In preparation for a vSphere 6.5 installation, one thing you need is working DNS and Active Directory and for that reason I will show you how to build an Active Directory and DNS Server on Windows 2016.

For the purposes of this post, we will be building the host as a Virtual Machine and it will be a single node Active Directory setup.  As, I only have a single ESXi hosts, it does not make much sense to build two Active Directory Nodes at this time.   We will start with our standard blank Windows Server 2016 Install.

Snip20170407_2.png

I have purposely over provisioned this Virtual Machine, so that once vRealize Operations Manager installed and running for a time, I can show you how to properly size Virtual Machines using that tool.

Once you have the Base Windows Install configured, we need to set a couple settings.  First of all, make sure you have a static IP address set for your domain controller.  Secondly, you want to have the DNS Server set to resolve itself, as this host will become a domain controller.

We now want to install the following Roles

  1.  DNS Server
  2.  Active Directory Domain Services

I will also be installing Active Directory Certificate Services and Active Directory Federation Services to be able to generate my own certificates and to work with Single Sign One.

Snip20170408_4.png

We then step through the installer and let all the components install.  The defaults are kept for the installer.  Once it finishes, we will be asked to setup a Domain Name among other items.  You will be warned that you don’t have a static IP setup even if you have already done so.  It is safe to ignore that message.

Once all that is complete, you will need to do the Post Deployment Configuration.

Snip20170408_5.png

I will only focus on the Domain Controller promotion steps.

 

Before we start that we need to configure our DNS server.  Launch DNS Manager and right click on Forward Lookup Zones and create a new zone to create our Primary Zone.Snip20170408_8.png

Then we name our zone.

Snip20170408_9.png

Then we name and save our Zone File.

Snip20170408_10.png

Then we set dynamic updates.  For now I do not wish to do so.  We change this at a later date if we need to.

Snip20170408_11.png

We also need to create the reverse lookup as well, and we follow similar steps the forward zones.

Snip20170408_20.png

Snip20170408_21.png

Snip20170408_22.png

No we enter in our Network ID.  This is the first three Octets of our IPs.  You will need to do this for each VLAN you wish to have in DNS.  I currently only have one so this easy for me.

Snip20170408_23.png

As in the forward zones I am not allowing dynamic updates.  Once Active Directory is up I can edit these zones to allow from Domain Joined Hosts.

Now we start the Domain Setup.

For us since we are creating a new forest, we choose that setting and give it a name.

Snip20170408_6.png

We then set the Directory Services Restore Mode Password.  Make sure this is something you will remember.

Snip20170408_7.png

The next step will warn you about DNS Integration and be greyed out to integrate.  That is okay, we will fix this.

Next we select our NETBIOS Name.  This is the short name you enter when you join a server to the domain.  Snip20170408_12.png

Next we decided where to put our AD DS Database, log files, and SYSVOL.  I suggest you move this to a seperate drive and not the OS Drive.  So that case in the event that you lose the OS Drive, you can easily bring the Active Directory back up.  In our case we store the files on the E Drive.

Snip20170408_14.png

We can review our settings before we install.  What is great is that Windows Provides you the script to build this Active Directory Forest Again.  For example, if you have a DR scenario this script could be used to quickly bring up a new forest.

Ours is very simple as seen below

Snip20170408_16.png

So what if we stopped here, because say we had to reboot or another reason.  What would the script look like when executed?

Snip20170408_17.png

Once the password is entered for the Administrator, the Installer will do its thing.

Snip20170408_18.png

If all goes well you will be asked to restart the computer.  We do see a couple errors regarding kgas.local, but since we already created that resolution we should be fine.

Once everything is rebooted we should see a domain login

Snip20170408_19.png

Finally lets enable Dynamic Updates.   Launch DNS Manager and right click on your forward zone and click Properties.  Only the Properties Screen, change the dropdown under Dynamic Updates to say Secure only

Snip20170408_24.png

Repeat this step for all zones, and that’s it.  Your AD and DNS Server is up.  Verify that AD is working by querying the IP and Hostname of the server you’ve builtSnip20170408_25.png

If it returns a result you are all set!

Advertisement

Published by mdicecca112

Systems Engineer from the Greater Boston Area

Leave a comment

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: