Install and Configure RODC [Read Only Domain Controller] on Windows Server 2016

line5

Keep in mind that

  • You need at least one writable domain controller to Install a Read Only Domain Controller

TUTORIAL

Firstly install the windows server 2016

https://techencyclopedia.wordpress.com/2016/08/24/install-windows-server-2016-step-by-step/

Log in

2016 BB secondary-2017-09-02-14-31-28

Configure Network Card (provide a static IP address and DNS)

2016 BB secondary-2017-09-02-14-31-20

Add roles and features

2016 BB secondary-2017-09-02-14-46-50

Click Next to continue

2016 BB secondary-2017-09-02-14-47-04

select role based installation type (by default this option is selected)

2016 BB secondary-2017-09-02-14-47-09

Select the Server

2016 BB secondary-2017-09-02-14-49-09

Select Active Directory Domain Service Services Role

2016 BB secondary-2017-09-02-14-49-24

Keep the default features

2016 BB secondary-2017-09-02-14-49-30

Click Next

2016 BB secondary-2017-09-02-14-49-34

Click Install

2016 BB secondary-2017-09-02-14-49-41

Click Close after installation

2016 BB secondary-2017-09-02-15-39-28

Promote the server to a domain controller

2016 BB secondary-2017-09-02-15-39-38

Provide the domain name and user credentials for deployment operations

2016 BB secondary-2017-09-02-19-09-39

2016 BB secondary-2017-09-02-19-09-28

Provide DSRM password and select Read Only Domain Controller (RODC)

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.

2016 BB secondary-2017-09-02-19-11-51

Keep the RODC options as it is

2016 BB secondary-2017-09-02-19-13-12

 

Keep the locations for AD DS database, log files and SYSVOL as it is

2016 BB secondary-2017-09-02-19-15-01

Review options before installation starts

2016 BB secondary-2017-09-02-19-15-16

Install Active Directory Domain Services

2016 BB secondary-2017-09-02-19-15-47

2016 BB secondary-2017-09-02-19-19-05

After Active Directory Domain Services installation restart the server

2016 BB secondary-2017-09-02-19-23-59

Check Installed Read-only Domain controller

2016 BB secondary-2017-09-02-22-55-33

Make sure to Connect to the RODC

2016 BB secondary-2017-09-02-23-10-36

 

Configure the Administrators role

Type dsmgmt in the run

2016 BB secondary-2017-09-02-23-36-20

Type

local roles
add <DOMAIN>\<user> Administrators

2016 BB secondary-2017-09-02-23-36-09

Log in as other user

2016 BB secondary-2017-09-02-23-37-27

2016 BB secondary-2017-09-02-23-37-37

 

To Configure RODC password policies go to RODC properties

2016 BB secondary-2017-09-02-23-48-42

  • Configure password caching allowed and denied groups as per the requirement
  • Click on Advanced to display a list of users for which the passwords have been cached.

2016 BB secondary-2017-09-02-23-48-48

Advertisements

How to Install Additional Domain Controller in Windows Server 2016

line5

INTRODUCTION

An Additional Domain Controller is required for services redundancy and for domain authentication improvement in remote Site. Additional Domain Controllers avoid business discontinuity in case of server failure for the primary Domain Controller. Multiple domain controllers can also improve performance by making it easier for clients to connect to a domain controller when logging on to the network. -technet.microsoft.com

Keep in mind

  • We need a Primary domain controller for this tutorial (192.168.1.10)
  • DNS server (In this case DNS is installed along with AD – 192.168.1.10 )

TUTORIAL

Log in to the installed server 2016

2016 BB secondary-2017-09-01-22-46-41

Configure network properties (Provide the DNS server’s address)

2016 BB secondary-2017-09-01-22-52-33

Click Add roles and services

2016 BB secondary-2017-09-01-23-31-25

2016 BB secondary-2017-09-01-23-32-07

Role based installation type is selected

2016 BB secondary-2017-09-01-23-32-34

Install Active Directory Domain Service role

2016 BB secondary-2017-09-01-23-45-38

Default features are installed

2016 BB secondary-2017-09-01-23-45-53

Next

2016 BB secondary-2017-09-01-23-46-12

Install

2016 BB secondary-2017-09-01-23-46-52

After the Installation click Close

2016 BB secondary-2017-09-02-00-09-23

Click Promote the server to a domain controller

2016 BB secondary-2017-09-02-00-09-35

Provide the domain name and user credentials for deployment operations

2016 BB secondary-2017-09-02-00-34-47

2016 BB secondary-2017-09-02-00-34-40

Provide DSRM password

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.

2016 BB secondary-2017-09-02-00-35-43

keep the default

2016 BB secondary-2017-09-02-00-35-48

Provide the replication server (In this case primary server SER16.teche.lk)

2016 BB secondary-2017-09-02-00-35-57

Keep the locations for AD DS database, log files and SYSVOL as it is

2016 BB secondary-2017-09-02-00-36-07

Review options

2016 BB secondary-2017-09-02-00-36-11

Install Active Directory Domain Services

2016 BB secondary-2017-09-02-00-37-01

Log in after restarting the server

2016 BB secondary-2017-09-02-00-48-14

Installed primary and additional Domain controllers will be visible at Active Directory Users and Computers

2016 BB secondary-2017-09-02-03-51-07

How to Install Active Directory in Windows Server 2016

line5

INTRODUCTION

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network. -Wiki

In this scenario

  • Static IP address should be given (192.168.1.10)
  • DNS is also installed along with AD DS

TUTORIAL

Firstly, you have to install Windows Server 2016.

https://techencyclopedia.wordpress.com/2016/08/24/install-windows-server-2016-step-by-step/

Log in

2016 BB secondary-2017-09-01-19-58-53

Open Server Manager

2016 BB secondary-2017-09-01-20-00-41

Add roles and Features

2016 BB secondary-2017-09-01-20-06-43

Click Next to continue

2016 BB secondary-2017-09-01-20-07-09

Select Installation type (in this scenario role based is used)

2016 BB secondary-2017-09-01-20-07-13

DNS and AD DS server roles are selected (if you want, DNS can be installed separately)

2016 BB secondary-2017-09-01-20-07-43 Watermark

Default Features were kept as it is

2016 BB secondary-2017-09-01-20-07-50

Next

2016 BB secondary-2017-09-01-20-07-55

Install

2016 BB secondary-2017-09-01-20-08-03

Installation progress

2016 AA AD primary-2017-09-01-19-33-29

Close to finish installation

2016 AA AD primary-2017-09-01-19-36-49

Promote the Server to a domain controller

2016 AA AD primary-2017-09-01-19-37-13

Add a New Forest and provide the root domain name

2016 AA AD primary-2017-09-01-19-37-35

Choose the Desired forest and domain functional level and provide the DSRM password (Do not tick RODC in DC capabilities)

2016 AA AD primary-2017-09-01-19-38-37

Keep the default

2016 AA AD primary-2017-09-01-19-38-42

Default NetBIOS domain name is kept

2016 AA AD primary-2017-09-01-19-39-00

keep the default database locations

2016 AA AD primary-2017-09-01-19-39-17 - Watermark

Review Options

2016 AA AD primary-2017-09-01-19-39-20

Install

2016 AA AD primary-2017-09-01-19-39-41

After installation, restart the system

2016 AA AD primary-2017-09-01-19-42-44

Login as the domain administrator

2016 AA AD primary-2017-09-01-19-58-00

Check installed AD DS

2016 AA AD primary-2017-09-01-20-05-50

Check installed DNS

2016 AA AD primary-2017-09-01-20-05-54

Windows Server Migration 2003 to 2016

MIGRATION 2003 TO 2016.jpg

Introduction..

This article will give you the guidance to perform server migration from Windows server 2003 to Windows Server 2016. To make things easier entire tutorial is divided into 5 steps.

  1. Prepare Server 2003 for Migration
  2. Install Active Directory and promote (Server 2016)
  3. Confirm Replication & DNS in Server 2003 and 2016
  4. Transfer FSMO roles to the new server (Server 2016)
  5. Uninstall Old DC (Server 2003)

01. Prepare Server 2003 for Migration

In the Server 2003, Raise domain and forest functional levels to Windows Server 2003

Server 2003 AD-2017-02-01-10-17-43.png
Raise Domain Functional Level
Server 2003 AD-2017-02-01-10-22-32.png
Raise Forest Functional Level

02. Install Active Directory and promote (Server 2016)

Configure appropriate network settings. (Keep in mind that after server migration DNS server will be changed)

Join Server 2016 to the existing domain

Server 2016 migration-2017-02-01-11-03-01.png

Install Active Directory

server-2016-migration-2017-02-01-11-27-50

server-2016-migration-2017-02-01-11-27-57

Select Active Directory Domain Services and DNS server

server-2016-migration-2017-02-01-11-28-37

server-2016-migration-2017-02-01-11-29-03

server-2016-migration-2017-02-01-11-29-08

server-2016-migration-2017-02-01-11-29-12

After Installation completes Select Promote This Server to a Domain Controller

server-2016-migration-2017-02-01-11-33-43

Keep the default Selection Add a domain controller to existing domain..

