvers” for the server. The External NIC has its DNS server entries set to my routers DNS due to DHCP, while the Internal NIC is configured to use the local host DNS server. The internal network can resolve DNS records due to the Internal NICs DNS configuration. In a real environment, I would also set the External NICs DNS configuration to blank and ensure the Internal NIC is at the top of the network bindings. This would then have both NICs resolving from the same DNS server.


Series Posts

Advertisements

Posted on January 27, 2013, in Lab, STIG. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: