Windows Server 2008 R2 Unleashed (30 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
NOTE
If you plan to change the IP address settings on more than one interface, take note of
all the interface names and Idx unique IDs.
Now that you have captured the names and IDs, utilize the following syntax to change
ptg
the IP address for a desired interface.
netsh interface ipv4 set address name=”
mask=
Replace the ID argument with the network interface name or ID. In addition, enter the
static IP address, subnet mask, and default gateway in subsequent arguments. An example
is netsh interface ipv4 set address name=”1” source=static
address=192.168.115.10 mask=255.255.255.0 gateway=192.168.115.1.
The final step when configuring the network interface is to enter a primary and secondary
DNS entry for the interface. Do this by using the following syntax:
netsh interface ipv4 add dnsserver name=”
The same command is utilized and repeated when entering more than one DNS entry.
However, increment the index each time. When finalized, run IP Config /all to verify the
IP address settings.
Adding the Server Core System to a Domain
The following script illustrates the basic syntax of how to add a Server Core system to a
Windows domain:
Netdom join
Input the domain name and supply the user account and password for an account that
has permissions to add computers to the domain.
108
CHAPTER 3
Installing Windows Server 2008 R2 and Server Core
Activating the Server Core System
Activating a Server Core system can be achieved in two easy steps. The first step includes
entering a product key and the second step requires you to activate the server. The syntax
for entering a product key is as follows:
slmgr.vbs –ipk
Once the product key has been successfully entered, you activate the server by typing in
the following command:
slmgr.vbs -ato
Server Core Roles and Feature Installations
The typical Windows server roles can be configured on a Server Core installation. The
following bullets list the server roles that are currently supported on a Server Core
installation:
. Active Directory Domain Services (AD DS)
. Active Directory Lightweight Directory Services (AD LDS)
ptg
. Active Directory Certificate Services
. Dynamic Host Configuration Protocol (DHCP) Server
. DNS Server
. File Services
. Print Server
. Streaming Media Services
. Web Server (IIS)
. Hyper-V
The following are optional features that are also supported on a Server Core installation:
. Microsoft Failover Cluster
. Network Load Balancing
. Subsystem for UNIX-based Applications
. Windows Backup
. Multipath I/O
. Removable Storage Management
. Windows Bitlocker Drive Encryption
. Simple Network Management Protocol (SNMP)
Managing and Configuring a Server Core Installation
109
. Windows Internet Naming Service (WINS)
. Telnet Client
. Quality of Service (QoS)
. .NET Framework
. PowerShell
NOTE
3
The following command lists all of the potential server roles and associated features:
Dism /online /get-features /format:table
The OCSetup command-line program is responsible for setting up and configuring the
server roles and features on a Server Core installation. You can configure the OCSetup
command-line options using the following syntax:
ocsetup.exe [/?] [/h] [/help] component [/log:file] [/norestart] [/passive]
[/quiet] [/unattendfile:file] [/uninstall] [/x: parameter]
ptg
Use Table 3.3 to understand each of the options that are available when using the
OCSetup command-line program.
TABLE 3.3
Available Command Options for OCSetup
Parameter
Description
/?, /h, /help
Explains all the options available for OCSetup
component
Represents the name of the component you plan on installing, such as
DNS, DHCP, Web Server (IIS), and more
/log:file
Specifies the log file location if you do not want to take advantage of the
default location
/norestart
Does not reboot the computer after the installation
/passive
Suppresses unnecessary noise and only includes progress status
/quiet
Does not require user interaction
/unattendfile:file
Requires additional configurations
/uninstall
Removes server components
/x: parameter
Supplies additional configuration parameters
Performing a Server Role Installation on a Server Core Installation
Table 3.4 outlines basic server role installation examples based on the use of the OCSetup
command-line tool.
110
CHAPTER 3
Installing Windows Server 2008 R2 and Server Core
TABLE 3.4
Server Role Installation Command Lines with OCSetup
Server Role
Command
DNS Server role
ocsetup DNS-Server-Core-Role
DHCP Server role
ocsetup DHCPServerCore
File Server role
ocsetup FRS-Infrastructure
Print Server role
ocsetup Printing-ServerCore-Role
Active Directory Lightweight Directory
ocsetup DirectoryServices-ADAM-ServerCore
Server role
Windows Deployment Server (Windows DS)
ocsetup Microsoft-Windows-Deployment-
role
Services
Web Server (IIS) role
ocsetup IIS-WebServerRole
Streaming Media Services role
ocsetup MediaServer
Hyper-V role
ocsetup Microsoft-Hyper-V
The previous sections are a prelude to some of the common Server Core command-line
ptg
arguments for installing and configuring elements on a Windows Server 2008 R2 Server
Core installation. For a full list of command-line arguments, visit the Microsoft website
and conduct a search for Windows Server 2008 R2 Server Core.
Installing the Active Directory Domain Services Role
Even though Active Directory Domain Services is just another server role, you cannot
install it with ocsetup on Server Core. You must use the dcpromo utility. The problem is
that dcpromo normally starts a wizard with a graphical user interface and Server Core does
not support GUIs. You have to provide the input for dcpromo by supplying the operation
parameters or by using an answer file.
There are 40 different operation parameters that the dcpromo utility can accept. While
this may seem like a dizzying array of options, few command lines will utilize all of them.