Server 2016 migration-2017-02-01-19-02-32.png

Type DSRM password

server-2016-migration-2017-02-01-19-07-21

server-2016-migration-2017-02-01-19-08-03

server-2016-migration-2017-02-01-19-08-09

server-2016-migration-2017-02-01-19-08-13

server-2016-migration-2017-02-01-19-08-17

Click Install and Wait for a bit until installation completes and restarts

server-2016-migration-2017-02-01-19-08-58

03. Confirm Replication & DNS in Server 2003 and 2016

Replicate using Active Directory Sites and Services

Server 2016 migration-2017-02-01-19-53-34.png
AD Sites and Services in Server 2016
replication-2003
AD Sites and Services in Server 2003

Check DNS

server-2016-migration-2017-02-02-09-07-36
Server 2016 DNS
server-2003-ad-2017-02-02-09-07-40
Server 2003 DNS

04. Transfer FSMO roles to the new server (Server 2016)

There are 5 FSMO roles which you have to Transfer From server 2003 to the new server 2016. You can do that either using powershell commands or GUI.

  • Schema master
  • Domain naming master
  • RID master
  • PDC emulator
  • Infrastructure master

Type Netdom Query FSMO powershell command in the new server 2016 to check the current FSMO roles and their owner

Server 2016 migration-2017-02-01-19-38-39.png

Transfer the RID master, PDC emulator and Infrastructure Master Roles

Server Manager > Tools > Active Directory Users and Computers

In the MMC right click on the domain name and select operations masters

Change all three of them

Server 2016 migration-2017-02-02-01-58-12.png

Transfer domain naming master role

Server Manager > Tools > Active Directory Domains and Trusts

In the MMC, right click on Active Directory Domains and Trusts > Operations Master…

Server 2016 migration-2017-02-02-02-06-15.png

Transfer schema master role

Type run command regsvr32 schmmgmt.dll and Press OK in the next window

Server 2016 migration-2017-02-02-02-12-07.png

Type run command mmc

File > Add/Remove Snap-in…

Server 2016 migration-2017-02-02-02-14-25.png

Add Active Directory Schema and Press OK

Server 2016 migration-2017-02-02-02-16-59.png

Right click Active Directory Schema and click Change Active Directory Domain Controller

Select New Server 2016 from the list and Press OK

server-2016-migration-2017-02-02-02-20-53

server-2016-migration-2017-02-02-02-21-20

Right click Active Directory Schema > Operation Master and Press Change

Server 2016 migration-2017-02-02-02-24-21.png

Confirm that all the 5 FSMO roles have been moved to the new 2016 DC using Netdom Query FSMO command

Server 2016 migration-2017-02-02-02-30-34.png

05. Uninstall Old DC (Server 2003)

Now it is time to get rid of the old DC.

Type DCPromo in the RUN

server-2003-ad-2017-02-02-09-41-21

Keep the default (do not tick Delete the domain because this server is the last domain controller in the domain)

server-2003-ad-2017-02-02-09-42-32

Type Password

server-2003-ad-2017-02-02-09-43-53

Click Next..

server-2003-ad-2017-02-02-09-43-57

server-2003-ad-2017-02-02-09-44-01

Click Finish to End the Removal process

server-2003-ad-2017-02-02-09-56-13

Restart the Server

server-2003-ad-2017-02-02-09-56-21

Notice that In the Server 2016, old Server is moved From Domain Controllers to Computers

Server 2016 migration-2017-02-02-10-06-37.png
Active Directory Users and Computers

Install Windows Server 2016 Step by Step

line5

windows server 2016.png

This tutorial will show You How to install windows Server 2016 step by step with screen shots.

First boot your drive with windows server 2016 setup files

server-2016-2016-12-03-19-54-48

Click install now to continue

server-2016-2016-12-03-19-54-55

Select the version you need to install

server-2016-2016-12-03-19-56-36

Accept the license terms

server-2016-2016-12-03-19-56-50

Click Custom: Install windows only (advanced)

server-2016-2016-12-03-19-57-05

Create and Select the partition

server-2016-2016-12-03-20-09-53

wait till installation finish

server-2016-2016-12-03-20-10-06

Type password for built in administrator account

server-2016-2016-12-03-20-34-14

Press Ctrl+Alt+Delete to Unlock

server-2016-2016-12-03-20-34-58

Login as Administrator

server-2016-2016-12-03-20-35-53

Microsoft Windows Server 2016 is installed and ready for configuration

server-2016-2016-12-03-20-41-16