Expanding your domain? Monitor every domain controller and endpoint from a single console
and secure your Active Directory setup.

Get Your Free Trial Free, fully functional 30-day trial

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects – Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

• Live Demo
• Free Edition
• Download Now

Expanding your domain? Monitor every domain controller and endpoint from a single console
and secure your Active Directory setup.

How to create child domain in Windows Server 2012 R2?

Step 1: Install Active Directory Domain services

1. Log into your Active Directory Server with administrative credentials.
2. Open Server Manager → Roles Summary → Add roles and features

The “Before you begin” screen, which pops up next, is purely for an informational purpose. After you finish reading it, click Next.

Select the installation type. If it is a virtual machine based deployment, choose Remote Desktop Services installation. Else, choose Role-based or Feature-based installation.

Now, select the destination server on which the role will be installed. Make sure the IP address is that of the selected server. Else, close the server manager and retry.

Select the roles you want to install on this server. The basic requirement to promote this server to a domain controller is the Active Directory Domain Services.

The features for this role are ready to be installed. The basic features required for this service are auto-selected by default. Click next.

Confirm your installation selections. It is recommended to select the “Restart the destination server automatically if required” option to make it easier and avoid human intervention. Select “Install” and once installation is complete, close the window.

Step 2: Promote the server to a domain controller

1. Once the ADDS role is installed in this server, you will see a notification flag next to the Manage menu. Select “Promote this server into a domain controller”.
2. Select “Add a domain to an existing forest” and fill in the parent domain name. Choose a name for your child domain. Click change and enter an enterprise administrator’s credentials to initiate the operation.

On the Domain Controller Options page De-select DNS or GC during this installation, Enter a desired DSRM Password, click next.
Note: Because the server’s IP Address is in a different site defined in Active Directory Sites and Services, the site name has been pre-selected for that site.

Verify the NetBIOS name of your domain.

Select the folder where your database, log files and SYSVOL will be stored. It is recommended to stick to the default settings.

Review your options and click Next. A prerequisites check will be done by Active Directory. Once it is complete, click Install.

Your system will be rebooted automatically for the changes to take effect. Verify the health of the domain controller by running the command dcdiag /v from the command line.

Having one Domain Controller is not recommended because it creates a single point of failure. If the only Domain Controller goes down in the organization, big outages will occur resulting in a loss of operations. To avoid this single point of failure you need to have a secondary Domain Controller. A second DC will load balance the services and minimize the risk of critical services going down. In this article, I will walk through the steps to add a second Domain Controller in a Windows Server 2012 R2 domain.

For steps on adding the first domain controller, see this article Adding Windows 2012 R2 Domain Controller to a new forest.

1. The first step is to go into Server Manager and Select “Add Roles and Features”.

2. Click “Next on the “Before you begin” screen.

3. On Installation Type, select “Role based or feature-based installation” and click “Next”.

4. On Server Selection, select the server you want to install the role on, it should default to the local server. Click “Next”.

5. On Server Roles, select “Active Directory Domain Servers”. You will get a pop up to add features that are required for Active Directory Domain Services, click “Add Features” and then click “Next”.

6. On the features page click “Next”.

7. On the AD DS page click “Next”.

8. On the confirmation page click “Next”. You can have the server reboot automatically if needed by selecting the box “Restart the destination server automatically if required”.

At this point, Active Directory Domain Services should be installing. This will take a few minutes.

You will need to look under the progress bar to know when it is complete. It will say in small letters “installation succeeded”.

9. Now that the role is installed, we can promote the server to a Domain Controller. Back in Server Manager you will see a yellow triangle at the top right that needs to be clicked. In the message details click “Promote this server to a domain controller”.

10. On the deployment configuration page, select “Add a domain controller to an existing domain”. Enter the existing domain name, or select it from the domain field. You will get prompted for administrative credentials. Click “Next”.

11. On the Domain Controller Options page, Domain Name System (DNS) server and Global Catalog (GC) should be checked. The Default First Site name should be selected for the site name unless you have created a new one. I would recommend leaving it at the default. Enter in a password for the Directory Services Restore mode and click “Next”.

NOTE: Directory Services Restore MODE (DSRM) allows an administrator to repair or recover an Active Directory Database.

You will most likely receive the error below that says “A delegation for this DNS server cannot be created….” This is common. The wizard is trying to contact the nameservers for the domain I entered winadpro.com and is unable to create a delegation for the sub-domain ad.winadpro.com. This message can be ignored if you don’t need computers from outside of the network to be able to resolve names within your domain. More info on this error https://technet.microsoft.com/en-us/library/cc754463(WS.10).aspx

13. On the Additional Options page, select where you want this server to replicate from. In my environment, I want it to be able to replicate from any domain controller. The replication depends on how you installed the first DC and where it is located. If the DC’s are all in the same site, then replicate from any will work. If you have multiple sites, then you would have a different replication strategy. For my organization, we have 4 domain controllers all in the same site, so I have set them up to replicate from any.

14. On the paths page enter the desired folder settings and click “Next”. I would leave these to the default settings.

15. Review options and click “Next”.

16. The prerequisites check will now run and validate the settings. You should get a green check that all checks passed successfully. Click “Install”.

17. Reboot and verify.

Once the Active Directory Domain Services install and configuration is complete you will need to reboot. If you want to verify your install and the health of the Domain Controller run dcdiag /v from the command line. You can also go into Administrative Tools, Active Directory Sites and Services and verify the new Domain Controller is listed under your site.

i

In conclusion, it is highly recommended to have multiple DCs in your organization. The benefit to this is it will load balance the services and minimize the risk of a complete network outage. Feel free to leave your comments or questions in the comment section.

Recommended Tool: Hybrid Cloud Monitor

The Hybrid Cloud Monitor tool is designed to monitor and analyze IT infrastructure across on-premises and multi-cloud environments.

Monitor Azure, Active Directory, virtual and physical servers, manage IP addresses, log management and analysis, network flow and bandwidth graphs, and much more.

Get end-to-end visibility, analytics, and performance monitoring from a single web dashboard.

• Published: March 9, 2019 9:09 PM Updated: December 6, 2019 8:24 PM
• Author Arranda Saputra

To put it simple, you can understand DNS forwarding as a method for DNS server to resolve a query by “asking for a help” from another DNS server. It is supported by on Windows DNS server, including Windows Server 2012 R2. The default behaviour is that Windows DNS Server will forward query that it cannot resolve to a list of public DNS servers on the internet which is called the root hints. But if you Configure DNS Forwarding in Windows Server 2012 R2, then it will forward the query to the designated DNS server which is called the forwarder.

How to Configure DNS Forwarding in Windows Server 2012 R2

If you install DNS server on Windows Server 2012 R2, you can configure DNS forwarding by using DNS Manager or PowerShell.

Using DNS Manager

On the server where DNS Server role installed, open Server Manager then navigate to Tools > DNS to open up the DNS Manager.

In the DNS Manager, right click the DNS server hostname on the left-pane and select Properties.

Click on Forwarders tab, then click on Edit button.

Enter the IP address of the other DNS server (forwarder) then press Enter. If the IP address is a valid DNS server then it will show green checklist icon as in the picture below. Repeat this for each forwarder servers that you want.

You can click OK to confirm the settings.

Using PowerShell

You can also configure DNS forwarding in Windows Server 2012 R2 by using PowerShell. Below is the command you need to enter in an elevated PowerShell window:

Alternatively, you can also use the command below:

You only need to adjust the FORWARDER_IP value to match your configuration plan. You can specify more than one forwarder in a single command by separating each IP address with a comma. Note that there is difference between the two commands above. The “Add” command will append the specified forwarder IP to the existing list of forwarders that you have. Meanwhile, the “Set” command will overwrite the existing forwarders list with the specified IP address.

Here’s example of adjustment in the query that will resulting the same as the previous example:

Verification

To verify that DNS forwarding works, you can attempt to resolve any names that is not in the DNS server data. In this example, our DNS server only has data for names in domain mustbegeek.com. Therefore, now we will test to resolve for domain corp.mbg.com.

Before we have DNS forwarding configured to the authoritative server for domain corp.mbg.com, our DNS clients unable to get the name resolution for corp.mbg.com.

After DNS forwarding configured, our clients able to get the name resolution for corp.mbg.com.

Working with DNS Forwarding in Windows DNS Server

Before you configure DNS forwarding, you should make sure that recursion is not disabled on the server. DNS forwarding requires recursion to request for information from the forwarders on behalf of the client.

By default recursion is enabled on Windows DNS Server but in some case it may be disabled. To check if recursion enabled, you can go to the DNS server properties in the Advanced tab. Then, under Server Options, confirm that no tick mark on the check box for Disable recursion setting.

And that’s all you need to know to configure DNS forwarding in Windows Server 2012 R2.

In my previous blog, we have installed Windows Server 2012 R2. Now, in this blog, I’ll show you how you can install Active Directory with Domain Controller in Windows Server 2012 R2. Kindly follow the below mentioned steps to install AD.

SharePoint 2013 Installation Series:

• Part 1 –Step by step Installation of Windows Server 2012 R2
• Part 2 –Step by step installation of Active Directory Domain Services in Windows Server 2012 R2
• Part 3 –Step by step installation of Microsoft SQL Server 2012 R2 on Windows Server 2012 R2
• Part 4 –Install and troubleshoot Online/Offline prerequisites issues for SharePoint 2013
• Part 5 –Step by step installation of SharePoint 2013 with Sql Server 2012 on Windows Server 2012 R2

Note : If you wish to see how to install SharePoint 2016 then please check my step by step guide to installing SharePoint 2016.

Steps:

1. Open the Dashboard in the Server Manager, and click on the Add roles and features links from right hand side panel of the screen

2. You should be able to see Add Roles and Features Wizard screen. Check the Skip this page by Default check box and press Next button.

3. You will be asked for select the Installation in this screen, Click on “Role-based or feature-based Installation” and press Next button

4. In the following screen, you will be asked to select a destination server from the server pool and press Next button

5. On the Select Server screen, Select the role Active Directory Domain Services. Once you selected the role, you will be promoted to install the prerequisites. Check the Include management tools(If applicable) check box and press Add Features button

6. Now, you have installed all the prerequisites for Active Directory. Select the additional Roles and Features if required. Press Next button to continue

7. The following screen has information about how Active Directory Domain Services will be installed. Press Next button to continue

8. The next screen in Add Roles and Features Wizard is Confirm Installation Selections Screen. Click the Restart the destination server automatically if required. and Click on Install button.

9. Now, Installation process will be started. It takes several minutes to complete.

10. Once, Active Directory Domain Service is installed. you can see the installation results in the screen. Click on Promote this server to a domain controller to lunch the Active Directory Domain Services configured wizard.

Note : Do not close the screen yet

11. You should be able to see the Deployment Configuration screen. Select the Add new a Forest radio button and provide Root domain name in the text box. Press Next button to continue

12. The next screen is the Domain Controller Options screen. Enter the Password of your choice in Password and Confirm password fields and Keep other settings on default. Press Next button to continue

13. You will be prompted with warning on DNS Option screen of the Active Directory Domain Services Configuration Wizard. Here, you don’t need to do anything. Just press Next button to continue

14. In the following Additional Option screen, you will be asked to verify the your NetBIOS domain name.

15. On the Paths screen , you can leave all the settings as is it and press Next button to continue

16. Now, you will get Review Options screen that shows the wizard settings you have selected. Press Next button to Continue

17. You will be landed on Prerequisites Check screen. This takes several minutes to complete the check. once, test is completed. Press the Install button

18. Now, you are on last screen of the Active Directory Domain Services Configuration Wizard. This Installation screens shows the installation progress. Once, Installation is completed, your server will be restarted automatically

19. After, your system restarted. you should be able to able to login with in domain using the Domain credentials ex. Domain\UserName

20. Now, you can use the Active directory Users and Computers administrator tool to create the users and groups

21. Verify all the domain details by browsing the Node of Users Folder in Left panel of the screen.

Please do let me know if anyone faces any issues in Installation or Configuration of Active Directory Domain Services.

• Published: July 26, 2013 11:29 AM Updated: October 23, 2016 4:04 PM
• Author Bipin

The process of creating user account in Windows Servers has been almost the same since Server 2003. Here I will show on Server 2012. After installing domain controller, creating organizational units and user accounts are the very first tasks. There are several methods to create user account in server 2012 domain controller. You can create user account from AD Users and Computers snap-in, using DsAdd command in command prompt, using New-ADUser cmdlet in WindowsPowershell and from AD Administrative Center.

Create User Account in Server 2012 Domain Controller

Here I will create user account in server 2012 domain controller using AD Users and Computers snap-in.

Step 1: Open AD Users and Computers Snap-in

Open AD Users and Computers snap-in from Server Manager. You can also open AD Users and Computers snap-ins by typing dsa.msc on RUN program. You can open RUN application pressing [Windows Key] + [R] on keyboard.

Step 2: Create an Organizational Unit

Organizational Unit or simply OU is a container object of AD domain which can hold users, computers, and other objects. Basically, you create user accounts and computers inside an OU. I will create an OU named Management. Right-click domain in AD users and Computers, choose New and click Organizational Unit.

Type Management to name the OU. Check the Protect container from accidental deletion option. This option will protect this object from accidental deletion.

Step 3: Create New User

Right-click the Management OU, click New and click User.

Now type the user information. Type the first name and last name. Here user logon name is the name that the user will use to actually log in the computer in the network. So when user tries to log in, he will type [email protected] or mustbegeek\sjobs on username field. Now click Next.

Now type the password. Check user must change password at next logon. The user will be forced to change the password when user logs in. Click Next.

Review the user configuration and click Finish.

You have successfully created a user account. You can open the properties of the user account to tweak settings.

This process is useful if you have to create couple of user accounts. But imagine, if you have to create hundreds or thousands of users. This process would be very time-consuming. So to create many users within minutes you can use Windows PowerShell scripts using New-ADuser cmdlet or batch script using DsAdd command.

INTRODUCTION

This article describes how to use the new .admx and .adml files to create and administer registry-based policy settings in Windows. This article also explains how the Central Store is used to store and to replicate Windows-based policy files in a domain environment.

Links to download the Administrative Templates files based on the operating system version

To view ADMX spreadsheets of the new settings that are available in later operating system versions, go to the following Microsoft Download Center website:

More Information

Overview

Administrative Templates files are divided into .admx files and language-specific .adml files for use by Group Policy administrators. The changes that are implemented in these files let administrators configure the same set of policies by using two languages. Administrators can configure policies by using the language-specific .adml files and the language-neutral .admx files.

Administrative Templates file storage

Windows uses a Central Store to store Administrative Templates files. The ADM folder is not created in a Group Policy Object (GPO) as it is done in earlier versions of Windows. Therefore, Windows domain controllers do not store or replicate redundant copies of .adm files.

The Central Store

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools by default. The Group Policy tools use all .admx files that are in the Central Store. The files that are in the Central Store are replicated to all domain controllers in the domain.

We suggest keeping a repository of any ADMX/L files that you have for applications that you may want to use, such as operating system extensions like Microsoft Desktop optimization Pack (MDOP), Microsoft Office and also third-party applications that offer Group Polic support.

To create a Central Store for .admx and .adml files, create a new folder that is named PolicyDefinitions in the following location (for example) on the domain controller:

When you already have such a folder that has a previously built Central Store, use a new folder describing the current version such as:

Copy all files from the PolicyDefinitions folder on a source computer to the new PolicyDefinitions folder on the domain controller. The source location can be either of the following:

The C:\Windows\PolicyDefinitions folder on a Windows 8.1-based or Windows 10-based client computer

The C:\Program Files (x86)\Microsoft Group Policy\ \PolicyDefinitions folder if you have downloaded any of the Administrative Templates separately from the links above

The PolicyDefinitions folder on the Windows domain controller stores all .admx files and .adml files for all languages that are enabled on the client computer.

The .adml files are stored in a language-specific folder. For example, English (United States) .adml files are stored in a folder that is named “en-US”; Korean .adml files are stored in a folder that is named “ko_KR”; and so on.

If .adml files for additional languages are required, you must copy the folder that contains the .adml files for that language to the Central Store. When you have copied all .admx and .adml files, the PolicyDefinitions folder on the domain controller should contain the .admx files and one or more folders that contain language-specific .adml files.

Note When you copy the .admx and .adml files from a Windows 8.1-based or Windows 10-based computer, verify that the most recent updates to these files are installed. Also, make sure that the most recent Administrative Templates files are replicated. This advice also applies to service packs, as applicable.

When the operating system collection is completed, merge any OS extension or application ADMX/ADML files into the new PolicyDefinitions folder.

When this is finished, rename the current PolicyDefinitions folder to reflect that is it the “previous” version, for example, PolicyDefinitions-1709. Then, rename the new folder (for example PolicyDefinitions-1803) to the “production” name.

We suggest this approach as you can revert to the old folder in case you experience a severe problem with the new set of files. When you have not experienced any problems wih the new set of files, you can move the older PolicyDefinitions folder to an archive location outside SYSVOL.

Group Policy administration

Windows 8.1 and Windows 10 do not include Administrative Templates that have an .adm extension. We recommend that you use computers that are running Windows 8.1 or later versions of Windows to perform Group Policy administration.

Updating the Administrative Templates files

In Group Policy for Windows Vista and later version of Windows, if you change Administrative Templates policy settings on local computers, SYSVOL is not automatically updated to include the new .admx or .adml files. This change in behavior is implemented to reduce network load and disk storage requirements and to prevent conflicts between .admx and .adml files when changes are made to Administrative Templates policy settings across different locations.

To make sure that any local updates are reflected in SYSVOL, you must manually copy the updated .admx or .adml files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

The following update enables you to configure the Local Group Policy editor to use Local .admx files instead of the Central Store:

You can also use this setting to:

Test a newly built folder as c:\windows\policydefinitions on an Administrative Workstation against your Domain Policies, before you copy it to the Central Store on SYSVOL.

Use older PolicyDefinitions folder to edit policy settings that don’t have an ADMX file in the latest build of your Central Store. One common example would be policies that have settings for older versions of Microsoft Office that are still in the Group Policies. Microsoft Office has a separate set of ADMX/L files for each release.

Known Issues

Issue 1

After you copy the Windows 10 .admx templates to the SYSVOL Central Store and overwrite all existing *.admx and *.adml files, click the Policies node under Computer Configuration or User Configuration. When you do this, you may receive the following error message:

Dialog Message text
Namespace ‘Microsoft.Policies.Sensors.WindowsLocationProvider’ is already defined as the target namespace for another file in the store.

File
\\ \SysVol\ \Policies\PolicyDefinitions\Microsoft-Windows-Geolocation-WLPAdm.admx, line 5, column 110

Note In the path in this message, represents the domain name.

To resolve this problem, follow the steps that are documented in the following Knowledge Base article:

Issue 2

Updated ADMX/L files for Windows 10, version1803 contain only SearchOCR.ADML. This is not compatible with an older release of SearchOCR.ADMX that you stll have in the Central Store. Details on the problem:

Both of these problems can be avoided by building a pristine PolicyDefinitions folder from a base OS release folder as described above.

In this chapter, we will see how to Install Active Directory in Windows Server 2012 R2. Many of us who have worked with the previous version run DCPROMO.EXE to install it, but in the 2012 version, it is recommended by Microsoft not to use it anymore.

To continue with Installation follow the steps given below.

Step 1 − Go to “Server Manager” → Manage → Add Roles and Feature.

Step 2 − Click the Next button.

Step 3 − As we are installing AAD on this machine, we will select “Role-based or featurebased Installation” → Next.

Step 4 − Click on “Select a server from the server pool”, this is the case when it will be installed locally.

Step 5 − Check mark in the box next to Active Directory Domain Services. A box will be explaining additional roles services or features which are also required to install domain services.

Step 6 − Click Add Features.

Step 7 − Check “Group Policy Management” → Next.

Step 8 − Click the “Next” button.

Step 9 − Click “Install”.

Installation Screen will come up now and you have to wait until installation bar completes.

Now that the installation of DC role is finished, you have to configure it for you server.

Step 10 − Click “Server Manager” → Open the Notifications Pane by selecting the Notifications icon from the top of the Server Manager. From the notification regarding configuring AD DS (Active Directory Domain Services), click Promote this server to a domain controller.

Step 11 − Click “Add a new forest” → Insert your root domain name into the Root domain name field. In my case, I have put “example.com”.

Step 12 − Select a Domain and Forest functional level. Once selected fill in a DSRM password in the provided password fields. The DSRM password is used when booting the Domain Controller into recovery mode.

Step 13 − In the next screen which shows up, there is a warning on the DNS Options tab, click OK and then select Next.

Step 14 − Enter NETBIOS name and click “Next”.

Step 15 − Select location of the SYSVOL, Log files and Database folders and then click Next.

Step 16 − Click “Install” and wait until it is finished. The server will restart several times.

By Vladan SEGET | Last Updated: June 16, 2016

Windows 10 brought new options for managing endpoints. As the latest version of Windows Server is version 2012 R2 for now, we need a workaround the time new Windows Server 2016 will come up. The pack containing Windows 10 ADMX templates allows to control which features and functions are activated on Windows 10 computers. For your information there is 2101 new settings for Windows 10 in those ADMX files….

If you have a domain managed by a domain controler which does not have a clue that some Windows 10 boxes are now part of a domain, how do you manage those systems? There is a new browser Edge. Or another example – Microsoft OneDrive for storage. You may want to prevent users to use OneDrive for storing enteprise documents by disabling completely OneDrive. You can manage those configs through GPO.

With Windows Server 2012 R2, you need to import Windows 10 ADMX file into a specific folder that you’ll have to create. When the 2012R2 was released (in 2013) Windows 10 wasn’t born just yet. To use those .ADMX files in Windows Server 2012R2, you must create a Central Store in the SYSVOL folder on a Windows domain controller.

The Central Store is a file location that is verified by the Group Policy tools. The Group Policy tools use any .ADMX files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

How-to Import Windows 10 ADMX into Windows Server 2012 R2 Domain – The steps:

Step 1: First thing to do is to create a Central store at C:\windows\sysvol\ \policies

There you create a folder named PolicyDefinitions

Step 2: The next step is to download and import the Windows 10 ADMX files. So after downloading > Run the MSI package to install it > Copy all ADMX files from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions to the Central store folder called PolicyDefinitions you just created.

(Note: copy also the folder as on the image below – depending of the language you’re managing – In my case I copied the en-US, but you may run your DC in different language, then you might want to pickup different one. In any case, if the folder isn’t copied you’ll find yourself with bunch of errors when wanting to edit new GPOs).

Step 3: Go to your Group Policy Management Console (gpmc.msc ) and create new GPO for your Windows 10 endpoints > Then Right Click > Edit

The new options will show up under Computer configuration > Policies. There is completely new branch called “Administrative Templated: Policy Definitions (ADMX files) retrieved from the central store”. The central store that you have created at the beginning of this post.

That’s it. You can then find the setting you want to disable and hook this GPO to the container where your Windows 10 desktops are located….

DC Scope for VMware vSphere – optimization, capacity planning, and cost management. Download FREE Trial Here.

• Tracks the performance of VMs with a summary view of the resources and metrics in degradation.
• Easily improve the performance of your infrastructure.
• DC Scope is affordably priced per VM.

In this example I refuse all cookies in Microsoft Edge browser, but as I mentioned at the beginning of this post, there is over 2000 settings….

Refresh the GPO by running “gpupdate /force” from command line > Done.

Let me get back to systems which are not part of a domain. There is a second option for users that do not wont to go through the Group Policy console.

Option 2: For isolated systems you might also disable the settings via a registry key

The associated registry key, located at:

“HKLM\Software\Policies\Microsoft\Windows\CloudContent,” value “DisableWindowsConsumerFeatures.”

Set that value to 1 and you won’t get the extra apps.

Install and configure DNS Server which is a standard network protocol and a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.

Install and Configure DNS Server in Windows Server

From Windows Server 2012 R2 dashboard, click on Manage tab and then click Add Roles and Features to open the Add Roles and Features Wizard page and click Next.

Add Roles and Features Wizard

On the opened page select Role-based or features-based installation and click Next.

Add Roles and Features Wizard – Technig

We want to install on the local machine, so select the server you want to install DNS from server pool section and then click Next.

Select a Server from server Pool

In the Server Roles page, select DNS Server, in the opened page click Add Features. These are the required features needed to install with DNS Server, and then click Next.

Server Roles – DNS Server

On the Features page, do nothings and click Next.

DNS Server Features

The DNS Server page read the information and click Next.

Install DNS Server

On the Confirmation page, tick the Restart the destination server automatically if required and click Yes warning page then click Install.

DNS Server Installation Confirmation

The installation process will take a few minutes. When the installation succeeded, close the page and open the DNS Server console.

DNS Installation Process

The installation has accomplished successfully. Now to to create DNS Zone.

How to Create DNS Zone in Windows Server 2012 R2

Creating zone in DNS Server is easy, but need some basic knowledge to understand the difference between zones and types of zone you need to create.

Primary zone: When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server.

Secondary zone: When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.

Stub zone: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. Read more: https://technet.microsoft.com/en-us/library/cc771898.aspx

So we try to create Primary Zone. From DNS Manager console right click Forward Lookup zones and click New Zone.

DNS Manager Console

On the New Zone Wizard page click Next.

New Zone Wizard

Select Primary zone from Zone type page and then click Next.

DNS Zone Name

Type the Domain Name or your domain to Zone name then click Next go to the next page.

DNS Zone Files

On the Zone File page, just click Next.

DNS Dynamic Update

Leave the Dynamic Update configuration by default and click Next.

Completing DNS Server Installation Wizard

Finally click Finish to complete the installation.

Technig DNS Server

That’s all the step by step installation and configuration of DNS Server on Windows Server 2012 R2.

Searches related to Install and Configure DNS in Windows Server 2012 R2

Configure dns server 2012 r2 step step
DNS server configuration in windows server 2008 r2 step by step
Windows server 2012 dns best practices
DNS server configuration in windows server 2016 step by step
Windows server 2012 R2 DNS forwarders

Overview

This page describes how to obtain a certificate on Windows Server 2008 R2 or 2012 without using IIS Manager. The version of certmgr.msc supplied with Windows 2003 is different and these instructions do not apply.

Step 17 of this document will generate a Certificate Signing Request (CSR) that allows the private key to be exported. Sometimes this is required because the certificate will be used on multiple hosts (clustering environment) or the application that will use the certificate can’t access the Windows certificate store. CSRs with exportable keys cannot be generated from IIS Manager–you must use the Windows certificate manager.

Procedure

Generate a Certificate Signing Request (CSR)

1. Log in as an administrator
2. From a command prompt or the run menu:
   1. To create the certificate in the local machine store (recommended):
      1. Type mmc
      2. On the File menu, click Add/Remove Snap-in. Click Certificates in the left pane, then click Add.
      3. Select Computer Account, then click Next.
      4. Select Local Computer, then click Finish.
      5. Click OK.
   2. To create the certificate in the logged on user’s personal store:
      1. Type certmgr.msc
3. In the left pane expand Certificates (Local Computer), expand Personal, then click Certificates.
4. On the Action menu, click All Tasks, then click Advanced Operations, then click Create Custom Request.
5. Click Next.
6. Select Proceed without enrollment policy. Click Next.
7. In the Template menu, select (No template) CNG key, and verify that Suppress default extensions is not selected. (Note: Some software may not be compatible with CNG keys. In this case, select (No template) Legacy key )(Note: specifically, the .Net X509Certificate2.PrivateKey method will throw an exception on CNG keys and ADFS 3.0 will refuse to accept them.)
8. Under Request Format, select PKCS #10. Click Next.
9. Click the arrow next to Details to expand the selection. Click Properties.
10. On the General tab, provide a Friendly name and Description for the certificate. These can be anything you want.
11. On the Subject tab, in the Subject name box:
    1. In the Type menu, select Common name. In the Value field, type the fully qualified domain name of the server (e.g. myhost.washington.edu), and click Add.
    2. In the Type menu, select Organization. In the Value field, type University of Washington. Click Add.
    3. In the Type menu, select State. In the Value field, type WA. Click Add.
    4. In the Type menu, select Country. In the Value field, type US. Click Add.
    5. (Optional) In the Type menu, select Email. In the Value field, type a contact email address. Click Add.
12. (Optional) On the Subject tab, in the Alternative name box, enter subject alternative names if you need them (these can also be requested when you submit the CSR).
13. (Optional) If you want to restrict how this certificate can be used, you can select the appropriate options under Key usage and Extended Key Usage on the Extensions tab.
14. On the Private Key tab, expand Cryptographic Service Provider. Select RSA, Microsoft Software Key Storage Provider. Make sure no other options are selected. (Note: If you selected (No template) Legacy key in Step 7, select Microsoft RSA SChannel Crytographic Provider (Encryption) instead. This option is usually at the end of the list. ).
15. On the Private Key tab, expand Key Options.
16. In the Key size menu, select a value of at least 2048.
17. Select Make private key exportable. This step is only required if you will use this certificate on another computer (e.g. in a clustered environment), or with an application that does not use the Windows certificate store (e.g. Mozilla Firefox).
18. Click OK.
19. Click Next.
20. Choose a file name and location for the CSR. Select Base 64. Click Finish.
21. Submit the CSR to the InCommon or UW CA. For details on this process see UW Certificate Services.

If you generate a lot of CSRs, you may find it easier to install OpenSSL and generate them from the command line–OpenSSL for Windows is available at:

OpenSSL can also convert certificates to and from various formats.

Loading…

In today’s blog post we will install new Windows Server 2012 AD Forest that contains two Domain Controllers. We are going to use PowerShell DSC to help us make this deployment.

For this example, we have 3 VM’s:

• Router – 192.168.1.1/24
• DC01 (Server 2012 R2) – 192.168.1.2/24
• DC02 (Server 2012 R2) – 192.168.1.3/24
• RSAT (Server 2012 R2) – 192.168.1.4/24

Do the following prep work on DC01, DC02 and RSAT:

1. Install and update Windows Server 2012 R2.

2. Set Computer Names and static IP’s.

Because computers are not in trusted domain, you need to add remote computers DC01 and DC02 to Trusted Hosts list on RSAT to enable authentication.

Check WinRM configuration.

Check PowerShell version.

5. Install DSC xActiveDirectory

Securing the MOF

• Create a certificate on RSAT.
  • Script Center: Self-signed certificate generator (PowerShell)
  • Microsoft Docs: Securing the MOF File

• Enter certificate thumbprint into the DSC ConfigurationData .psd1
• On RSAT export certificate (with Public key only) to C:\DscPublicKey.cer
• On RSAT export certificate (with Private key) to C:\DscPrivateKey.pfx
• On Target Nodes (DC01, DC02) import certificate (with Private key) into the Local Machine:
  • Personal certificate store
  • Trusted Root Certification Authorities certificate store

Creating a configuration data file (ConfigurationData.psd1)

Note: remember to save configuration data file with extension .psd1

Create DSC Configuration Script (HADC.ps1)

Generate configuration MOF files

Now that we have created ConfigurationData.psd1 and HADC.ps1 we can procead with generating configuration .mof files by executing HADC.ps1

Push DSC Configuration from RSAT to target nodes DC01 and DC02

To push configuration to target nodes we need to initiate configuration processing via the Start-DscConfiguration cmdlet.

If you think I have explained something wrong or you have some advice for me and other readers, please leave a comment.

I’m trying to create a sandbox environment, without it affecting the production environment. I’m not a server administrator, so please bare with my wording. We decommissioned a whole bunch of old desktops that were used as proxy servers and my supervisor is letting us grab one of them to create a sandbox environment. So I have installed Windows 2012 r2 on one of them and it is NOT on the domain, just a workgroup.. that’s it so far. I understand that I have to turn on the HyperV role and create an internal VLAN. Can anyone recommend me a easy guide for this, whether it’s a doc or youtube? There’s so many out there with different methods. I just want to create my own DC1, WDS server and have the vm clients talk to eachother on HyperV without it affecting our live domain. What will happen if I create a external VLAN?

Popular Topics in Virtualization

You want virtual switches in this case, not VLANs.

Let’s take a step back. What are the specs on the system you want to use?

A DC, WDS, and clients on one system will need some serious resources, RAM and disk I/O being the two most important. Your CPU will also need hardware virtualization.

After that, you’ll create an internal virtual switch for your VMs internal communications.

Ideally, you’d set up some kind of virtual router (IPfire, IPcop, pfSense) as a VM with an external virtual switch to allow your VMs access to the internet.

Setting up a DC is trivial, add the role and follow the wizard.

4 Replies

you don’t want a VLAN per se, you want them communication on an internal vSwitch in Hyper-V Manager. This keeps all communication within the host and it cannot exit onto the network.

You want virtual switches in this case, not VLANs.

Let’s take a step back. What are the specs on the system you want to use?

A DC, WDS, and clients on one system will need some serious resources, RAM and disk I/O being the two most important. Your CPU will also need hardware virtualization.

After that, you’ll create an internal virtual switch for your VMs internal communications.

Ideally, you’d set up some kind of virtual router (IPfire, IPcop, pfSense) as a VM with an external virtual switch to allow your VMs access to the internet.

Setting up a DC is trivial, add the role and follow the wizard.

You want virtual switches in this case, not VLANs.

Let’s take a step back. What are the specs on the system you want to use?

A DC, WDS, and clients on one system will need some serious resources, RAM and disk I/O being the two most important. Your CPU will also need hardware virtualization.

After that, you’ll create an internal virtual switch for your VMs internal communications.

Ideally, you’d set up some kind of virtual router (IPfire, IPcop, pfSense) as a VM with an external virtual switch to allow your VMs access to the internet.

Setting up a DC is trivial, add the role and follow the wizard.

Thank you @dancrane and @essjae for the responses.

My apologies for the lack of information on the specs.

It’s a Lenovo ThinkCentre M83 SFF Pro Desktop.

