Installing Active Directory on Windows Server 2012 Core

Microsoft has indeed made installing roles and features a great ease. To install Active Directory on Serve Core 2012 we must first configure the server to promote it to a domain by using the sconfig command.

The next step is to prepare our unattended file for Active Directory.

Our next step is run the unattended file to install Active Directory and DNS.

The Active Directory installation will run and install DNS.

As the installation runs normal Active Directory install and securing will take place.

Once completed depending on your unattended file the system will reboot if yes was selected in your answer file.

Once restarted the next step is to enable remote management to manage the Server Core from your Windows 8 Client. Using the sconfig command enter the remote management option by pressing 4 and then 1 to enable remote management.

To manage Active Directory from your Windows 8 client the next step is first join the Windows 8 client to the domain then install the Remote Server and Administration Tool (RSAT) for Windows 8. RSAT for Windows can be downloaded here.

Once RSAT is installed. Depending on your network needs you can turn on and off features to manage from your Windows 8 Client. By default all RSAT features are turned on for server roles and features.

From the Start UI you can now access Server Manager and Administrative Tools to manage your network.

In Server Manager select manage then add the server you would like to manage.

Once the server is added that you would like to manage. Select tools to choose the role or feature you would like to manage.

Now you can manage and configure Active Directory on Server Core 2012 from your Windows 8 Client.

PowerShell Configuration Added

Another way we can install Active Directory on Windows Server 2012 Core is using PowerShell. As you can see this server is still a non-domain server and apart of a workgroup.

Exit back to the command prompt by selecting 15 from the menu. From the command prompt type PowerShell to switch to PowerShell mode.

While in PowerShell Mode type Install-WindowsFeature AD-Domain-Services -IncludeManagementTools The binaries for Active Directory and perquisites will be installed as seen below.

With the installation now finished. We can add our AD Forest to the server to complete our AD install on Server 2012 Core. The yellow message below warns me that I did not check for any Windows Updates. Not needed for this demo but is best practice in production.

Next we will need to type the PowerShell command Install-ADDSForest -DomainName (enter your domain name here and remove brackets). In this case we will use CORP.FISG.LOCAL. So the PowerShell command I will use to add a forest will be Install-ADDSForest -DomainName CORP.FISG.LOCAL

Once the command is ran you will be prompted to add a SafeAdminPassword which is used for Active Directory Recovery. Put the password in and confirm it.

Once done you will get the final message that states that the target server will be configured as a Domain Controller. Select Yes to all and the promotion will take place as seen below.

You have now successfully configured your Server Core 2012 machine as a Domain Controller as seen below.

Happy Server Administrating. If you need to download Server resources or if you would like to try this lab in Azure visit:

For Server Downloads - http://aka.ms/msproducts

For a free trial of Windows Azure - http://aka.ms/try-azure

By: Adnan Cartwright

Using Network Access Protection

Network Access Protection (NAP) has become the standard when protecting your environment. It is not just a policy to restrict infected computers from the network. But a policy to encourage computers to comply with security and health requirement policies and reduce the risk of malware spreading.  Non-compliant clients can be restricted from accessing intranet resources or communicating with compliant computers. Using Network Access Protection (NAP), IT administrators can require client computers to be healthy and comply with corporate health requirement policies. For example, client computers can obtain a full connection to the intranet only if they have recent security updates, anti-malware definitions, and other security settings.

Using NAP requires that NAP-enabled clients submit a health certificate for authentication when creating the initial connection with the Network Policy server. The health certificate contains the computer’s identity and proof of system health compliance. A NAP-enabled client obtains a health certificate by submitting its health state information, either to a Health Registration Authority (HRA) that is located on the Internet, or to an internal HRA server accessible using the infrastructure tunnel.

By using NAP, a non-compliant client computer that becomes infected with malware can still connect to all the specified management servers (for example, DNS, DC, HRA, and remediation servers) through the infrastructure tunnel, but it cannot connect to all other intranet resources. Access to the remediation servers is crucial to remediate the non-compliant state of the client.

The video installation tutorial and lab is available for viewing at http://youtu.be/yxNfo6KCSQY

By: Adnan Cartwright