Yes. I feel alive. I feel evangelistic. I feel energized.
I’m playing with my Server 2008 Core install and I’ve decided to myself, I would like to have a domain.
Now one of the key ideas for 2008 Core is to have it as a RODC (Read Only Domain Controller) in a branch office. Which is a fine and excellent idea.
But what if, just what if you’re a Small Business and you need a file server and have limited resources?
The beautiful part is you still have a file server running Core all by itself and a REAL secure active directory domain.
"WHY?!" you’re screaming at me. "WHY BOTHER?!"
One word. Security. Both job security and server security. Somebody logging into a Server 2008 core box will be baffled with the lack of Active Directory to play with.
If you’re a consultant managing a site for a client who is INSISTENT on the password and PLAYING with the password, this can be a benefit to you.
It’s REALLY REALLY hard for somebody to screw up a server they can’t really mess with. Keeps foreign consultants who don’t know their head from a hole in the ground from messing up the good structure you’ve put in place.
Yes, I know. You’re not supposed to share servers and server passwords. But the world is not perfect, nor are all client relationships.
So how do we do this beautiful piece of art?
So how many of us here run a DCPROMO with pure command line parameters (Ok you Enterprise guys, put your hands down! Stop that)
No matter. Microsoft has a wonderful reference article on this and all the fun parameters you can use with DCPROMO.
DCPROMO under Technet.COM
I’d like to save you that extra click, but the details run a few pages.
But in a nutshell you need to make a DC on a Server 2008 Core. And Microsoft automates this process beautifully.
So let’s pretend we’re going to make a domain called "MYDOMAIN" for the NetBios name in a DNS tree called "MYLITTLEWORLD.COM". We’ll stay away from the ".LOCAL" or ".COM". I need to keep as many friends as I can… 😉
The command line you need to run is
DCPROMO /ReplicaOrNewDomain:Domain /AutoConfigDNS:Yes /DomainNetBiosName:"MYDOMAIN" /NewDomainDNSName:"MYDOMAIN.MYLITTLEWORLD.COM" /SafeModeAdminPassword:Stup1dP@ssword! /NewDomain:Forest
Yes this is one looooooong line…:)
Again we are "ASSUMING" you have A) Credentials to do this, B) Are supposed to be doing this and C) are allowed to do this in the first place.
The end result is we have a stand alone Domain Controller with a DNS server installed. Nice bonus to this as well is when you configure your DHCP server, and you have this as your primary DNS (UHhhh yeah, you have to do that to get your computers to join the domain properly)
It also helps on surfing the internet I find as it caches my queries on the internet, so I’m only crossing the net for content. It’s a small thing but nice. Also helps when your ISP’s DNS server goes down and crashes.
But that would never happen. Would it?
Incidentally, your default password for Administrator is the same as whatever the original Core Server password was BEFORE you did all this.
Oh you’re NOT the Admin? You weren’t supposed to this? The admin left the console unlocked?!
Well I guess somebody’s getting fired today.
The Energized Tech
Dedication and Inspiration creating the new Generation