Creating Your Own Personal Hydration Solution – Part 3: Domain Controller

Part 0 Introduction
Part 1 Setting Up
Part 2 First VM – Windows Router
Part 3 Domain Controller
Part 4 Configuration  Manager Infrastructure

DC01

After completing parts 1 and 2 of this series you would have a virtual lab with 4 separate  network segments all connected to and routed through a Windows 2012 R2 server (RTR01) acting as the router.  This server will also provide Internet access to any virtual machines that are connected to the 4 network segments.

In Part 3 we are going to build a domain controller (DC01).  This server will provide not only Active Directory Domain Services to the lab but also DHCP and DNS services as well.


Preparing the Deployment Share

In Part 2 of the series we imported Windows Server 2012 R2 as an operating system into our MDT deployment share.  We will use this OS throughout the series as the basis for all of our builds.

Also in Part 2 we created some custom CustomSettings.ini files and the task sequence to build RTR01, the Windows router.  We are going to use those same techniques in the remainder of our server builds.

CustomSettings.ini

The majority of the work required for the CS.ini file has already been completed in Part 2.  We are just going to add a new MacAddress block (like we have for RTR01) for DC01.

Open the CustomSettings.ini file in the Control folder of your deployment share and add the following code block.

[00:15:5D:20:15:02]
; DEMO-DC01
TaskSequenceID=DC01
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

This code block is nearly identical to the code block we have for RTR01.  The only differences are the MacAddress, the comment and the TaskSequenceID value.

Here is my completed CustomSettings.ini for this part.  I’ve highlighted the new portion.

CustomSettings

This code block will instruct MDT to select the task sequence DC01 automatically if the machine being built has this MacAddress.  Once the build is complete MDT will shut down the system.  Again, if you start the build and come back later to find the VM powered down then you know the build was successful.

Special CustomSettings.ini Files

While our RTR01 build had 1 special CS.ini (CustomSettings_RTR01) with this build we are going to have a second custom CS.ini file (CustomSettings_DomainInfo).

CustomSettings_DC01.ini

Just like we did in Part 2 for RTR01, we are going to create a special CS.ini specifically for this build.

Here is my completed file with the differences from the one created for RTR01 highlighted.

CustomSettings_DC01

We are adding 6 lines so that MDT will set the IP address of the server.

OSDAdapterCount=1
OSDAdapter0DNSServerList=127.0.0.1
OSDAdapter0Gateways=192.168.11.1
OSDAdapter0IPAddressList=192.168.11.2
OSDAdapter0SubnetMask=255.255.255.0
OSDAdapter0TCPIPNetBiosOptions=1

OSDAdapterCount=1
This variable defines how many network adapters are going to be configured by MDT.

In the following rules that is a zero between OSDAdapter and the rest of the line and not the letter O.  MDT enumerates the network adapters starting with the number zero.  If you had multiple adapters you could set the addresses using OSDAdapter0IPAddressList then OSDAdapter1IPAddressList, OSDAdapter2IPAddressList, etc.

OSDAdapter0DNSServerList=127.0.0.1
This specifies the IP address or addresses of the DNS server(s).  Multiple server addresses would be separated by commas.

OSDAdapter0Gateways=192.168.11.1
This rule specifies the gateway to use for this adapter.

OSDAdapter0IPAddressList=192.168.11.2
This is the IP address to assign to this adapter.

OSDAdapter0SubnetMask=255.255.255.0
The subnet mask for this adapter.

OSDAdapter0TCPIPNetBiosOptions=1
This enables IP forwarding.

CustomSettings_DomainInfo.ini

This second custom CS.ini file will define the settings required to configure our Active Directory and set up our first DHCP scope.

Q. Why is only 1 scope defined here?
A. Learning opportunity.  I use 2 different methods for defining the DHCP scopes.  The first is automatically using MDT and the second is using PowerShell in a post-build script.

In your Control folder of your deployment share create a new INI named “CustomSettings_DomainInfo.ini” and copy the following into it.

[Settings]
Priority=Default

[Default]
; Active Directory Configuration
ReplicaOrNewDomain=Domain
NewDomain=Forest
NewDomainDNSName=Demo.lab
DomainNetBiosName=Demo
ForestLevel=4
DomainLevel=4
AutoConfigDNS=Yes
ConfirmGC=Yes
CriticalReplicationOnly=No
SafeModeAdminPassword=P@ssw0rd
SiteName=ADSite1

; DHCP Configuration
DHCPServerOptionRouter=192.168.11.1
DHCPServerOptionDNSServer=192.168.11.2
DHCPServerOptionDNSDomainName=Demo.lab
DHCPScopes0SubnetMask=255.255.255.0
DHCPScopes0IP=192.168.11.0
DHCPScopes0Name=Lab Scope 1
DHCPScopes0StartIP=192.168.11.100
DHCPScopes0EndIP=192.168.11.199
DHCPScopes0OptionLease=691200
DHCPScopes=1

I have broken the code block into two sections, one the configuration of Active Directory and the second for configuring the DHCP server.

Configuration Script

Just like with RTR01 there will be a post-build script to run to complete the configuration of the domain controller.  This script creates the DHCP scopes for each of the network segments, sets the DNS forwarders to Google’s public DNS and creates the sites and subnets for out network.

In the Scripts folder of your deployment share create a PowerShell script named “DC01_Step01-ConfigureServer.ps1” and use this code.

DC01_Step01-ConfigureServer.ps1


# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Additional DHCP Scopes
Add-DhcpServerv4Scope -Name 'Lab Scope 2' -StartRange 192.168.12.100 -EndRange 192.168.12.200 -SubnetMask 255.255.255.0 -Description 'DHCP Scope for LAN 2'
Set-DhcpServerv4OptionValue -ScopeId 192.168.12.0 -Router 192.168.12.1

Add-DhcpServerv4Scope -Name 'Lab Scope 3' -StartRange 192.168.13.100 -EndRange 192.168.13.200 -SubnetMask 255.255.255.0 -Description 'DHCP Scope for LAN 3'
Set-DhcpServerv4OptionValue -ScopeId 192.168.13.0 -Router 192.168.13.1

Add-DhcpServerv4Scope -Name 'Lab Scope 4' -StartRange 192.168.14.100 -EndRange 192.168.14.200 -SubnetMask 255.255.255.0 -Description 'DHCP Scope for LAN 4'
Set-DhcpServerv4OptionValue -ScopeId 192.168.14.0 -Router 192.168.14.1

# DNS Configuration
Set-DnsServerForwarder -IPAddress 8.8.8.8
Add-DnsServerForwarder -IPAddress 8.8.4.4

# Create AD Sites and Subnets
New-ADReplicationSite -Name "ADSite2"
New-ADReplicationSite -Name "ADSite3"
New-ADReplicationSite -Name "ADSite4"

New-ADReplicationSubnet -Name "192.168.11.0/24" -Site "ADSite1"
New-ADReplicationSubnet -Name "192.168.12.0/24" -Site "ADSite2"
New-ADReplicationSubnet -Name "192.168.13.0/24" -Site "ADSite3"
New-ADReplicationSubnet -Name "192.168.14.0/24" -Site "ADSite4"
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

This script only creates the DHCP scopes for LAN2, 3 and 4 since the scope for LAN1 was defined in our CustomSettings_DomainInfo.ini and created automatically by MDT.  Again just examples of different ways of doing things.


Creating the Task Sequence

Start by creating a basic server task sequence in the MDT console.  Be sure to set the Task Sequence ID to “DC01”.  Just like with RTR01 we are going to add the additional groups and actions that have * * * appended to them.

TS_DC01

Initialization Group
Here we have the two identical custom actions that we put into the Initialization group on RTR01, so you can simply copy them from that task sequence.

The third custom action is new and is a Gather action to process our “CustomSettings_DomainInfo.ini” file.

Name: * * * Gather Lab Domain Specific Settings
Rules File: CustomSettings_DomainInfo.ini

State Restore Group
Not in the screen shot above is a custom action added to the State Restore group.

TS_DC01_StateRestore

This Apply Network Settings action takes the values we defined in the CustomSettings_DC01.ini file and uses them to set the static IP address.

* * * Prepare for Configuration Group
The actions in this group are identical to the same group at the end of the RTR01 task sequence.  The only difference being the command line in the very last step (Copy Config Script).

The new command line for this action is:
cmd /c copy “%ScriptRoot%\DC01_Step*.ps1″ “%USERPROFILE%\Desktop\”

The final two groups in this task sequence will do the “heavy lifting” of getting us our domain controller.

TS_DC01_FinalGroups

* * * Install Active Directory Group
The actions in this group will install and configure Active Directory Domain Services on our server.

Name: Install – DNS
Type: Install Roles and Features
Check “DNS Server” from the list of roles

Name: Install – ADDS
Type: Install Roles and Features
Check “Active Directory Domain Services” from the list of roles

Name: Configure – ADDS
Type: Run Command Line
Command line: cscript.exe “%SCRIPTROOT%\ZTIConfigureADDS.wsf”
[Set this action to continue on error]

Name: Restart computer
Type: Restart computer

* * * Install DHCP Group
This group of actions installs and performs the initial configuration of DHCP.

Name: Install – DHCP
Type: Install Roles and Features
Check “DHCP Server” from the list of roles

Name: Configure – Create DHCP Scope
Type: Run Command Line
Command line: cscript.exe “%SCRIPTROOT%\ZTIConfigureDHCP.wsf”
[Set this action to continue on error]

Name: Set TS Variable (FQDN)
Type: Set Task Sequence Variable
Variable: FQDN
Value: %HOSTNAME%.%DHCPSERVEROPTIONDNSDOMAINNAME%

Name: Authorize DHCP
Type: Run Command Line
Command line: PowerShell.exe -Command “&{Add-DhcpServerInDC -DnsName %FQDN% -IPAddress %IPADDRESS001%}”
[Set this action to continue on error]


 

Creating the Virtual Machine

You are going to want to create a virtual machine with these settings.

Specifications

Virtual Machine Name DEMO-DC01
Memory 1024MB
Hard Disk 100GB
Network LAN1
MAC Address 00:15:5D:20:15:02

 

Building the Virtual Machine

We’re going to build this one just like we did with RTR01, with one exception if you are building Hyper-V virtual machines.  If you are building VMWare virtual machines then you don’t need to worry about this extra step.

Boot the VM from  your boot ISO and when  you reach the welcome screen do NOT click “Run the Deployment Wizard…”, but instead click the button at the bottom called “Configure with Static IP Address”.

Build_1

Enter the static IP address that we are going to use for this machine and click Finish.

Build_DC01-SetStaticIP

Then you can click “Run the Deployment Wizard…” and  you’ll see the custom Deployment Share that our LocationServer.xml defines.

Build_DC01-SelectDeployShare

Choose “LAN1 (192.168.11.x)” and click Next.

At this point the build will be automated just like it was with RTR01.

Build_DC01-ApplyImage

Q. So why the extra step on Hyper-V virtual machines?
A. DC01 is the first VM to be built on any of the isolated networks.  When it boots up there is no DHCP server available to assign it an IP address.  So it will be unable to connect to our deployment share on the host.  This isn’t an issue when using VMWare workstation because VMWare Workstation includes a “micro” DHCP server so when the VM boots up on the isolated network VMWare provides it with a DHCP address.

DC01 is the only machine that requires manually setting a static IP address at the start of the MDT wizard.  Once DC01 is configured and online its DHCP server will provide IP addresses for all other machines built on the other isolated segments.

Just like the build for RTR01 when the build completes MDT will shut down the VM.


 

Post-Build Configuration

When the build completes power on the VM.  Log into the VM when it boots up.

DC01_Logon

[The password is P@ssw0rd]

You should also notice that Windows is activated and good for 180 days.

DC01_Activated

On the desktop you’ll find the configuration script.

DC01_PostBuildScript-1

Open an administrative PowerShell prompt and execute the script.

DC01_PostBuildScript-2

The remaining DHCP scopes will be created…

DC01-DHCP

Google’s public DNS servers will be added to the forwarders in DNS…

DC01-DNS

And finally the subnets are populated in AD Sites and Services…

DC01-ADSites

The configuration of DC01 is now complete.

Feel free to create user accounts, groups, OUs, system accounts, etc.

As you build machines on the various isolated networks (LAN1 – 4) the DHCP relay agent on RTR01 will forward those requests on to DC01 which will then provide an IP address on that subnet for the machine.

Later on we will be using the same relay agent on RTR01 to forward PXE boot requests from the other subnets to our PXE service point.

Next up – Configuration Manager!

You can download a Zip file with my sample files and scripts here.

 

Advertisements

Posted on January 1, 2016, in Hyper-V, MDT 2013, PowerShell, Task Sequences, Training, Windows Server and tagged , , , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: