Skip to main content

Creating a Domain Controller

The following is a short guide for promoting a Windows Server 2012 Machine to be a domain controller. This assumes that there is no existing forest or domain. My reason for doing this is to create a test enviornment using virtual machines on Oracle Virtual Box. I'm planning to setup an AlwaysOn Availability group.

One of the prerequisite to creating an Always on Availability group is a Windows Server Failover Cluster (WSFC). To set up a WSFC I need a domain. Hence why I’m creating a domain controller.  In future posts we will look creating an availability group

I have used Oracle Virtual box to create a server in my domain. I have used the same process previously using VMWare Workstation.

I'm going to assume you have run through create Virtual Machine  wizard and generated the VM configuration. With the Windows Server ISO  mounted and you have run through the install.

First you will configure the Windows Server. Set and Administrator Account and click Finish.

 

Admin Account

 

If your using a Virtual box you can press the host key + del (my host key is the right-hand Ctrl button) to send a Ctrl+Alt+Del to the VM guest

Log in to the VM using the password entered during setup.

Dcpromo has been deprecated, so if you have done this before using that command, you have a couple of options.

In this post we will be using Server Manager (UI).

Change the Computer Name

Click on the Server Manager Button in the start bar

Server Manager

 

Then click on the Local Server Option in the left-hand menu

Click on the Computer Name

Local Server

Click on the Change button on the Computer Name tab and enter a meaningful name for the Domain Controller. I have called my GREDC

Change computer name

Changing the name requires a server restart, click Restart Later if prompted. We will change the IP address first

Set IP address

Right-click on the Network icon in the tool bar and click Open Network and Sharing Centre.

Click on Change adapter settings.

Right-click the Network adapter and chose Properties

Click on the Internet Protocol Version 4 (TCP/IPv4) option and then click the Properties button

I set the IP Address to be 10.10.10.1 accepted the default settings for subnet mask and set the preferred DNS Server to be 10.10.10.2 then click OK

Restart the VM

Reboot the VM

Install the AD DS Role

From the Server Manager Dashboard, click on Add roles and features.

Click next on the first screen of the wizard

Ensure that the Role-based or feature-based installation option is selected (it should be the default) and click Next

Ensure that the Select a server from the server pool option is selected and the server we have been working on is highlighted. Click Next

Add role and features

Click on the Active Directory Domain Services role. You will prompted with a message that says other roles and features need adding. Click Add Features

Add additional roles

You can accept the default on the Features tab and click Next.

On the AD DS page click Next

On the Confirmation screen click Install Wait patiently while the wizard runs.

You'll get a screen that look like the following when the install succeeds

Add roles and features complete

You will see a yellow explanation warning on the Server manager toolbar. Click the warning and you will see there is a post-deployment configuration needed. Click the link to promote this server to a domain controller

clip_image007

This will start the Deployment Configuration Wizard

clip_image009

Click on Add a new forest and give your root domain a valid name

clip_image011

You can then set the functional level of the domain. I accepted the defaults here which is Windows Server 2012 R2. If you have a reason to choose a different functional level you can do so using the drop-down list. Click Next

clip_image013

On the DNS Option page, as this is a root level domain you will  get warning, you can just click Next here

clip_image015

The wizard will show you the NetBios name which it would have established from the domain name we entered earlier in the wizard.

clip_image017

I am happy to accept the default location for the database, log and SYSVOL locations. You can change these if you wish. Click Next

clip_image019

You will get an opportunity to review the options here and view the PowerShell script that you can reuse to recreate the DC if needed. Click Next

clip_image021

The pre-requisites review can take a few seconds to run. You will get a few warnings that for the purposes of demo domain I'm happy with.

clip_image023

Click Install and the virtual machine will become a domain controller.

The purpose of this post is to create a domain controller, which will enable me to create a Windows Server Failover Cluster (WSFC) later on. Using the Windows Server Failover cluster I will then implement an AlwaysOn Availability Group.

View our SQL Server and Cloud consulting pages for information on our SQL Server Consulting page.

Comments

Popular posts from this blog

SQL Server 2012 and Virtual Service Accounts

This post is written by David Postlethwaite
If you are using SQL Server 2012 you will probably have noticed that the default account for the SQL services has changed from that used in previous versions. With SQL 2005 and 2008 the default account for SQL service and SQL Agent service was “NT Authority\System”. This is one the built in accounts on a Windows machine, managed by the machine and selectable from a dedicated dropdown list

The Network Service account was introduced in Windows 2003 as an alternative to using the LocalSystem account, which has full local system privileges on the local machine, a major security concern.
The Network Service has limited local privileges easing these security concerns but when many services on a machine use the Network Service account it becomes harder to track which service is actually accessing resources and performing actions, because all the services are using the one Network Service account.
Also, this account, by default, has sysadmin per…

Always Encrypted

By David Postlethwaite

Always Encrypted is new features in SQL Server 2016 and it is also available in Azure SQL Database. Here you can encrypt columns in a table with a master key and a certificate so that they will appear as encrypted strings to those who don’t have the required certificate installed on their pc.
Once the certificate is installed on the computer then the unencrypted data can then be seen as normal.

The data passes from database to your application as the encrypted value, only the application with the correct certificate can unencrypt the data so it is secure across the wire. This will go some way to resolving the concern of people worried about putting their sensitive data on a shared server in the cloud such as Microsoft Azure and accessing the data across the Internet.

At the time of writing Always Encrypted is only supported with ADO.NET 4.6, JDBC 6.0 and ODBC 13.1 but expect other driver to become available.

The calling application (including SSMS) must also hav…

New in SQL Server 2017: Graph Databases

David has recorded and published a video of his presentation on SQL Server Graph Database. In his video which you can watch below, David provides an excellent introduction into SQL Server 2017 Graph Databases. In his presentation he looks at Tennis results at tournaments for  his favourite player "The Fed"  Rodger Federer.

David  shows how to set up graph database and work with them in SQL Server 2017.

Graph Database is not new. Other vendors have had graph database capabilities for some time so Microsoft are quite late to the market. In David presentation it appears that Microsoft have done a reasonable job of implementing some of the graph database features but he does point some of the limitations of the Microsoft product too and suggests that it is not ready for production yet but Microsoft seem serious about this feature.

Please watch the video and feel free to leave a comment or feedback - David is delivering a version of this talk on Graph databases in SQL Saturday Ka…