Task 1: Deploy ADDS on a new Windows Server Core server
- I'll use PDC with desktop experience to deploy DC for Windows Server Core server
Note : dhvhcmscore001 : Windows Server Core server's computer name & He already joined to my local domain - Also, you can use Window Admin Center to deploy DC for Windows Server Core server: on WAC connect to your Windows Server Core server then select Roles & Features on the left menu & tick on check box Active Directory Domain Services then click install
Task 2: Manage AD DS objects with GUI tools and with Windows PowerShell.
Task 1: Deploy AD DS on a new Windows Server Core server :
Step 1: On my PDC, select Start, and then select Server Manager
Step 2: In Server Manager, select Tools, and then select Windows PowerShell
Step 3: At the command prompt in the Windows PowerShell command-line interface, enter the following command, and then select Enter:
Install-WindowsFeature –Name AD-Domain-Services –ComputerName dhvhcmscore001
Step 4: Enter the following command to verify that the AD DS role is installed on dhvhcmscore001, and then select Enter:
Get-WindowsFeature –ComputerName dhvhcmscore001
Make sure that check box Active Directory Domain Services is selected
Step 5: On PDC in Server Manager select the All Servers, On the Manage menu, select Add Servers > click Find Now > choose dhvhcmscore001 then click arrow to add dhvhcmscore001 selected list then click OK. Click Promote this server to a domain controller (dhvhcmscore001) rom notification flag symbol.
Step 6:
In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, under Select the deployment operation, verify that Add a domain controller to an existing domain is selected.
Ensure that the dhv.local domain is specified, and then in the Supply the credentials to perform this operation section, select Change.
In the Credentials for deployment operation dialog box, in the User name box, enter dhv\Administrator, and then in the Password box, enter your administrator password > Click Next.
Step 7:
On the Domain Controller Options page, select the Domain Name System (DNS) server and Global Catalog (GC) check boxes. Ensure that the Read-only domain controller (RODC) check box is not selected .
In the Type the Directory Services Restore Mode (DSRM) password section, enter and confirm the password , and then select Next.
Step 8: DNS option page, click Next
Step 9: Additional option page, click next
Step 10: Path page, keep default & click next
Step 11: On the Review Options page, select View script to open the generated Windows PowerShell script
Invoke-Command –ComputerName dhvhcmscore001 {Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "dhv.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true}
Step 12: Switch to the Active Directory Domain Services Configuration Wizard, and then select Cancel. When prompted for confirmation, select Yes to cancel the wizard.
Step 13:
At the Windows PowerShell command prompt, enter the following command (Windows PowerShell scrip that we generated above), then hit enter to start command.
In the Windows PowerShell Credential Request dialog box, enter dhv\Administrator & Password box, and then select OK.
New-ADOrganizationalUnit -Name:"HCM-HO-SALE" -Path:"OU=DES-HCM-HO,DC=dhv,DC=local" -ProtectedFromAccidentalDeletion:$true -Server:"dhvhcmscore001.dhv.local"
New-ADUser -Name dhviet -DisplayName "Dang Hoang Viet" -GivenName Viet -Surname Dang -Path "OU=HCM-HO-SALE,OU=DES-HCM-HO,DC=dhv,DC=local"
Set-ADAccountPassword dhviet
- When you receive a prompt for the current password, select Enter.
- When you receive a prompt for the desired password, enter password for dhviet, and then select Enter.
- When you receive a prompt to repeat the password, repeat password for dhviet, and then select Enter
Enable-ADAccount dhviet
- Now you can Test the account by switching to your client PC, and then sign in as dhviet with your password.
New-ADGroup HCM-HO-SALE-GROUP -Path "OU=HCM-HO-SALE,OU=DES-HCM-HO,DC=dhv,DC=local" -GroupScope Global -GroupCategory Security
Add dhviet to group HCM-HO-SALE-GROUP:
Add-ADGroupMember HCM-HO-SALE-GROUP -Members dhviet
Confirm that the user is in the group by running the following command:
Get-ADGroupMember HCM-HO-SALE-GROUP
Depend on the tools that you are familiar, you can use dsa.msc or window admin center to manage objects on your domain controller also.
No comments:
Post a Comment