Archive

Posts Tagged ‘Windows Server 2012’

Creating an Active Directory Domain on Windows Server 2012

I am back again at the task, which I have likely performed too many times – that of creating a new Active Directory domain (and a domain controller) to join a set of virtualized lab machines to play around with. Only difference being, this time it is on Windows Server 2012. The overall experience is much the same with some minor differences.

This article is an exceptional resource for learning how to do this. All I do here is simplify it to the bare bones linear procedure required for the mentioned purpose.

I am doing this on a Hyper-V virtual machine hosted on a Windows 8 based Virtualization Server. The VM has 512 MB of RAM allocated and Windows Server 2012 was installed and a few networking related pre-requisites tasks were checked off in readiness for this. Most importantly, the virtual machine was set up to use a virtual switch created on Hyper-V to allow communication between all VMs connected to it. A static IP was assigned to the machine.

clip_image001

Started with the new Server Manager dashboard and chose to "Add roles and features"

clip_image002

The friendly Before You Begin screen that I always skip but not by default because it gives me quick link to the Remove Roles wizard. Clicked on Next >.

clip_image003

On the next screen you get to choose to install the role or feature on choose to install remote desktop services (RDS) which allows you to connect to virtual or session-based remote desktops where efficient, centralized, pooling and management of resources can be made possible. To learn more about these options, refer to this TechNet Article. It is also important to note that RDS and AD DS cannot be installed on the same server.

Chose Role-based or feature-based installation and hit Next >.

clip_image004

The following screen gives you the ability to pick a server from the pool. Since I have not added (and in fact do not even have to add) any other servers on this pool, I chose Next > to move on with the default selection. Adding servers to the pool will require going back to the Server Manager and choosing the option Add other servers to manage.

clip_image005

Next step, select to install Active Directory Domain Services.

clip_image006

Upon selection, the wizard presents a list of additional features required to run AD DS. There is really no choice about this. If you want to install AD DS, these are required. You can arguably skip installation of management tools but really, why would you? Clicked on Add Features to move on.

clip_image007

The following screen is the Add Features page and a couple are pre-selected – Group Policy Management and Remote Server Administration Tools. There are other eye-catching options but we shall not lose our focus here. Clicked Next > to move on.

clip_image008

Some best practice guidance and pointers are presented. Important to note here is how the wizard tells you that you will be prompted to install the DNS role on the server during the process. Clicked Next > again.

clip_image009

The next screen presents a summary of selections made. I selected to restart the server after installation if required and said Yes on the warning screen as well. I then went ahead and clicked Install to add the role.

clip_image010

And done. Clicked on Close to exit the wizard.

clip_image011

But now we see this in Server Manager on the AD DS node. All we did was add the role. We did not configure the server as a domain controller (DC) and that’s what this is all about. Clicked on the More… link.

clip_image012

The below is what you are shown. The substitute to good old "dcpromo". Clicked on Promote this server to a domain…

clip_image013

Since there is no existing setup, I added a new forest and chose a domain name to give it. Clicked Next >.

clip_image014

Quick notes on the next screen:

a. Chose no backward functional level compliance.
b. Selected to install the DNS Server role
c. The first DC in a forest is automatically a global catalog and cannot be read-only (no choice here).

Provided matching restore mode passwords and hit Next >.

clip_image015

Since there is a no authoritative parent zone for the server, DNS delegation cannot be configured. For a localized environment, this is just fine so hit Next >.

clip_image016

If you do choose in the above screen to see more information, the following is what you are presented. Essentially, this domain is not discoverable from anywhere and for what I am doing, that is just fine.

clip_image017

After jumping across those hurdles above, you end up on this screen where you choose the NETBIOS name for the domain. Was happy with the selection, so hit Next >.

clip_image018

The next screen is about where the files will go. Never messed with this before. No reason to start now. Hit Next >.

clip_image019

The following is a review screen. You can click on View script to view the PowerShell to run the configuration. I always keep the PowerShell even if I don’t intend to run it.

clip_image020

Here’s the PowerShell.

clip_image021

I hit Next > on the wizard to continue without the script.

