In preparation for a vSphere 6.5 installation, one thing you need is working DNS and Active Directory and for that reason I will show you how to build an Active Directory and DNS Server on Windows 2016.
For the purposes of this post, we will be building the host as a Virtual Machine and it will be a single node Active Directory setup. As, I only have a single ESXi hosts, it does not make much sense to build two Active Directory Nodes at this time. We will start with our standard blank Windows Server 2016 Install.
I have purposely over provisioned this Virtual Machine, so that once vRealize Operations Manager installed and running for a time, I can show you how to properly size Virtual Machines using that tool.
Once you have the Base Windows Install configured, we need to set a couple settings. First of all, make sure you have a static IP address set for your domain controller. Secondly, you want to have the DNS Server set to resolve itself, as this host will become a domain controller.
We now want to install the following Roles
- DNS Server
- Active Directory Domain Services
I will also be installing Active Directory Certificate Services and Active Directory Federation Services to be able to generate my own certificates and to work with Single Sign One.
We then step through the installer and let all the components install. The defaults are kept for the installer. Once it finishes, we will be asked to setup a Domain Name among other items. You will be warned that you don’t have a static IP setup even if you have already done so. It is safe to ignore that message.
Once all that is complete, you will need to do the Post Deployment Configuration.
I will only focus on the Domain Controller promotion steps.
Before we start that we need to configure our DNS server. Launch DNS Manager and right click on Forward Lookup Zones and create a new zone to create our Primary Zone.
Then we name our zone.
Then we name and save our Zone File.
Then we set dynamic updates. For now I do not wish to do so. We change this at a later date if we need to.
We also need to create the reverse lookup as well, and we follow similar steps the forward zones.
No we enter in our Network ID. This is the first three Octets of our IPs. You will need to do this for each VLAN you wish to have in DNS. I currently only have one so this easy for me.
As in the forward zones I am not allowing dynamic updates. Once Active Directory is up I can edit these zones to allow from Domain Joined Hosts.
Now we start the Domain Setup.
For us since we are creating a new forest, we choose that setting and give it a name.
We then set the Directory Services Restore Mode Password. Make sure this is something you will remember.
The next step will warn you about DNS Integration and be greyed out to integrate. That is okay, we will fix this.
Next we select our NETBIOS Name. This is the short name you enter when you join a server to the domain.
Next we decided where to put our AD DS Database, log files, and SYSVOL. I suggest you move this to a seperate drive and not the OS Drive. So that case in the event that you lose the OS Drive, you can easily bring the Active Directory back up. In our case we store the files on the E Drive.
We can review our settings before we install. What is great is that Windows Provides you the script to build this Active Directory Forest Again. For example, if you have a DR scenario this script could be used to quickly bring up a new forest.
Ours is very simple as seen below
So what if we stopped here, because say we had to reboot or another reason. What would the script look like when executed?
Once the password is entered for the Administrator, the Installer will do its thing.
If all goes well you will be asked to restart the computer. We do see a couple errors regarding kgas.local, but since we already created that resolution we should be fine.
Once everything is rebooted we should see a domain login
Finally lets enable Dynamic Updates. Launch DNS Manager and right click on your forward zone and click Properties. Only the Properties Screen, change the dropdown under Dynamic Updates to say Secure only
Repeat this step for all zones, and that’s it. Your AD and DNS Server is up. Verify that AD is working by querying the IP and Hostname of the server you’ve built
If it returns a result you are all set!