Promoting a Windows Server 2008 R2 Domain Controller to an existing domain in an existing forest

Promoting the first Domain Controller that runs Windows Server 2008 R2 is not a new thing. However, there are some pre-requisites that you need to look after before promoting your new Domain Controller. In this test scenario, we already have our itserveronline.local domain and forest which consists of only one Windows Server 2003 R2 Domain Controller with the DNS server role in a Windows 2000 Mixed domain. This article entails the different steps needed to successfully add the first and full operational Domain Controller and DNS server that runs Windows Server 2008 R2 in our forest.

Prerequisites to the new server.

The first step is to prepare the Windows Server 2008 R2 server. To start, 
we need to ensure proper Computer Name of the new server (as per your naming convention).
The next thing to check is the IP address of the new server. It is to be noted that the server needs to be assigned a static IP address. Since the new server will have to be a member server of our existing domain, we also need to set the Preferred DNS Server settings to point towards an existing DNS Server in the environment. In our demo, the existing DNS Server is installed on SRVPDC itself, having IP address 192.168.1.55.
To test DNS settings, we run the nslookup command as below:
  • Go to Start and select Run.
  • In the Open textbox, type nslookup.
We test the DNS by querying a record from our DNS server. Notice in the screenshot above, we need to insert the FQDN of the queried record. This is simply because the Windows Server 2008 R2 server has not yet been joined to the itserveronline.local domain. Refer to our article Joining an XP machine to an Active Directory domain for more info.
In addition to the static IP address and since this destination server will be configured as a DNS server, it is also recommended to disabled IPv6 connection settings, for the network adapter responsible for name resolution,  if you do not intend to use it. This will prevent configuration of DNS for IPv6 during migration, which is not needed and may cause confusion and security issues. Note that, a Windows Server is more stable and productive when the features that are required only is configured and restricted. Below is the screenshot with the IPv6 disabled.
Once DNS tested and successful, we now need to make the new server a member server of the domain. To perform this step, we simply need to join the server to the domain through the following steps:
  • Go to Start, right-click Computer, select Properties to access the System Properties window.
  • Under Computer name, domain, and workgroup settings, click on the Change Settings link.
  • Under the Computer Name tab, click on the Change… button.
  • The Computer Name/Domain Changes windows appears where you can choose whether you want the client machine to be a member of a domain or workgroup (which it is currently in).
  • Select the domain option and insert the domain name. In our example, our domain name is “itserveronline.local” as shown below.
  • Click on OK to apply the new settings. If the DNS Server settings are good, which we tested earlier, then you will need to provide a valid username and password of an account with permission to join the domain, as per the screenshot below.
  • Click OK at the Welcome Screen and OK again to restart the server.
  • Close the System Properties window and let the server restart itself. Once the server has restarted, you will need to log in the server using a domain administrator account. Note that you will have to choose the domain NetBIOS name to log in to the domain. For more information about joining a machine to the domain.
We verify that the server is a member server by accessing the System Properties window.
We can now see that the server has a FQDN and the domain is set to itserveronline.local, which is our domain name.

Pre-requisites to the domain and forest.

If you are going to promote your first Windows Server 2008 or Windows Server 2008 R2 Domain Controller in your domain and forest, you need to perform two thing in your existing domain and forest environment:
  1. Raise the the Domain Functional Level (DFL) to at least Windows 2000 Native 
  2. Prepare the existing Forest Schema and Domain 

Promoting the server to a Domain Controller.

The next part of our article is to promote the destination server to a Domain Controller in our existingitserveronline.local domain. In Windows Server 2008 R2, it is recommended to install the Active Directory Domain Services prior to run the dcpromo wizard.
To install Active Directory Domain Services,
  • Open the Server Manager console.
  • From the Left Menu tree, click on Roles once and then right-click Roles and select Add Roles. The welcome screen below appears. Click Next to continue.
On the Server Roles screen, check the Active Directory Domain Services (AD DS) and click on Next.
A screen pops up specifying required features for AD DS. Click the Add Required Features button to continue.
The next screen displays some useful information and links about AD DS that you should read an then click onNext.
Click Install on the Confirmation screen to proceed with the installation of ADDS and the required features.
Installation begins and this process should not take more than 5 minutes.
Once installation is completed and succeeded, you will need to run the dcpromo wizard to start promoting the server to a Domain Controller. You can either click on the link on the Result window to launch the wizard or click on Close and run it manually.
To run the wizard manually, go to Start, select Run. In the Open textbox, type dcpromo.
Below is the screenshot of the AD DS installation wizard. Click on Next to continue.
Read the Operating System Compatibility information if you have never read about it and click on Next.
On the Choose a Deployment Configuration window, select Add a domain controller to an existing domain for an existing forest, since we are adding an additional Domain Controller in our itserveronline.local domain and forest. Click on Next to continue.
In the Network Credentials windows below, confirm the domain in which you want to install this Domain Controller and the account credentials that will be used for this operation as well. Click on Next.
If the domain you confirmed in the previous windows was the parent domain and if that domain consisted of other sub domain, then the Select a domain windows will display a tree of all sub domains available for this new Domain Controller as seen below. Since we are going to install our Domain Controller in the itserveronline.localdomain, we will select the parent (forest root) domain itself.
At this stage, it has to be noted that if you did not prepare your forest schema and/or domain prior to start installation of AD DS, then you would have received the errors below:
However, if your forest schema and domain were prepared successfully, then only the warning below will appear mentioning that your domain will not support a Read Only Domain Controller (RODC) unless the adprep /rodcprep command is run. Since we do not want to install a RODC now, click on Yes to acknowledge the warning and continue.
On the Select a site window, confirm the site where you want this Domain Controller to be installed within the domain and click on Next. In our demo, we are using the default site itself.
The wizard will start examining DNS configuration.
On the Additional Domain Controller options window, you have the option to install DNS and Global Catalogserver on the same machine as well. Notice that the RODC option is greyed out because our domain has not been prepared for this. Since we also need to install DNS role on this server as part of our requirements, we will select the option for DNS and as this Domain Controller will be part of our parent domain, we will also select the Global Catalog options to allow full replication of Active Directory objects. Once the option selected, click on Next.
The wizard will start examining the DNS configuration again and the warning below will be displayed. Click on Yesto continue.
On the next window, make the changes appropriate for the DatabaseLog Files and SYSVOL folders location. Microsoft recommends to store these files on different disks for better performance and security. Once set, proceed to the next window.
Assign a Directory Services Restore Mode administrator password which is a completely different password and must be kept safe.
On the Summary page, confirm that all your settings are right and click on Next to start the installation.
During this process, AD DS and DNS will be installed and Active Directory data will be replicated from older existing Domain Controllers to this new one.
Once the installation is complete, click on Finish.
So, from here you have your Windows Server 2008 R2 server promoted as a Domain Controller. To confirm that this server is fully operational, you need to check the following:
  1. Check if DNS pas been installed properly and the records replicated on the new server.
  2. Check if the new server has a Name Server (NS) record in DNS.
  3. Check the installation of Active Directory services and replication of its objects and containers.
  4. Check if the server is a Global Catalog server as we set earlier.
  5. Run the dcdiag and netdiag network diagnostic tools on the new server.
Now that you have a Windows Server 2008 R2 Domain Controller in your environment, you can start using the new features.
We hope that our article has been and will be in good help to you.
Ref: http://tinyurl.com/luypons

Comments

Popular posts from this blog

Changes in Windows 2008 Active Directory

Windows Server Support Interview Questions and Answers (L1)

How to Write a Letter Requesting Sponsorship