Please refer to the TechNet dcpromo command reference at
http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx for a complete list and
explanation of each parameter. You can use this reference to build the correct dcpromo
command line or create an unattend file suitable for your core domain controller.
The following example creates a domain controller for a new Active Directory forest. It
installs and configures the DNS Server service and configures the forest and domain func-
tional levels to Windows Server 2008 R2:
[DCInstall]
; New forest promotion
ReplicaOrNewDomain=Domain
NewDomain=Forest
Summary
111
NewDomainDNSName=companyabc.com
ForestLevel=4
DomainNetbiosName=COMPANYABC
DomainLevel=4
InstallDNS=Yes
ConfirmGc=Yes
CreateDNSDelegation=No
DatabasePath=”C:\Windows\NTDS”
LogPath=”C:\Windows\NTDS”
SYSVOLPath=”C:\Windows\SYSVOL”
3
; Set SafeModeAdminPassword to the correct value prior to using the unattend file
SafeModeAdminPassword=
; Run-time flags (optional)
RebootOnCompletion=Yes
Use the following steps to run dcpromo with an unattend file:
1. Copy or create the unattend.txt file to the root of the C: drive.
2. Enter the command dcpromo.exe /unattend:C:\unattend.txt and press Enter. The
installation will proceed.
3. At the end of the installation, the server will automatically reboot.
ptg
Performing an Unattended Windows Server 2008
In many large enterprise environments, it is necessary to automate the installation of
Windows Server 2008 R2. This is because there might be more than 10,000 servers within
the organization and installing each server manually is not a practical or efficient way of
utilizing resources or capital expenditures. Windows Deployment Services is a great tool
offered by Microsoft to automate the installation process of Windows Server 2008 R2
when trying to achieve economies of scale.
For more information on Windows Deployment Services and performing an unattended
installation of Windows Server 2008 R2, see Chapter 26, “Windows Server 2008 R2
Administration Tools for Desktops.”
The Windows Server 2008 R2 installation process and deployment tools bear similarities to
those found in previous versions of Windows. However, feature and performance
enhancements have improved the installation experience—whether you are installing a
single system by hand or deploying thousands of systems across your corporate environ-
ment with Windows Deployment Services.
112
CHAPTER 3
Installing Windows Server 2008 R2 and Server Core
The new Windows Server Core supported roles and features such as Hyper-V and
PowerShell have been a much anticipated feature set for the Windows Server 2008 R2
family of operating systems. Server Core installations can further meet today’s administra-
tors’ and organizations’ needs by providing a mechanism of utilizing the Windows Server
2008 R2 operating system with the fewest amount of binaries, in the most highly secured
fashion, while also reducing management overhead.
The following are best practices from this chapter:
. Verify that your hardware, devices, and drivers are supported by Windows Server
2008 R2.
. Stick to using the recommended or optimal hardware and software requirements.
. Make sure you document your server configuration information and perform a
backup of any data that you want to keep.
. Use the Windows Server 2008 R2 Initial Configuration Tasks Wizard to conduct
postinstallation tasks.
ptg
. Utilize Windows Server Core installations when the highest level of security is
warranted.
. Use a consistent naming convention to name the servers and client machines.
. Use only Internet-standard characters in your computer name. This includes the
letters A–Z (upper- and lowercase), the numbers 0–9, and the hyphen (-).
. Periodically verify that system backups can be used to recover a system in a lab
environment.
. As soon as you complete the installation, rename the administrator account and
assign a strong password, for the sake of security.
. Automate installation by using Windows Deployment Services.
. Choose and install Windows Server 2008 R2 roles and features to a server to take
advantage of new capabilities built in to Windows Server 2008 R2.
IN THIS CHAPTER
Active Directory
. Examining the Evolution of
Directory Services
Domain Services Primer
. Understanding the
Development of AD DS
. Examining AD DS’s Structure
. Outlining AD DS’s Components
. Understanding Domain Trusts
Microsoft’s Active Directory technologies have come a
. Defining Organizational Units
long way since their original release with Windows 2000
Server. From a single product referred to simply as Active
. Outlining the Role of Groups in
Directory (AD), Windows Server 2008 R2 now encompasses
an AD DS Environment
a total of five separate Active Directory technologies. Each
. Explaining AD DS Replication
of these technologies is similar—they all exist to supply
directory services and to serve as a platform for future inte-
. Outlining the Role of DNS
in AD DS
gration of Microsoft technologies. The additional four
Active Directory services roles in Windows Server 2008 R2
ptg
. Outlining AD DS Security
include Active Directory Lightweight Directory Services (AD
. Outlining AD DS Changes in
LDS), Active Directory Federation Services (AD FS), Active
Windows Server 2008 R2
Directory Certificate Services (AD CS), and Active Directory
Rights Management Services (AD RMS).
The focus of this chapter is on the traditional Active
Directory service, Active Directory Domain Services (AD
DS), and touches upon the information needed to under-
stand what AD DS is and how it has become the most
common enterprise directory platform in use today. This
chapter initially focuses on describing a history of directory
services in general. It then proceeds to give a primer on AD
DS itself as a technology. Finally, specific changes made to
Active Directory technologies in general are outlined at the
end of the chapter, including all new improvements intro-
