Now that we’ve got our virtualization platform in place it is time to start building our network. We’ll start off with one of the great new features of Server 2008. Server 2008 comes in 2 different flavours, in addition to picking Standard, Enterprise and Datacenter. First off is your regular Full version of Server 2008. You get your GUI and everything else with that. Then comes Core. Core is a stripped down version of Server 2008 that is managed from the CLI. There are only a couple of GUI elements left. This version also takes up far disk space and memory than the Full version. It requires only 100 megabytes for the kernel and then you just start adding on for the services you start building in. Core is primarily intended for a low resource box that runs a few of the core services for an Active Directory based network. Core also has a reduced attack surface due to being so stripped down. Not all roles and features available under Full are available in Core. A few important ones missing are Terminal Services, NAP, and AD CS. IIS is available but without ASP.NET. For the features one of the biggest missing is the .NET Framework which means, sadly, that no PowerShell is available on Core. Core will still accept remote WMI queries though so you will still be able to use PowerShell to execute WMI queries remotely. Though apparently it is possible to hack it in. I have not tried this yet though. So now that we know a bit about Core, let’s use this to set up our first forest.
Boot off the dvd and make sure that you select Core. For our first DC we don’t really need the extra features of Enterprise so I would recommend Standard. Installation is pretty simple so just run the rest of the way through and login setting your admin password. Now the first thing we have to do is get your network configured. I am working with 10.60.0.x but it is up to you to decide your ip block. We will start off with the netsh command.
netsh interface ipv4>show interfaces
The results will list all of your connections giving you in the first column the index number. Look up your network connection as that is the one that we will be working with.
netsh interface ipv4>set address name=”2” source=static address=10.60.0.2 mask=255.255.255.0
You can also add a gateway=x.x.x.x parameter to configure your gateway if necessary. Since this network is just for testing purposes I have no need for gateway currently. Also note that the name is the index number of the nic you are working with. If no errors are returned then the command should be successful so type quit and then just to be sure do an ipconfig /all. You should see your new settings listed. Now let’s get the name set for this machine.
C:\>netdom renamecomputer %computername% /NewName:CloudCore
Agree to proceed and then we’ll need to reboot the machine.
C:\>shutdown /r /t 0
This issues an immediate reboot of the machine. Don’t forget that if you’re confused about a command you can issue the command with a /? to find out more information about it. Now that we have our network connection let’s get Active Directory set up. This gets a bit more complicated than configuring your network but if you are at all familiar with unattended installations then you won’t have too much difficulty.
Core still has our trusty notepad application. Here is a copy of the config we will write up for doing an installation of AD DS on this machine.
ReplicaOrNewDomain = Domain
NewDomain = Forest
NewDomainDNSName = shinra.inc
SiteName = Shinra-Headquarters
ForestLevel = 3
AutoConfigDNS = Yes
DNSDelegation = Yes
DNSDelegationUserName = dnsuser
DNSDelegationPassword = Pass1word
RebootOnSuccess = Yes
SafeModeAdminPassword = Pass1word
It should be pretty self explanatory but I will go over a few options here. If you want to see more options and find out more about these current options use dcpromo /? and/or dcpromo /?:Promotion. Now the NewDomainDNSName is what you are wanting to use for your new forest. It is best practices not to use your public DNS name for your internal Active Directory structure. Most people like to use a postfix of .local but you can use whatever you want. An example using mine here is if my external DNS was shinra.com then using shinra.inc would be a good choice for the internal AD structure. The SiteName is not necessary as it will default to Default-First-Site-Name but I dislike using such a nondescript name. ForestLevel will set your forest to a particular level. The default is Windows 2000 but using 2 will set to 2003 and 3 to 2008. Be careful when setting your forest level as you can’t go back. Since we’re starting from scratch here it is ok to go with a 2008 forest level. Once we start introducing some RODCs you will need a forest level of 2003. The domain level is automatically set from the forest level in this install.
Now we’re ready to run through those so execute
If all is well you should see the installation run through and it will reboot at the end, if you left the RebootOnSuccess flag set. There you go you have your first Active Directory set up, and on Core none-the-less! So here are a few tasks few you to go about for some good practice. Add a second DC, preferably on Core. Make sure to put a global catalog on it too. Create yourself an OU and put in a standard user account for yourself to use there as well. You could even try writing a script to pre-populate a large number of users. The commands you’ll want to check out for this are dsadd and dsmod. Up next we’ll get into installing and configuring DHCP.