A prerequisite check is performed.

clip_image022

A couple of warnings – one we have seen before but overall, ready to move ahead. Clicked on Install.

clip_image023

And since installation was successful, we need a computer restart.

clip_image024

When back, the picture in Server Manager looks different. We have the roles added and the server is now a domain controller in the new AD forest I created.

clip_image025

That’s it for now. I have big plans for this server to be realized soon and will probably post my notes on it.

Installing Windows Server 2012 on a Hyper-V virtual machine

March 29, 2013 1 comment

Installing Windows Server 2012 is a pretty straight-forward exercise akin to installing any of the latest Windows client operating systems. In this post the focus is on installing the OS on a Hyper-V virtual machine which once the disk is correctly mounted, is exactly the same as installing on a physical machine.

If you do not have a Hyper-V virtual machine yet and would learn how to create one, refer here. If you already have a virtual machine with a blank virtual hard drive ready for installation, the following would be the step by step method.

Within Hyper-V manager, selected the virtual machine target from the list and clicked on "Connect".

clip_image001

And once the VM window popped up as below, verified that the ISO file containing the OS I am about to install is still mounted as a virtual disk on the VM

clip_image002

Since this is good, clicked on the "Start" button to launch it.

clip_image003

If the ISO is a good bootable OS disk the following screen should appear indicating launch of the Windows Server 2012 installer. It is now about making the right selections and getting the OS installed. Clicked "Next".

clip_image004

Clicked "Install Now"

clip_image005

Entered the product key and clicked "Next".

clip_image006

And since I am not cool enough yet to work just with the Core, selected "Server with a GUI" option and hit "Next".

clip_image007

Next screen, License Terms – read (skimmed really), accepted, clicked "Next".

clip_image008

Next, you get to select the kind of installation you want to proceed with. You have two options one of which – "Upgrade" is not valid because it is only applicable when there is an existing version of Windows running on the machine on which you’re currently running the installer. Since we started with a blank VM, there is nothing to overwrite. Therefore, the obvious choice to make here is "Custom". Clicked on the "Custom" button to move on ahead.

clip_image009

Due to the simplicity of what this machine will need to do, I have desisted from my favorite pastime of making drive partitions during OS installation and chosen the virtual hard drive in its entirety to serve as the OS partition. Clicked "Next".

clip_image010

And off we go. The installation procedure could take a while. In my case it took 7 minutes.

clip_image011

When done, you get to provide the Administrator password for the machine. Now this is something I have done in the past and forgotten to set the domain policy later on to not expire. It gets painful when the password expires and you need to change it. This time hopefully, I will remember to configure and document the steps to set the administrator password not to expire. Typed in a safe password here and hit "Finish".

clip_image012

Done.

clip_image013

Logged in for the first time and here’s what we have

clip_image014

Setting up a virtual switch for a Hyper-V network

March 29, 2013 13 comments

This post speaks to how to set up a virtual switch to be used as the network over which several virtual machines can communicate. We start by launching the Hyper-V Manager application and choosing the "Virtual Switch Manager" from the "Actions" menu on the right

clip_image001

There are three types of virtual switches available – External, Internal and Private.

  • External allows you to connect your VMs to each other and to the physical host machine. It requires a physical adapter on the host machine that will be used to communicate with the physical network that the host is connected to.
  • Internal allows communications between the VMs and the host operating system. It does not require a physical adapter on the host machine and will not allow communication with any actual physical network.
  • Private only allows communications between the virtual machines. It does not allow any communication of the VMs with the host operating system.

Setting up an Internal connection type

Since I may require some transfer of information between the host and the guest operating systems, I decided to use the "Internal" virtual switch type. From past implementations, I have seen that you can change the nature of the virtual switch later but will need to restart the Virtual Machines to reflect changes.

Especially if you are switching to or from the "External" type, it will affect the connection on the host because Hyper-V switches out the physical adapter on the host so that the host operating system may start using a virtual adapter as well. This is because the way the networking works is that the host operating system is no longer allow to use the physical adapter on the host machine once an "External" switch has been configured. A new virtual adapter is installed on the host that becomes the outlet of communication for the host OS. The VMs and the host OS all communicate with the virtual switch through their individual virtual adapter which then routes communication to the other machines for internal conversations and out through the physical adapter on the host machine for external communications.

Made the selection and clicked on "Create Virtual Switch"

clip_image002

Gave the switch a name and chose not to use a VLAN identifier for the host operating system. Clicked on "OK"

clip_image003

And that’s all there is to it for an Internal switch type. At this point, a virtual machine configured to use this connection should be able to communicate with other virtual machines configured to use it and the host operating system given the static IP address allocated to the virtual adapter on the VM is in the same subnet as the host.

To understand how to set this up so that files can be interchanged between the guest and the host, refer to this post on the topic.

Now if you wanted to have your virtual machine have the ability to communicate over the physical network on the host, meaning the ability to access the Internet and so on (assuming your host machine can), an "External" switch will be required.

Setting up an External connection type

An important thing to note about the "External" switch is that it affects the network set up on the host machine as well. Once an "External" switch is set up, the host operating system is no longer able to communicate directly with the physical adapter. Instead, all machines, physical and virtual will use a virtual adapter to communicate with the virtual switch which then routes traffic among machines or in and out through the physical adapter.

clip_image004

Setting up an External Connection Type

So to be able to compare the before and after scenario, here’s the state of the network adapters on my host before I used the "External" switch type. This picture represents the set up at the end of the "Internal" switch type configuration above.

clip_image005

The vEthernet adapter is the Virtual Switch that the "VirtualNet" network I set up above uses. Doing an ipconfig yields the following showing that the vEthernet adapter is unconnected and the host OS is currently connected through the WiFi adapter to the physical network.

clip_image006

Now to change the VirtualNet network type to "External", I went back to the Hyper-V Manager, launched the Virtual Switch Manager and selected the existing "Internal" network called "VirtualNet" that I created above. I changed the "Connection Type" to "External network" and selected the adapter from the drop down that is connected to the physical network. Then clicked on "Apply".

clip_image007

The following warning is presented. This is expected because changes are being made to the network adapters on the host machine. Clicked on "Yes" to apply changes.

clip_image008

And here is the after picture. The WiFi adapter now appears bridged through the Network Bridge added to the picture. The vEthernet adapter on the other hand is now connected to the physical network.

clip_image009

ipconfig now shows the following output

clip_image010

And the multiplexor network bridge properties show the following

clip_image011

A virtual machine set up to use this connection now should be able to tunnel through to the physical connection on the host. One thing to ensure is that the virtual machine is able to accept a DHCP assigned IP. If it has a static IP, you may need to switch it to automatically acquire IP and DNS settings. That done, you should be able to browse the Internet through the virtual machine and DNS resolution would work just fine.

Turning on the Desktop Experience feature in Windows Server 2012

October 15, 2012 2 comments

For certain video related features such as automatic generation of thumbnails in SharePoint Server 2013, it is required that the Desktop Experience feature be installed on Windows Server 2012. The Desktop Experience feature consists of such tools as Windows Media Player, AVI support for video playback etc. and it is likely that one or more of these is used in thumbnail generation although I have no way to say for sure. For a complete list of items included in the Desktop Experience feature, refer here.

In any case, I tried to go ahead and use Server Manager to add the feature like I used to do with Windows Server 2008 R2. What is surprising is that in Windows Server 2012, this feature is not listed among features that can be added through Server Manager.

clip_image001

After digging around a little bit, I found that you can use the Deployment Image Servicing and Management (DISM) tool to achieve this. To do this run the command prompt as an administrative user on Windows Server 2012 and run the following:

dism /Online /Enable-Feature /FeatureName:DesktopExperience /All

The "Online" switch enables the tool to target the running instance of the operating system instead of an image. The "Enable-Feature" command is self-explanatory. The "FeatureName" parameter followed by a colon is to be followed with the name of the feature which is, "DesktopExperience". The "All" switch specifies that all parent features of this feature also be installed.

