Monday, September 21, 2015

Install Windows 2012 RODC step by step

If you are looking for step by step instructions to develop plan to install Windows 2012 R2, this article might ease your task.

#Install Windows 2012 RODC

Preparing and Promoting Windows 2012 R2 Server to be Additional Domain Controller into Existing Windows 2008 R2 Forest/Domain

  1. Click start and click on PowerShell
  2. On the PowerShell window type hostname and press enter
  3. Make sure the server Name is in compliance with the serve name standard in your organization
  4. Rename the Server by using PowerShell
  5. Open PowerShell and type the following command

Rename-Computer -NewName ServerName

In the example below we renamed the server to RODC001 by typing

· Rename-Computer –NewName RODC001

· Press enter (Computer will require reboot for changes to take effect)

clip_image001[6]

  1. From PowerShell window type “ncpa.cpl” and configure static IP address for your domain controller

clip_image003[6]

  1. Reboot the server by typing on the PowerShell

· Shutdown –r –f –t 5 and press enter

clip_image004[6]

  1. After server reboots, use remote desktop software (RDP) to log back onto Server and provide administrator credentials.

#Join Server to Domain

Joining server to existing domain is a good practice before promoting it to be a domain controller. When a server joins to domain the host “A record” will be created within the authoritative DNS zone of your domain name space. This ensures your server is able to talk to valid domain controller and your credentials will be cached by the promotion wizard to make things but easier.

1. Click start and open PowerShell, on the PowerShell window type the following command to join the server to existing domain.

Add-Computer –Netstar.com -Restart

clip_image006[4]

2. Provide domain administrator credentials when prompted.

clip_image008[4]

3. Server has been added to Domain successfully. Reboot the server by typing following on the command line or PowerShell window.

Shutdown –r –f –t 5 and press enter

#Preparing Server to be RODC (Add futures and required roles)

1. Log into your domain (not on the local server)

clip_image010[4]

2. Click start open PowerShell and type hostname and press enter

Type Ipconfig /all and press enter

clip_image012

3. Now we have verified correct server name is being used and the static IP address is assigned to server with valid existing DNS server on the TCP IP properties

4. Type “ServerManager” on the PowerShell to Launch Server Manager

5. Click the Manage link at the top-right of the Server Manager console.

6. Select installation type screen, ensure Role-based or feature-based installation and Click “Next”

clip_image013

7. Role-based or feature-based installation is selected, and then click next.

clip_image015

8. Select destination server screen, pick a server and click next.

clip_image017

9. On the Select server roles screen, select Active Directory Domain Services, and then click ok on the add futures prompt window

10. Select DNS Server and click ok on the add futures prompt window

click Next and add “Group Policy Management” click next

clip_image019

11. Select Group Policy Management and click next

clip_image021

12. Click next

clip_image023

13. Click Next

clip_image025

14. Click Install

clip_image027

clip_image029

15. Wait for all the roles and features to be installed and click “close” when finished

clip_image031

16. When the installation completes, click Promote this server to a domain controller.

Promoting Server to be Read Only Domain Controller

After logging back onto server open server manager by typing “ServerManager” on the PowerShell console. Click yellow triangle to open Post-Deployment configuration wizard on top.

clip_image032

1. On the active directory Domain Services Configuration Wizard make sure the domain name and the correct domain administrator account is being used for the domain controller promotion

clip_image034

2. Click next when ready, on the next page we have an option to specify GC and RODC and we can place the new DC into proper AD Site. After providing DSRM password click Next

clip_image036

3. Leave all the default options and click next

clip_image038

4. Select install from media (IMF) options for sites which have slow replication and do the initial install from media (faster) and let the replication take care of the delta.

clip_image040

5. Choose the DC to replicate from

clip_image042

6. Choose the proper directory for. DIT Database, Log files and SYSVOL, we will leave it default

clip_image044

7. Click next in this window you can export the settings to PowerShell script to automate additional installation. If you are satisfied, click next once again

clip_image046

8. Wait for Prerequisites Check to complete and finally Click install to start the installation

clip_image048

Verifying Successful Domain Controller Promotion

1. Log back on to domain controller with proper domain administrator credentials.

2. Click start and open PowerShell, on the PowerShell type “dssite.msc” and press enter

clip_image050

3. Verify the newly promoted server is showing up under proper Active Directory site and replication connection has been created by KCC.

