Windows Server 2019 - LAB04 Deploying a new domain controller on Server Core

Task 1: Deploy ADDS on a new Windows Server Core server

• I'll use PDC with desktop experience to deploy DC for Windows Server Core server 
  Note : dhvhcmscore001 : Windows Server Core server's computer name & He already joined to my local domain
• Also, you can use Window Admin Center to deploy DC for Windows Server Core server: on WAC connect to your Windows Server Core server then select Roles & Features on the left menu & tick on check box Active Directory Domain Services then click install

Task 2: Manage AD DS objects with GUI tools and with Windows PowerShell.

Task 1: Deploy AD DS on a new Windows Server Core server :

Step 1: On my PDC, select Start, and then select Server Manager

Step 2: In Server Manager, select Tools, and then select Windows PowerShell

Step 3: At the command prompt in the Windows PowerShell command-line interface, enter the following command, and then select Enter:

Install-WindowsFeature –Name AD-Domain-Services –ComputerName dhvhcmscore001

  Step 4: Enter the following command to verify that the AD DS role is installed on dhvhcmscore001, and then select Enter:

Get-WindowsFeature –ComputerName dhvhcmscore001

 Make sure that check box Active Directory Domain Services is selected

Step 5: On PDC in Server Manager select the All Servers, On the Manage menu, select Add Servers > click Find Now > choose dhvhcmscore001 then click arrow to add dhvhcmscore001 selected list then click OK. Click Promote this server to a domain controller (dhvhcmscore001) rom notification flag symbol.

Step 6:
In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, under Select the deployment operation, verify that Add a domain controller to an existing domain is selected.
Ensure that the dhv.local domain is specified, and then in the Supply the credentials to perform this operation section, select Change.
In the Credentials for deployment operation dialog box, in the User name box, enter dhv\Administrator, and then in the Password box, enter your administrator password > Click Next.

Step 7: 

On the Domain Controller Options page, select the Domain Name System (DNS) server and Global Catalog (GC) check boxes. Ensure that the Read-only domain controller (RODC) check box is not selected .

In the Type the Directory Services Restore Mode (DSRM) password section, enter and confirm the password , and then select Next.

 

Step 8: DNS option page, click Next

Step 9: Additional option page, click next

Step 10: Path page, keep default & click next

Step 11: On the Review Options page, select View script to open the generated Windows PowerShell script

edit the generated Windows PowerShell script in notepad, full script like look like bellow:

Invoke-Command –ComputerName dhvhcmscore001 {Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "dhv.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true}

Step 12: Switch to the Active Directory Domain Services Configuration Wizard, and then select Cancel. When prompted for confirmation, select Yes to cancel the wizard.

Step 13: 

At the Windows PowerShell command prompt, enter the following command (Windows PowerShell scrip that we generated above), then hit enter to start command.

In the Windows PowerShell Credential Request dialog box, enter dhv\Administrator & Password box, and then select OK.

When prompted for the password, in the SafeModeAdministratorPassword text box, enter your Administrator password, and then select Enter. Repeat for Confirm SafeModeAdministratorPassword , then Wait until the command runs and the Status Success message is returned.

After windows server core dhvhcmscore001 rebooted, you can check dhvhcmscore001 has promoted to domain controller on your domain.

Task 2: Manage AD DS objects with GUI tools and with Windows PowerShell.

Login to PDC then Switch to Windows PowerShell (Admin). I wanna create new OU for SALE DEPT with the name HCM-HO-SALE under OU DES-HCM-HO on Domain dhv.local. So the command look like bellow:

New-ADOrganizationalUnit -Name:"HCM-HO-SALE" -Path:"OU=DES-HCM-HO,DC=dhv,DC=local" -ProtectedFromAccidentalDeletion:$true -Server:"dhvhcmscore001.dhv.local"

Create a user account for Dang Hoang Viet in the HCM-HO-SALE OU by running the following command:

New-ADUser -Name dhviet -DisplayName "Dang Hoang Viet" -GivenName Viet -Surname Dang -Path "OU=HCM-HO-SALE,OU=DES-HCM-HO,DC=dhv,DC=local"

Set the password for the account by running the following command:

Set-ADAccountPassword dhviet

• When you receive a prompt for the current password, select Enter.
• When you receive a prompt for the desired password, enter password for dhviet, and then select Enter.
• When you receive a prompt to repeat the password, repeat password for dhviet, and then select Enter

To enable the account, run the following command:

Enable-ADAccount dhviet

• Now you can Test the account by switching to your client PC, and then sign in as dhviet with your password.

Create new group HCM-HO-SALE-GROUP in the HCM-HO-SALE OU by running the following command:

New-ADGroup HCM-HO-SALE-GROUP -Path "OU=HCM-HO-SALE,OU=DES-HCM-HO,DC=dhv,DC=local" -GroupScope Global -GroupCategory Security

Add dhviet to group HCM-HO-SALE-GROUP:

Add-ADGroupMember HCM-HO-SALE-GROUP -Members dhviet

Confirm that the user is in the group by running the following command:

Get-ADGroupMember HCM-HO-SALE-GROUP

Depend on the tools that you are familiar, you can use dsa.msc or window admin center to manage objects on your domain controller also.