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz, 3392 Mhz, 4 Core(s), 4 Logical Processor(s)

Installed Physical Ram: 16 GB (I know at least 32 GB is more sufficient, but this is all I can work with for now)

HDD (1TB) With two partitions. One for the C drive and the second to throw the VHD’s on.

Filtrer

Mes recherches récentes

Filtrer par :

Budget

• Travaux locaux
• Emplois à la une
• Emplois recruteur
• Emplois à temps plein

Compétences

Langues

État du travail

Informaticien / Automaticien développeur confirmé Delphi / Visual Studio / Wonderware / PLC Siemens Description des activités : – Analyse, développement, évolutions, installation, tests, maintenance. expérience en développement d’applications informatiques en environnement industriel et de type client – serveur (AS400) – Développement sous Delphi version 7 et au-delà – Développement sous Visual Studio – Développement sous environnement Wonderware : InTouch, System platform – Automates Siemens – Bonnes connaissances sur les réseaux industriels, les systèmes d’exploitation Windows et Windows Server, et les bases de données SQL et Oracle – Connais.

J’ai un travail en continu concernant notre projet précédent ‘ create a great logo By word of mouth.’

Créer et implanter un template WordPress pour un site Internet existant. Il s’agit d’un portail régional (qui doit être conçu dans l’éventualité qu’on ajoute des régions) qui sera également connecté à une billetterie. Le portail existe déjà, il faut en faire la mise en forme et l’installation de plugins qui vont permetre d’atteindre nos objectifs. Le créateur du template a le choix des nouveau plugins à implanter dans la mesure ou ils sont disponibles gratuitement. Nous souhaitons que cette structure deviennent complémentaire à la billetterie mais à un niveau régional (alors que la billetterie est pour le Canada en entier). En plus d&#0.

i need simple reset password server

Bonjour, je recherche un designer pour finaliser une carte recto verso pour un packaging. Je dois l’envoyer pour production lundi. Avez vous des disponibilités?

Waste Water Treatment Plant ODOR ABATEMENT FILM (5 mins)

Bonjour, je cherche quelq’un qui peut créer une video de type infographic qui va etre inserée sur notre site. J’accepte les templates mais je souhaite le personnaliser au maximum (ex: ajouter des personnages, des camemberts etc.. ), bref je veux pas retrouver le meme template sur youtube ou ailleur. Celui ou celle qui le crée doit imperativement avoir un bon niveau ecrit en français pour eviter le temps perdu sur les corrections. La video doit avoir un minimum de 45 Sec.J’accepte egalement des propositions de scripts pour ceux qui ont travaillé sur des sujets similaires, sinon un script vous sera fourni.

J’ai du travail en cours en lien avec notre projet précédentCreate CSS to convert a website in responsive’

Create Web App, IOS & Android App

As discussed As discussed As discussed As discussed

J’ai du travail en cours en lien avec notre projet précédentCreate a logo that looks like a vintage Whiskey Label’

J’ai un travail en continu concernant notre projet précédent ‘ Create a logo’

ndroid est un système d’exploitation mobile, c’est-à-dire que, tout comme Windows ou OS X, c’est un gros programme qui gère le matériel sur lequel il s’exécute (smartphone, tablette, ordinateur ou d’autres) ainsi que les logiciels qu’il permet d’exécuter. Par exemple, Windows permet d’exécuter Internet Explorer, et pour ce faire, il doit faire le lien entre la souris et le curseur à l’écran, entre le clavier et les champs de saisie, etc. Et avec l’explosion des ventes de smartphones ces dernières années, Android a pris une place importante dans la vie quotidienne de millions de personnes, au point qu’il s’agit du système d’exploi.

. one page . ce site est en fait une plateforme privée que nous allons utiliser entre nous pour coter chaque musique que je mettrai dessus avec un cote allant de 0 à 10 Il me faut un panneau admis qui me permet de drag & drop tout les chansons et que celui-ci créer directement une nouvelle playlist a chaque fois sur un one page directement visible et que cette one page soit fonctionnel sur Windows,mac, smartphone ou tablette. il doit créer le nom de la track d’après le nom du fichier et après le vote ils peuvent télécharger cette chanson (en gros s’il n’a pas écouté au minimum 15 sec la chanson et voté il ne peut pas downloader la track) Je dois pouvoir effacer les playlist.

Objectif Notre client cherche une assistance à maitrise d’oeuvre dans le domaine du développement web en Java afin de participer, entre autres, à la réalisation des tâches suivantes : – Mettre en place un formulaire en ligne de candidature pour les stagiaires et les candidat. développement et maintenance d’application java/j2ee) pour travailler sur le site Internet de notre client. Profil Le profil demandé est le suivant : – Très bonne connaissance de Java, J2ee, Hibernate et Spring – Bonne connaissance de JavaServer Faces, HTML, CSS et SQL – Autre connaissances souhaitées : Apache MyFaces, SVN, Maven, Tomcat, javascript et jQuery – Environnement de Travail : Windows 7 et Eclipse – Environnem.

site de vente de produit informatique et dérivées

. temps (en-cours de réalisation) La structure du fichier de données Excel devra avoir la composition suivante : 1/ A l’ouverture, page d’initialisation avec 5 statuts possibles (Non cadre / Cadre / Metteur au point / Manager / Manager metteur au point). 2/ Formulaire de saisie de données obligatoires (10 champs) uniquement pour si choix Non cadre / cadre ou metteur au point. 3/ Ensuite, on arriverait sur une page de garde composée de plusieurs boutons: a/ saisie : lien pour se rendre sur un formulaire de saisie. Il y aurait 2 types de formulaire selon le statut choisi. 1 identique pour les statuts non cadre et cadre. 1 autre pour les statuts metteurs au point. Ce formulaire de saisie comprendrait différents champs (12 maxim.

Bonjour à tous ; Je cherche un connaisseur en matière d’hébergement de site internet -sous Windows ou ou idéalement Linux- ; J’ai de bonnes connaissances en Apache, PHP, MySQL, Bind et autres serveurs (SMTP, POP/IMAP, FTP), mais comme vous le savez, cela ne suffis pas ! Il me faut un conseiller avant tout pour le choix du matériel (acheter et louer un emplacement en Datacenter ? Louer du matériel déjà installé dans un Datacenter ? Louer des serveurs dédiés . ) Vous ne devez pas être trop loin de chez moi. Je suis d’Arras 62000 dans le Pas-De-Calais pour que nous puissions nous rencontrer et travailler ensemble… – Installer (ensemble) un OS (Debian, Ubuntu ou autres syst.

Most users and administrators use the taskschd.msc graphical interface console to create and manage scheduled tasks on Windows. However, in various scripts and automated flows, it is much more convenient to use the PowerShell features to create scheduled tasks. In this article, we’ll show how to create and manage Windows Scheduler tasks using PowerShell.

• Managing Scheduled Tasks on Windows via PowerShell
• Creating Scheduled Task with Windows PowerShell
• How to View and Run Scheduled Tasks with PowerShell?
• How to Export and Import Scheduled Tasks via XML Files?

Managing Scheduled Tasks on Windows via PowerShell

The ScheduledTasks PowerShell module is used to manage scheduled tasks on Windows 10/Windows Server 2016. You can list the cmdlets in a module as follows:

Get-Command -Module ScheduledTasks

• Disable-ScheduledTask
• Enable-ScheduledTask
• Export-ScheduledTask
• Get-ClusteredScheduledTask
• Get-ScheduledTask
• Get-ScheduledTaskInfo
• New-ScheduledTask
• New-ScheduledTaskAction
• New-ScheduledTaskPrincipal
• New-ScheduledTaskSettingsSet
• New-ScheduledTaskTrigger
• Register-ClusteredScheduledTask
• Register-ScheduledTask
• Set-ClusteredScheduledTask
• Set-ScheduledTask
• Start-ScheduledTask
• Stop-ScheduledTask
• Unregister-ClusteredScheduledTask
• Unregister-ScheduledTask

Creating Scheduled Task with Windows PowerShell

In modern versions of PowerShell (starting with PowerShell 3.0 on Windows Server 2012/Windows 8), you can use the New-ScheduledTaskTrigger and Register-ScheduledTask cmdlets to create scheduled tasks.

Suppose, we need to create a scheduled task that should run during startup (or at a specific time) and execute some PowerShell script or command. Let’s create a scheduled task named StartupScript1. This task should run the PowerShell script file C:\PS\StartupScript.ps1 at 10:00 AM every day. The task will be executed with elevated privileges (checkbox “Run with highest privileges”) under the SYSTEM account.

$Trigger= New-ScheduledTaskTrigger -At 10:00am -Daily
$User= “NT AUTHORITY\SYSTEM”
$Action= New-ScheduledTaskAction -Execute “PowerShell.exe” -Argument “C:\PS\StartupScript1.ps1”
Register-ScheduledTask -TaskName “StartupScript1” -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force

If the task was created successfully, the status “Ready” appears.

Your PowerShell script will run on the specified schedule. If you have a PowerShell Execution Policy enabled on your computer that prevents PS1 scripts from executing, you can run a PowerShell script from a scheduled task with the –Bypass parameter.

Use this code when creating a new task:

$Action= New-ScheduledTaskAction -Execute “PowerShell.exe” -Argument “-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\PS\StartupScript.ps1″

Open the taskschd.msc console and make sure you have a new scheduler task in the Task Scheduler Library.

$TaskName = “NewPsTask”
$TaskDescription = “Running PowerShell script from Task Scheduler”
$TaskCommand = “c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe”
$TaskScript = “C:\PS\StartupScript.ps1”
$TaskArg = “-WindowStyle Hidden -NonInteractive -Executionpolicy unrestricted -file $TaskScript”
$TaskStartTime = [datetime]::Now.AddMinutes(1)
$service = new-object -ComObject(“Schedule.Service”)
$service.Connect()
$rootFolder = $service.GetFolder(“\”)
$TaskDefinition = $service.NewTask(0)
$TaskDefinition.RegistrationInfo.Description = “$TaskDescription”
$TaskDefinition.Settings.Enabled = $true
$TaskDefinition.Settings.AllowDemandStart = $true
$triggers = $TaskDefinition.Triggers
#http://msdn.microsoft.com/en-us/library/windows/desktop/aa383915(v=vs.85).aspx
$trigger = $triggers.Create(8)

How to View and Run Scheduled Tasks with PowerShell?

You can list all active scheduled tasks on Windows with the command:

Get-ScheduledTask -TaskPath | ? state -ne Disabled

To get information about a specific task:

Get-ScheduledTask CheckServiceState| Get-ScheduledTaskInfo

You can disable this task:

Get-ScheduledTask CheckServiceState | Disable-ScheduledTask

To enable a task:

Get-ScheduledTask CheckServiceState | Enable-ScheduledTask

To run the task immediately (without waiting for the schedule), run:

To completely remove a task from the Task Scheduler library:

Unregister-ScheduledTask -TaskName CheckServiceState

If you need to change the username from which the task is launched and, for example, the compatibility mode, use the Set-ScheduledTask cmdlet:

$task_user = New-ScheduledTaskPrincipal -UserId woshub\j.abrams’ -RunLevel Highest
$task_settings = New-ScheduledTaskSettingsSet -Compatibility ‘Win8’
Set-ScheduledTask -TaskName CheckServiceState_PS -Principal $task_user -Settings $task_settings

If you receive the error “ Set-ScheduledTask: No mapping between account names and security IDs was done ” check that you provide the correct username.

How to Export and Import Scheduled Tasks via XML Files?

PowerShell allows you to export the current settings of any scheduled task into a text XML file. So you can export the parameters of any task and deploy a task to other computers. The task may be exported both from the Task Scheduler GUI and from PowerShell console.

Here is the command to export the task with the name StartupScript to the file StartupScript.xml:

Export-ScheduledTask StartupScript | out-file c:\tmp\StartupScript.xml

schtasks /query /tn “NewPsTask” /xml >> “c:\tmp\NewPsTask.xml”

After the scheduled task settings are exported to the XML file, it can be imported to any network computer using the GUI, SchTasks.exe or PowerShell.

Register-ScheduledTask cmdlet can help you to import task settings from an XML file and register it:
Register-ScheduledTask -Xml (Get-Content “\\mun-fs01\public\NewPsTask.xml” | out-string) -TaskName “NewPsTask”

schtasks /create /tn “NewPsTask” /xml “\\Srv1\public\NewPsTask.xml” /ru corp\skrutapal /rp Pa$$w0rd
schtasks /Run /TN “NewPsTask”

Please, note that this example uses the credentials of the account that is used to run the task. If the credentials are not specified, because they are not stored in the job, they will be requested when importing.

This windows tutorial explains we will discuss active directory windows server 2012 r2. We will see how to install active directory in windows server 2012 r2 step by step.

Also, we will see how to configure active directory in windows server 2012 r2. Then we will see how to add the server to the domain controller in windows server 2012 R2.

Install and configure an active directory in Windows 2012 r2

Follow the below steps to install and configure an active directory in windows server 2012 r2.

Now, we will see how to install and configure an active directory in windows server 2012 r2.

Open Server Manager in windows server 2012 r2. Then click on Add roles and features which will open the wizard.

Then in the add role and feature wizard, in the “Before you begin” page and click on next.

Then in the Installation Type page click on Role-based or feature-based installation which is by default. Then click on Next.

Then in the Server Selection select Select a server from the server pool radio button. Choose the server and then click on Next.

Then in the Server Roles page select Active Directory Domain Services and click on Next. Then it will add features that are required for Active Directory Domain Services?. There click on Add Features like below.

Then you can see the Installation like below:

Then the installation will over, we can add the server to the domain controller.

Add Server to Domain Controller in Windows Server R2

Now we will see how to add the server to a domain controller. Follow the below steps.

Open server manager and then click on the warning message, then click on post deployment configuration dialog box will come. Here we have to click on Promote this server to a domain controller.

Then in the Deployment Configuration page, choose to add a new forest and give a Root domain name then click on Next.

Then in Domain Controller Options page give DSRM password and click on Next.

Then Leave the DNS options page and click on next now additional options page will come.

By default, The NETBIOS domain name will get auto-populated based on the domain forest we have provided.

Then it will display the Database, Log and SYSVOL folder path, you can keep the default path or you can change. This looks like below:

Then in the Review Options page, it will display all the options like below. Click Next here.

In the Prerequisites Check page, it will check for all the prerequisites, if every prerequisites check successfully passed, we can start the installation. See the fig for references.

Once you click on the Install button, the installation will start like below:

Once the installation process will be completed and the system will automatically get restarted. Next time it will show the domain name like “TSINFO\Administrator”.

You may like the following Windows tutorials:

In this tutorial, we learned how to install and configure an active directory in windows server 2012 r2, and also we have discussed how to add a server to the domain controller in windows server 2012 r2.

Published by Jeroen Tielen on July 10, 2012 July 10, 2012

In this blog post I’m trying to explain how-to create a mandatory profile for Server 2012 and Windows 8. This is only for a clean windows installation. The Microsoft best practices are saying that you need to update the Mandatory profile after each software installation/update on the system.

The Test User

First we create a user named: Manny. This user is used to create the profile. You can name it any way you want. Don’t give it any profile. You can create a local user, but my test machine is also a domain controller, so I only can create an AD user.

Login with Manny and customize the environment. (Don’t forget to remove the PowerShell and Server Manager pinned icons in the taskbar).

Now logoff Manny. (Click in the upper right corner on the user name )

Create The Mandatory Profile Folder

Log back in with an Administrator. Copy the Manny profile to you profile share on the network. Rename the folder into: Mandatory.v2 (or any other name you like). The .v2 must be added because Windows Server 2012 and Windows 8 make use of the .v2 type profiles. (Like Windows 7 and 2008 R2)

Load The Profile Into The Registry To Edit It

Start regedit and open the: ntuser.dat from the profile.

Set The Registry Permissions

Open the permissions of the Manny profile. Remove Manny and the Administrators group. Add authenticated users, full control. The permissions would look like this:

I always check, under advanced, “replace all child object permissions entries with inheritable permissions”. Now, for VDI environments this works good. But in RDS environments the same users on the system could access the registry of other users. This can be locked down with subinacl.exe. This will be another blog post soon

Registry Changes

Search the registry for Manny en clean those value’s or change the type from REG_SZ to REG_EXPAND_SZ and add the value %USERNAME%

Delete all policies: Manny\Software\Microsoft\Windows\CurrentVersion\Policies and Manny\Software\Policies

Check: Manny\Software\Microsoft\Windows\CurrentVerion\Run and RunOnce if they are empty. Things that have to start at logon must be started via other methods like logon script/RES WorkSpace Manager/AppSense

The value’s in Manny\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders should not be touched. Because on top of that key there is a line saying: DO NOT USE THIS REGISTRY KEY. But you can change this value’s to %USERPROFILE%\etc. I had some issue’s with applications which use this key and can’t handle the variable. Then you can try to change to REG_EXPAND_SZ or contact the vendor. Because applications should not use this key anymore. Read this blog: http://blogs.msdn.com/b/oldnewthing/archive/2003/11/03/55532.aspx

Unload The Profile

Unload the profile and close the registry editor.

Open explorer and navigate to the profile. Delete the log and TM files.

Rename the NTUSER.DAT file to NTUSER,MAN. The profile should look like this:

Delete Profile Files

Delete the Local and LocalLow directory from the AppData directory.

Windows Explorer Libraries

To get the Libraries working we have to edit some XML files. Open the following file in notepad: Mandatory.V2\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

Remove the lines with ownerSID and serialized. The XML should look like this:

The last searchConnectorDescription is the public folder on a system. If you don’t want users to use this library simply remove that element. then the XML would look like this:

Do the same for Music.Library-ms, Pictures.Library-ms and Videos.Library-ms

Windows Explorer Favorites (Links)

Navigate to the Links folder in the root of the Mandatory profile. The Links folder contains Shortcuts which are presented at the top of the Windows Explorer window under Favorites. Don’t mix them with Internet Explorer Favorites. Open the properties of the Desktop shortcut. Change the target to %USERPROFILE%\Desktop

Do the same for the Download. (Recent Places, can’t be edited).

Assign The Mandatory Profile To A Test User

Now open the properties of a test account and add the mandatory profile. Don’t add the .v2, Windows will add that automatically.

Of course in a real production environment you would set the mandatory profile with a GPO.

Taskbar Pinned Icons

The pinned icons in the taskbar are stored in the following locations:

File: %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar
Registry: HKCU\Sotware\Microsoft\Windows\CurrentVerion\Explorer\Taskband

That registry key is not easy editable. Use your profile management software to roam these settings. And remove the Server Management and PowerShell icons while creating the default profile

Tips

These tricks also work on Windows 7 and Windows Server 2008 R2

The Active Setup is still in this profile. There will be a post update soon

KB ID 0001128

Problem

Now you may be thinking, “If you have your own CA/PKI solution why would you need to create a Wildcard Certificate”? If you can generate as many certificates as you want whats the point? Well today I need to setup ADFS, WAG (Web Application Gateway), and Remote Desktop Services Gateway Server. To make the whole thing wok on my test bench would be a lot less hassle if I could just use one certificate for everything!

Solution

Process carried out on Windows Server 2012 R2

Windows Key +R > MMC > > File > Add/Remove Snap-in.

Computer account > Next.

Local Computer > Finish.

Certificates > Personal > Right Click > All Tasks > Advanced Operations > Create Custom Request.

Proceed without enrolment policy > Next.

In nearly every case you can accept the default of ‘(No template) CNG Key’ However some applications (Particularly Active Directory Federation Services), need to user an older set of Cryptographic Service Providers (CSP’s). If that is the case change the option to ‘(No Template) Legacy Key’. > Next.

General Tab: Friendly Name > *..

Subject Tab: Ensure the Common Name (CN) is set toВ *. > Enter the rest of your details as shown.

Extensions Tab: Add in Digital Signature and Key Encipherment.

Private Key: Key Size=4098 > Make private key exportable > Apply > OK.

Save the certificate request > Finish >Leave the Certificate console open, (you will need it later).

Locate the certificate request you just saved > Open it with Notepad > Select ALL the text and copy it to the clipboard.

Open the web enrolment portal of your certificate services server (https://server.domain.com/certsrv) > Request a certificate.

Advanced Certificate Request.

Submit a certificate request by using a base-64-encodedВ CMCВ orВ PKCSВ #10 file, or submit a renewal request by using a base-64-encodedВ PKCSВ #7 file.

Paste in the Text > Certificate Template = Web Server > Submit.

Base 64 encoded > Download certificate.

Save the certificate, and change its name from certnew > Save.

Back in the certificate console > Right Click ‘Persona’l > All Tasks > Import.

Navigate toВ the certificate you have just saved.

Now this may seem a little odd, but having just imported the certificate, to get it in PFX format you need to export it again. Right click the cert > All Tasks > Export.

Yes, export the private key > Next.

Personal Information Exchange > Next.

Enter and re-type a password (You will need this to import the certificate so remember it) > Next.

Managed Service Accounts were first introduced in Server 2008 R2. They are a clever way to ensure lifecycle management of user principals of windows services in a domain environment. Passwords for these accounts are maintained in Active Directory and updated automatically. Additionally, they simplify SPN management for the services leveraging these accounts. In Server 2012 and above, these can also be configured as Group Managed Service Accounts which are useful for server farms. A common scenario for using a managed service account may be to run a the SQL Server service in SQL 2012.

There are a few steps involved in creating these managed service accounts on Server 2012 R2. First, there is a dependency on the Key Distribution Service starting with Server 2012 (in order to support group managed service accounts, though it’s now required for all managed service accounts). You must configure a KDS Root Key. In a production environment, you must wait 10 hours for replication to complete after creating the key, but in lab scenarios with single domain controllers, you can force it to take effect immediately:

Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

Once the key has been created, you can create a managed service account from a domain controller. You will need to import the AD Powershell module. We’ll create a MSA named SQL01MSSQL in the contoso.int domain for use on a server named SQL01

New-ADServiceAccount -Name SQL01MSSQL -Enable $true -DNSHostName SQL01MSSQL.contoso.int

Next, you’ll need to specify which computers have access to the managed service account.

Set-ADServiceAccount -Identity SQL01MSSQL -PrincipalsAllowedToRetrieveManagedPassword SQL01$

Lastly, the account needs to be installed on the computer accessing the MSA. You’ll need to do this as a domain admin and the AD Powershell module installed and loaded there as well:

Enable-WindowsOptionalFeature -FeatureName ActiveDirectory-Powershell -Online -All

You can now use the MSA in the format of DOMAINNAME\ACCOUNTNAME$ with a blank password when configuring a service.

Every site hosted on a server running an operating system contains a host file that helps in mapping domain names and IP addresses. The hosts file contains IP addresses followed by a domain name (separated by a space). For instance, if you want to reach www.google.co.in, the hosts file on Google’s server will contain the IP address 216.58.218.131 followed by the url www.google.co.in. Whenever there’s mapping of the IP address with the domain name in the hosts file, the computer will not query the DNS server to establish a connection with a remote device, but directly read the IP address from the hosts file to process the request. Every OS has a hosts file and you can make amendments to allow it to accept more domain name requests. Add the desired mapping entries and the changes will start working without rebooting the server. This blog post takes you through the paces on how you can modify and configure the hosts file on windows server.

How to modify & configure the hosts file on Windows Server –

Why Hosts File Modification?

Hosts file modification is done to trick the server into resolving to specific IPs. The method is extremely useful when your website, though hosted on a server, is still in the developmental stage and name-servers are not pointed anywhere. It is also used to block particular websites.

Configuring the Hosts File

1. Run Notepad as Administrator

The hosts file is a system file, you cannot modify or configure it as a simple user. You need administrator level permission to make the changes, therefore, run Notepad as an administrator. Do this if you are working with Windows Vista or higher, but simply open the Notepad if you have Windows XP or anything before that. Locate Notepad in the Start menu, right-click on it and select the “Run as administrator” option.

2. Locate Hosts File

After opening Notepad as an administrator, locate the hosts file. It is usually located at c:\windows\system32\drivers\etc\hosts , but not all Windows versions store it in the same place. In case you do not find it, explore other possibilities:

• Windows 95/98/Me -> c:\windows\hosts
• Windows NT/2000/XP Pro -> c:\winnt\system32\drivers\etc\hosts
• Windows XP Home/Vista/Windows 7 -> c:\windows\system32\drivers\etc\hosts
• Windows 8 -> c:\windows\system32\drivers\etc\hosts
• Windows 10 -> c:\windows\system32\drivers\etc\hosts

After locating the hosts file, switch to Notepad and click “File”, then “Open…”. Hosts file is not a standard .txt file that Notepad looks for by default, you will have to do a bit of troubleshooting to make the file appear in the dialog box. Change the dropdown option displaying “Text Documents” to “All Files(*.*)” Now that you see all files, navigate to the hosts file, double-click it, and it will open in the Notepad.

3. Overhaul Windows Defender (Windows 8)

Windows Defender running on Windows 8, by default, prevents the modification of the hosts file. You have to change the configuration of Windows Defender so it can allow you to edit the hosts file.

• Search for Windows Defender through the navigation bar and click to launch the application.
• On the launch tab, click on ‘Settings’.
• Type the location of the hosts file, which is c:\windows\system32\drivers\etc\hosts .
• Click on the Add button to append it to the list beneath file locations.
• Save the changes by clicking on the option located at the bottom right, and then close the app.
• You can now edit the hosts file by following instructions given above.
• After making the edits, save the file to complete the hosts file edit.

4. Get Administrative Permission to Modify (Windows 10)

In Windows 10, you must access text editor as an administrator to carry out the necessary changes to the hosts file. To do that, you may have to log-in as an administrator to be able to save your changes.

5. Locate Associated IP Address

The IP address is easily traceable. It is located within the cPanel through the following steps:

• Log into cPanel
• Click the “Expand Stats” section to the left of the screen to see more information about your account.
• Scroll down to “Shared IP address”/”Dedicated IP”. Copy or note the IP to modify your host file.

6. Modify the Hosts File

After getting the IP address from the cPanel, add a few lines to your hosts file, including the IP address and domain name. It will look like

123.45.67.189 www.yourdomain.com

Save the changes by clicking on “File”, then “Save”. The hosts file configuration is complete.

7. Test the Modified File

Now that everything is complete, it is time to test the changes. Type in the URL and see if you are redirected to your new site. In case the site does not reflect any changes after being moved, run a ping test to ensure it is directing to the correct IP address.

All Configured and Ready to Deploy!

Hosts file is a powerful tool that you can use to manipulate Domain Name Resolution to suit your needs. Additionally, you can use it to block malicious programs to ensure your computing environment is a lot more secure. I2k2 Networks (P) Ltd. is one of the leading data center, hosting and technology services company providing comprehensive expert server management, hosting solutions, and 24/7 no-obligations assistance. To know more about our comprehensive range of dedicated web hosting services and managed IT services, give us a call at +91-120-466 3031. You can also contact us by filling out the contact form and one of our executives will get in touch with you, shortly.

Offline domain join scenario overview

Offline domain join is a new process that computers that run Windows® 10 or Windows Server® 2016 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network.

For example, an organization might need to deploy many virtual machines in a datacenter. Offline domain join makes it possible for the virtual machines to be joined to the domain when they initially start after the installation of the operating system. No additional restart is required to complete the domain join. This can significantly reduce the overall time that is required for wide-scale virtual-machine deployments.

A domain join establishes a trust relationship between a computer running a Windows operating system and an Active Directory® domain. This operation requires state changes to Active Directory Domain Services (AD DS) and state changes on the computer that is joining the domain. To complete a domain join in the past using previous Windows® operating systems, the computer that joined the domain had to be running and it had to have network connectivity to contact a domain controller. Offline domain join provides the following advantages over the previous requirements:

• The Active Directory state changes are completed without any network traffic to the computer.
• The computer state changes are completed without any network traffic to a domain controller.
• Each set of changes can be completed at a different time.

There is a new tool included with Windows Server 2012 R2 / Server 2016 and Windows 8 / 10 called Djoin.exe.

There are any number of circumstances where you may want to have a client computer join to a domain when they have no access to a domain controller.

On example might be if you are creating a new branch office and the servers are not functional yet in that location, but you would like to begin rolling out the clients.

1 – On the Windows Server, open CMD and type :

• Windows = your Domain name
• CLIENT-10 = PC Client

djoin /provision /domain “Windows” /machine “CLIENT-10” /savefile win10blob.txt

If the djoin /provision command completes successfully, you’ll see your new Clients PC account in the Computers container in AD.

(Please Refer to the Pictures)

2 – Browse to in C:\Djoin, and look for Win10blob.txt file.

Transfer Win10blob.txt file to CLIENT-10 client PC.

3 – On the CLIENT-10 PC, confirm that it still in workgroup.

Paste the Win10blob.txt that you copy previously from the server (any domain member PC) into local admin profile (for this Demo i copy into Windows 10 System32 folder (not the best practice).

4 – On the client PC, open CMD and type: and then restart the PC. (Please Refer to the Pictures)

djoin /requestodj /loadfile C:\Windows\System32\win10blob.txt /windowspath c:\windows /localos

5 – Once your Client PC restarted, open System Properties and confirm that your Client PC is now a member of your domain.

Please take note : You’ll only be able to logon with a domain account for the first time if there’s connectivity to a DC.

that’s all for now. any Doubts type a commend.. 🙂

The process of creating a forest root domain is important in understanding the foundation of Active Directory. Because the forest root domain is the first computer in a computer network, it’s crucial for system administrators to become comfortable with the installation process.

I will walk you through the installation of |server member services| Active Directory Domain Services, DNS S erver, and DHCP S erver. This is a good learning project for MSCA certification seekers as well as current system administrators wanting to brush up on installing and configuring a new server.

There are two ways that we can accomplish this. We can either use a PowerShell script, or we can use the GUI. A PowerShell script is a set of commands run in PowerShell, where as the full GUI, or graphical interface, allows the user to click through a list of options. Let’s take a look at each option.

PowerShell script

To use a PowerShell script, let’s do the following:

Step 1 If you do not have Windows Server 2012 R2 Server Core installed, first install it on server. Otherwise, open the command prompt.

Step 2 Use the script pictured below made of PowerShell cmdlts. It will complete the installation and promotion of forest root domain.

Let’s examine this script line by line.

• Import-Module ADDSDeployment– This line will import ADDS Deployment services that provide access to deployment commands.
• Install-ADDSDomainController– The cmdlt here installs your domain controller.
• NoGlobalCatalog:$false– This enables the domain controller to be a global catalog. A global catalog is a data repository that contains a partial representation of every object in every domain for easier, faster searches.
• CreateDnsDelegation:$true– This sets the installation value of DNS delegation. DNS Delegation divides up the namespace into one or more zones which can be replicated to other DNS Servers.
• CriticalReplicationOnly:$false– Here, the critical replication option is being set to false. Critical replication is an option that allows for the replication of only critical files before reboot.
• DatabasePath “C:\Windows\NTDS”– This cmdlt tells us the location of the database.
• DomainName “corp.tailspintoys.com”– Here, you set the domain name of your domain controller.
• InstallDns:$true– Now the installation of the DNS is done.
• LogPath ”C:\Windows\NTDS”– This is where the DNS log files are located.
• NoRebootOnComPletion:$false– This line allows for the system to reboot after the installation process is done.
• ReplicationSourceDC “WIN_DCDGDPPBU9S.corp.tailspintoys.com”– This names the source domain controller to be replicated.
• SiteName “Default-First-SiteName”– The line sets the default site name of a member server or workstation.
• SysvolPath “C:\Windows\SYSVOL”– Here is where the system volume is located.
• Force:$true- This will force optimizer to use a hash match type join for all the join operators

Step 3 Run the Script

Go to command prompt, and type powershell.exe and hit Enter. You should see a blinking bar (cursor). This is where you paste in the cmdlets pictured in the script above. Press Enter.

Now you’ve successfully used your PowerShell skills to create a forest root domain.

Let’s walk through how to use the GUI to accomplish the same task of creating a forest root domain.

1. Install Windows Server 2012 R2 with full GUI.
2. In Server Manager, pick and set the Server name.

• In the right hand panel, locate the Local Server tab
• Click on the computer name.
• In the System Properties pane next to Computer description, type in a description of your server. Click Change.
• In the Computer Name/Domain Changes window under Computer name, pick and type in the computer name.
• Under Member of, select domain and enter the domain name.
• Click Cancel.
• Click OK.

3. Next, let’s install member services (Active Directory Domain Services, DNS, DHCP).

• Click Server Manager.
• Click Manage.
• Go to Add Roles and Features.

In Roles and Feature Installation Wizard, go to the following tabs and follow the directions below:

• Before you Begin: Click N ext
• Installation Type: Choose option Leave Default Role Base, then click Next.
• Server Selection: Choose option L eave to Server, then click Next.
• Server Role: Choose (DHCP server, DNS server, Active Directory Domain Services) always select Add Features, Click Next
• Features: Click Next
• Confirmation: Select Restart the destination server automatically if required. Click Install
• Results: You should see the text “all Roles and Features are Installed”.
• Click Promote Server to Domain Controller

4. Once you’re done with the Roles and Feature Installation Wizard, the Active Directory Domain Services Configuration Wizard will pop up. Go to the following tabs and follow the directions below:

• Deployment Configuration: Choose option Add a New Forest (your root domain name.com) then click Next
• Domain Controller Options: (server 2012)=(complex password) Click Next
• Additional Options: (net bios domain name) this is the same as root domain minus the .com
• Paths-default: Click Next
• Review options: Click Next
• Prerequisites Check: Click Install
• Installation takes about 20 minutes to complete
• Results all server roles install

By following these steps, you will have created a domain controller, installed member services, promoted a server to domain controller, and completed the initial startup configuration. Creating and promoting a domain controller to a forest root domain is the first step in creating a forest. And with that, you’re on your way to using Active Directory to help you manage your domain networks.