Initially configuration after booting up the Core Server?
After booting up the Windows 2022 Core Server, you can see a Server Configuration utility like below. This sconfig utility can help you to configure all essential settings on Server core without running lengthy command lines. Choose the options from 1 to 15 to configure the required settings.
You can configure the Computer Name, Network Settings, Date and time, Remote Desktop etc using this sconfig and prepare the server for Active Directory configurations. Make sure to assign a static IP address and add the same IP as the DNS server.
Install Active Directory Domain Services Role
Now we’ll install Active Directory Domain Services, and create the first Domain Controller for a new forest.
The following PowerShell command will install the Active Directory Domain Services binaries, but will not make the server a Domain Controller
- Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Create a new AD Forest ⛳
Once the ADDS Role and management tools have been installed, now the forest can be created and the server can become a Domain Controller:
- Import-Module ADDSDeployment
- Install-ADDSForest -DomainName "demo.local" -CreateDnsDelegation:$false -ForestMode "WinThreshold" -DomainMode "WinThreshold" -DomainNetbiosName "DEMO" -InstallDns:$true -DatabasePath "C:\Windows\NTDS" -LogPath "C:\Windows\NTDS" -SysvolPath "C:\Windows\SYSVOL" -NoRebootOnCompletion:$false -Force:$true
While executing the above script, it will ask for the DSRM Password. Ok. So the above Command line will help you to setup the first Core Domain Controller in the new Forest. If you want to set up a Core Domain Controller as an additional Domain Controller in the existing forest, please follow the below steps.
Adding a Core Domain Controller to an existing forest⛳
- Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "E:\Windows\NTDS" -DomainName "demo.local" -InstallDns:$true -LogPath "E:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Azure-EastUS" -SysvolPath "E:\Windows\SYSVOL" -Force:$true
After the initial configurations of the server, install the ADDS service and you can use the above script to add an additional core domain controller to an existing forest. The above script is modified for custom Sysvol, Log and Database paths. If you would like to go with the default, you can remove those parameters from the above script. After executing this script, a password prompt will appear. Provide the domain admin credential to promote the server to a Domain Controller.
Basic Health Checks ⛳
After promoting the server to a Domain Controller, the first thing to check is the AD Replication Summary. This is applicable only if there are more than one domain controller in a Forest.
- repadmin /replsummary
The second thing you can check is to list all Domain Controllers in the Domain. Below powershell command will list all Domain Controllers, Hostname, IP Address, OS and Site details
- Get-ADDomainController -filter * | select Hostname, IpV4Address, OperatingSystem, Site
or you can use below command to get all DC in a domain
- nltest /dclist:domainname
For checking the health of Domain Controllers you can use the below command. It will show the related errors and events associated with the Domain Controllers
- dcdiag /v
To check the health of the DFS-R replicated Sysvol folders, you can use the below command. It will work only in Command Prompt.
- For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo
- WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state