Type “net share” and press enter to verify the SYSVOL is showing up clip_image051

4. Type DCdiag and investigate the output if any issues found.

clip_image053

You can download the word version of this article from following link;

http://1drv.ms/1MFKmEt

Oz Casey, Dedeal  ( MVP North America)

MCITP (EMA), MCITP (SA)

Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)

http://telnet25.wordpress.com/ (Blog)

https://twitter.com/Message_Talk (Twitter)

Friday, September 18, 2015

Schema Updates Windows 2012 R2

Schema updates are important task and it is necessary for applications Operations systems etc. Active directory Schema updates can be done ahead of time or it can be done with installation of first operating system or the application ( most of the time )

In cases where schema updates needs to be done separate ahead of time , you would need to build step by step upgrading schema implementation plan. After extending schema you would need to make sure , existing applications would continue to work.

Testing Active Directory Schema updates can be trick task as schema updates are “One Way”  meaning the schema updates needs to get done on your domain controller holds the schema master FSMO role from there it gets replicated to all other domain controllers within the Active directory forest environment. Time to time Active directory engineers will recommend stopping inbound and outbound AD replication on the Schema Master Role holder DC and believing this would prevent schema changes getting replicated to rest of the domain controllers within the environment. Which in reality buys you “Nothing or very little” . When you realize your critical legacy application is no longer functioning due to recent schema updates, your only option is to perform Forest Level recovery and this will be a “surgery” in term of getting everything up and running and especially  large environments. The domain controllers you shutdown will only buy you  recovery time “recover from your backup , active directory database” and you will still have to deal with having old .DIT , SysVOL etc. to replicate rest of the domain controllers and deal with FSMO roles.

If you are not familiar with process check out my previous article “ Active Directory From Total Lost Disaster Recovery Basic Steps.” and make sure you have developed restoring Active Directory from total lost white paper for your environment.

in order to perform AD recovery You need to understand the BurFlag keys and what they do and how to  Perform an authoritative  SYSVOL restore Set BurFlags to D4 or none authoritative restore D2 and understand the crucial difference in between. 

Extending Schema

We will extend the schema from windows 2008 R2 to windows 2012 R2. We will document steps and verify the schema version change.

  1. Log onto your existing windows 2008 R2 Server via RDP ( Remote Desktop Services) with your domain administrator privileges and provide your credentials when prompted.
  2. In order to extend the schema you will need to be member of Schema Admins security group.
  3. After successful logon , click start and on the search menu type PowerShell and press enter.
  4. On the PowerShell window type
Import-Module ActiveDirectory

image

On the PowerShell window type the following one liner PowerShell to find out the current schema version

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Properties objectversion

image

let’s explore the schema version numbers

Schema versions :

  • 69 = Widows 2012 R2
  • 56 = Windows 2012
  • 47 = windows Server 2008 R2
  • 44 = Windows Server 2008

You will need adprep folder to perform the schema updates."adprep" folder is located within windows 2012 R2 install CD , under support folder, copy "adprep" folder onto C drive of the domain controller ( windows 2008 R2)

clip_image001

From C:\Temp\adprep folder we will start executing adarep to perform schema updates.

Adprep /? Will show all available options;

clip_image002

Type

Adprep /ForestPrep and press enter , you will need to type letter "C" to confirm and start the schema upgrade.

Adprep /ForestPrep

clip_image003

Schema changes will get done on the schema master first and from there it will get replicated to your other domain controllers. You can use "netdom" to find out the domain controller holds the schema master role and remember there is only one schema master per active directory forest.

clip_image004

clip_image005

Now run the Domain Prep

clip_image006

Now we need to run the PowerShell to get the Schema object version  69 = Widows 2012 R2

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog

 

Sunday, August 9, 2015

Move Ad Computer Accounts from csv File into Target OU.

In this example we will move selected computer accounts from csv file into target OU. You will need to prepare csv file similar the one below and name the first column “CN”  and save it to server where you will be running the script from.This script will be very handy if you need to move computers from different locations into selected target OU.

You will need to change few things within the script to make it work within your environment.