After installation, the tool will prompt to restart the server. This can be suppressed using the /NoRestart switch at the end of the above string but it is recommended if you want to use the features to complete the installation process through a restart.

Once restarted, the following additional tiles should appear on the start menu indicating that the installation was successful.

clip_image002

Just another SharePoint VM–Part 2–Setting up the service accounts

October 10, 2012 Leave a comment

If you have not already checked it out, the installation and configuration of Windows Server 2012 on a new VM has been published in Part 1. We shall now progress on to setting up required service accounts before going on to install other software components and prerequisites for SharePoint.

When you install SharePoint, it is recommended that you create service accounts as which each of the several services – not only those of SharePoint but also those of SQL Server – may run. For SharePoint 2013, the required service accounts are enumerated in this TechNet guidance.

In order to create these service accounts, we’ll use the Active Directory Users and Computers tile on the Start Menu shown below:

clip_image001

When in the management console, expand the local domain, right click on the "Managed Service Accounts" branch and drill down the "New" option to create a new "User".

clip_image002

The first one we’ll create is a service account to run the SQL Server service as:

clip_image003

The following settings relating to the password policy are what I typically use to ensure that service account passwords do NOT expire and cause the services to stop unannounced.

clip_image004

Follow this up with a few more accounts:

1. To use as the SharePoint setup user – the low privilege account that we shall install SharePoint as – we shall call this "SP Setup"

2. For the farm account – the one that SharePoint application pool is going to use – we shall call this "SP Service"

3. The account using which to run the service applications after installing SharePoint – we shall call this "SP Services"

When done, you should have the following:

clip_image005

Next we need to add the SharePoint setup service account – known as SP Setup above to the local Administrators group on this server. To do this, right click on the user and choose "Properties". Go to the "Member Of" tab and click on the "Add…" button. In the "Select Groups" dialog, type "Administrators" into the object names to select box and click on "Check Names" to resolve it.

clip_image006

Click on "OK" on the "Select Groups" dialog to see the group added to the list of those that the user is a member of. Click "OK" on the Properties dialog to complete. After we have completed installing SQL Server 2012 on the machine, we will need to add a login to SQL Server for this user and add them to a couple of roles – securityadmin, dbcreator and db_owner.

NOTE: The documentation says you only need the db_owner role if you run powershell cmdlets using this account that affect the database which I usually do require.

NOTE: We do not do any of this for the SharePoint Farm account – known above as SP Service – because during SharePoint Configuration, this account should automatically be given the required database privileges.

We can now progress on to installation of SQL Server 2012 and SharePoint 2013.

Read about installing and configuring SQL Server 2012 in readiness for SharePoint 2013 in Part 3.

Just another SharePoint VM–Part 1–Installing Windows Server 2012

October 10, 2012 2 comments

Of a whim, I just wanted to start again to build a VM to learn something new. Being a SharePoint guy that hasn’t yet started playing with SharePoint 2013, that was my natural choice. But that wasn’t the only choice to make. Before, I started installing SharePoint 2013 Preview on a VM, I had to make a choice of what VM technology to use and what guest operating system to install on it. Since Windows VM is not an option with 64-bit guest operating systems, I tried my next best bet which I have used before – Oracle VM Virtual Box.

I then had to figure out if I wanted to do what was tried and tested – Windows Server 2008 R2 or go to Windows Server 2012 and see what I can figure out. I chose the latter – just so I can learn something new as opposed to just following instructions others had written down.

I shall not go into the details of how I set up the VM and so forth here – it is a pretty standard experience on VirtualBox. I will mention however that I started with 6 GB RAM. Not sufficient for even a simple single server installation of SharePoint 2013 by any means because the Microsoft recommendation is 24 GB. But with only 8 GB RAM on my host machine and several thousands of dollars short of buying my own blade server, it was the best I could do. Also, I used a dynamically expanding disk set to a maximum size of 100 GB.

The Windows Server 2012 installation experience doesn’t change at all from other versions of Windows – client or server. If anything, it is closer to the standard Windows Client operating system installation experience. Select a language, select an installation type (keep data or new install), select a disk, select an administrator password and done.

When you’re done installing and first login (through a metro style interface), the server manager launches with the below information.

clip_image001

The above is what you see after you’ve just installed Windows Server 2012 and logged in – the new Server Manager view. The following is the list of features and roles that are already turned on:

clip_image002

clip_image003

clip_image004

Next steps

1. Changed the time zone – I am not going into how to do this – everybody knows.

2. Turned off IE Enhance Security Configuration for Admins and Users – again, very simple to get to from the server manager view – just click on the link:

clip_image005

3. The network that the host computer was connected to was auto-detected and configured to be shared in – no problems there.

clip_image006

4. Kicked off the start menu to check what was there and here’s what is available to begin with – simple and minimalistic:

clip_image007

5. Launched IE 10 – yes, IE 10. Since I haven’t done this on Windows 8, the first thing I did was point it to www.html5test.com. Why am I obsessed with this incomplete standard? No reason. Just cause. Still nowhere close to Chrome.

6. Changed the machine name to "DEV" and restarted for the changes to take effect.

7. Disabled the firewall for both private and public network – again very easy to do through the link on the server manager view.

8. Ever tried restarting Windows Server after Windows Update? That’s what I did next. 88 seconds to the login screen after restart. That is super fast compared to what I am used to. Very impressive!

Adding Roles

Next thing I wanted to do was add the Active Directory Domain Services role. Start by clicking on the "Add Roles and Features" link on the Server Manager dashboard

We start with the Before you begin screen which we always skip anyway. One thing to consider here is the assignment of a static IP to the machine. Especially since we intend to promote the machine to domain controller and that will require DNS setup. I have however deferred this to see if and how I’ll be prompted.

clip_image008

Next, we have something new. You can choose to install roles on a physical machine or a VM.

clip_image009

Next, since you are able to add multiple servers to the management dashboard, you are required to pick the server to add the role to:

clip_image010

Back to Windows Server 2008 familiarity on the next screen – select the AD DS role and moved on

clip_image011

Additional features required by AD DS are displayed

clip_image012

Click on "Add Features" and moved on by hitting "Next" on the Server Roles screen. The Feature selection screen is displayed.

clip_image013

Made no additional selections here and moved on. Here is where we get told that a DNS Server is required on the network and if one doesn’t exist, you will be prompted for the role on this machine which will obviously occur.

clip_image014

Just one change on the confirmation page allowing you to select to restart the target server if necessary. Checked it and clicked "Install".

clip_image015

After installation, something else that is different is there is a link available on the Results page to promote the machine to a domain controller. Nice! Not that it took me very long to “run dcpromo” but still a nifty little convenience. Clicked the link.

clip_image016

The Configuration Wizard is launched and we are asked for a domain to join. Created a new forest:

clip_image017

Some quick choices follow. Since it is going to be a standalone machine, I chose to keep the functional levels to Windows Server 2012. Since a DNS would be required, kept that checkbox checked. You don’t get a choice with GC which it will automatically be and since it is the only DC, it cannot be an RODC. Chose a restore password and moved on.

clip_image018

On the next screen showed up a warning relating to how DNS delegation will not be possible without an authoritative parent zone. Hit "Next" and moved on.

clip_image019

Chose a NETBIOS name on the next screen and went on.

clip_image020

The next few screens are about selecting where the files go, review the options selected, getting the Powershell script if you are interested which I just hit "Next" through.

On the prerequisites screen is where we get warned about the DNS requiring a static IP address. Ignored all warnings and went on to hit "Install".

Installation went successfully and the machine restarted per choice made in earlier screen. After restart, back to the server manager – I like how it adds the new roles to the navigation on the left for quick configuration.

clip_image021

At this point, we have Windows Server 2012 setup and configured and are ready to move on to the next step – that of installing SQL Server 2012. However, before we move on to that, there is the small matter of putting in place, the service accounts we’ll need to use for SQL Server and SharePoint.

Read about setting up the required service accounts in Part 2.

%d bloggers like this: