Active Directory on Windows Server Core

Just a quick post on how-to install Active Directory on Windows Server Core 2019. Once in a while I just rebuild my whole development environment including my Windows Server Core virtual machines. Rebuilding a domain controller on Windows Server Core is pretty easy and requires just a few steps you’ll have to take one after another.

Prerequisites

• You need a hypervisor. Pick whatever vendor you like (VirtualBox, VMWare or Hyper-V).
• The installation ISO for Windows Server Core 2019. Download an evaluation copy here.

Install Windows Server

Install your copy of Windows Server like you would normally do. Select your language and keyboard preferences, configure the hard drive and wait for the installation to complete.

Lastly, when logging in for the first time, set a password for the Administrator account.

Configure the basics

1. Rename: Rename the Windows Server machine to something so you can identify it among your other servers.

Rename-Computer -NewName <ComputerName>

2. Network: Now, set a static IP address and DNS server. For DNS, we point to 127.0.01 (localhost), because this domain controller will also be a DNS server for the Active Directory domain.

# Get all network adapters.
Get-NetAdapter

# Set IP address and DNS.
$ip = "10.0.0.1"
$dns = "127.0.0.1"
New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ip -AddressFamily IPv4 -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $dns

3. Time zone: Please don’t forget to set your time zone. My time zone will be W. Europe Standard Time.

Set-TimeZone -Id "W. Europe Standard Time"

Note: Looking for the ID of your time zone? Run Get-TimeZone -ListAvailable to find yours.

4. Reboot: It is now time to reboot to complete the renaming of the server.

Restart-Computer

Install Active Directory Domain Services

We are now good to go to install Active Directory Domain Services. First we install a new forest and then configure domain requirements.

1. Install ADDS: Install the AD-Domain-Services feature. Please also include the -IncludeManagementTools parameter. You also might receive a few warning about DNS and security tokens, but can safely be ignored.

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

2. Create a Forest Root Domain: There is no Active Directory without a forest. Create one and give it a name. Once chosen, it is hardly changed after.

Install-ADDSForest -DomainName <DomainName>

Note: Best-practices for the Forest Root Domain can be found here.

3. Safe Mode: Choose a strong password for the Safe Mode Administrator. If you need to recover the domain when you lost control, this saves your domain. After setting the password, the server needs a reboot to complete the setup.

Validate your new domain controller

Logging back in, you might notice that your account is now an Active Directory account. That’s a good start and indicates that you just logged in to your new domain controller. However, we still need to validate a few things to make sure that everything is setup correctly.

1. Services: Query for Active Directory specific services to verify that they are running.

Get-Service adws,kdc,netlogon,dns

2. Event Viewer: Review logs and analyze a few entries.

Get-Eventlog "Directory Service" | Select-Object entrytype, source, eventid, message
Get-Eventlog "Active Directory Web Services" | Select-Object entrytype, source, eventid, message

PowerShell DSC

Use PowerShell Desired State Configuration (DSC) to automatically deploy and manage domain controllers. Consequently, it’s faster and more reliable. Find more information about it over here.

Conclusion

Setting up Windows Server Core 2019 as a domain controller is a systematic process facilitated by PowerShell commands. The procedure involves initial setup tasks such as configuring basic settings, installing Active Directory Domain Services, and conducting a final verification.

Feel free to ask your questions in the comments, or send me a message!