$TargetOU = 'OU=Computers,OU=VA,DC=TekPros,DC=com'  (Change this to make sure it suits your needs)

 

image

Here is the script

#################################################################
# This script will help to move bulk ad computer accounts into target OU
# Written 08/08/15 Casey, Dedeal
# Fell free to change use any part of this script
#
http://www.smtp25.blogspot.com/
#################################################################

#Importing AD Module
Write-Host " Importing AD Module..... "
import-module ActiveDirectory
Write-Host " Importing Move List..... "
# Reading list of computers from csv and loading into variable
$MoveList = Import-Csv -Path "C:\Temp\PC_Move_List.csv"
# defining Target Path
$TargetOU = 'OU=Computers,OU=VA,DC=TekPros,DC=com'
$countPC    = ($movelist).count
Write-Host " Starting import computers ..."

foreach ($Computer in $MoveList){   
    Write-Host " Moving Computer Accounts..."
    Get-ADComputer $Computer.CN | Move-ADObject -TargetPath $TargetOU
}

Write-Host " Completed Move List "

Write-Host " $countPC  Computers has been moved "

You can download the script from this link

https://gallery.technet.microsoft.com/scriptcenter/Move-AD-Computer-Object-4ed2c5f8

http://1drv.ms/1L07yMU

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

http://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

Active Directory Moving Users to Another OU via CSV File.

In this task we will move AD users location from their current OU into different OU.

  • we will need to prepare CSV file contains all AD users ( names ) you wish to move into another OU ( Organizational Unit ) see the sample below. Name the first column as “name” and list all the account underneath.
  • Save this into a location on your server where you will be running the PS script from, for instance  C:\temp\Acc_MoveList.csv

image

image

This is the location where we will move all the accounts into

image

# Import AD Module
import-module ActiveDirectory

# Import CSV
$MoveList = Import-Csv -Path "C:\Temp\Acc_MoveList.csv"
# Specify target OU.This is where users will be moved.
$TargetOU =  "OU=SVC_Users,OU=VA,DC=TekPros,DC=com"
# Import the data from CSV file and assign it to variable
$Imported_csv = Import-Csv -Path "C:\temp\Acc_MoveList.csv"

$Imported_csv | ForEach-Object {
     # Retrieve DN of User.
     $UserDN  = (Get-ADUser -Identity $_.Name).distinguishedName
     Write-Host " Moving Accounts ..... "
     # Move user to target OU.
     Move-ADObject  -Identity $UserDN  -TargetPath $TargetOU
}
Write-Host " Completed move "
$total = ($MoveList).count
$total
Write-Host "Accounts have been moved succesfully..."

Few things you will need to change to run the PS,

  • $TargetOU =  "OU=SVC_Users,OU=VA,DC=TekPros,DC=com" ( you will need to change this to make sure it fits into your environment
  • $MoveList = Import-Csv -Path "C:\Temp\Acc_MoveList.csv" (you will need to change this to make sure it fits into your environment)

Once you make the changes you should be able to move the users listed on your CSV file with no issues.

image

Download the script and sample CSV from here

http://1drv.ms/1IXThhx

you can also download the script from  here

https://gallery.technet.microsoft.com/scriptcenter/Move-AD-users-into-target-4322d774

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

http://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

Friday, July 24, 2015

Installing Exchange 2016 on Windows 2012 R2 Server

 

We will install Exchange 2016 on Windows 2012 R2 in a single labeled Forest/domain. Installing Exchange 2016 is very similar task compared  to Exchange 2013.  Follow the  basic steps outlined here to install your first Exchange 2016 server.

Make sure you have completed the prerequisite work outlined here after completing the prerequisite task, you can execute setup from install directory to run setup and start the install.

 

image

Follow the install wizard, it is pretty straight forward install.

clip_image001

clip_image002

clip_image003

clip_image004

clip_image005

clip_image006

clip_image007

clip_image008

clip_image009

clip_image010

image

Now we will open  EAC ( Exchange Admin Center ) and the Exchange PowerShell

image

image

you many want to PIN the exchange related shortcuts to start menu for easy access

 

image

here is  EAC and EMS

image

if you release the look is for the EAC is same as Exchange 2013.

image

I will rename the database to db1

 

image

image

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

http://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk