1 00:00:06,910 --> 00:00:14,060 Install an Active Directory Domain Services before you can promote the server to be a domain controller. 2 00:00:14,230 --> 00:00:22,330 Need to install the Active Directory Domain Services roll on the server install a roll or feature user 3 00:00:22,350 --> 00:00:25,760 the install does Windows feature command cloud. 4 00:00:25,780 --> 00:00:35,020 This common left replaces the at the windows feature command led which was used in Windows Server 2008 5 00:00:35,180 --> 00:00:45,370 R2 for capability at windows feature is an alias to install those windows feature like command to install 6 00:00:45,550 --> 00:00:56,260 a HDD including the management tools required is as follows You have to type install the windows feature 7 00:00:56,590 --> 00:01:03,760 their name HDD domain their services that include management tools. 8 00:01:03,880 --> 00:01:12,460 This installs HDD as on the server and includes both the graphical and Windows powerful tools that are 9 00:01:12,460 --> 00:01:19,410 used to manage and deploy active director for the purpose of this course. 10 00:01:19,420 --> 00:01:29,360 This includes two power shell modules Active Directory and HDD deployment some words about creating 11 00:01:29,360 --> 00:01:31,470 the forest or DC promo. 12 00:01:31,480 --> 00:01:39,600 Beginning with windows to solve and turn right up to Windows Server to 2012. 13 00:01:39,720 --> 00:01:46,160 The command line way to create a new domain controller was to use the GC promo command. 14 00:01:46,160 --> 00:01:56,420 But beginning with Windows Server 2012 GC promo has been replaced with the HDD deployment module. 15 00:01:56,420 --> 00:02:02,660 This module supports remote and so that you can promote a server to the controller. 16 00:02:02,660 --> 00:02:10,190 Create a new domain or even create a new forest without logging onto the server that is being promoted 17 00:02:10,790 --> 00:02:19,700 to view the command LEDs in this module you can use the following syntax get command this module HDD 18 00:02:19,760 --> 00:02:29,450 deployment and pipe it to a format table name and form a table by name so let's run this command to 19 00:02:29,480 --> 00:02:32,210 see the commands in this module. 20 00:02:32,210 --> 00:02:40,220 As you can see we have quite a few commands which are related to this module install a tedious domain 21 00:02:40,340 --> 00:02:41,930 and so on. 22 00:02:41,930 --> 00:02:46,010 Test ADT as the main control installation. 23 00:02:46,010 --> 00:02:54,430 As you can tell almost all the various promote demoed test possibilities are included in this module. 24 00:02:54,560 --> 00:02:59,160 The five test common LEDs need a bit of explanation. 25 00:02:59,210 --> 00:03:07,190 Each of these common LEDs allows you to actually test whether all prerequisites are met before you run 26 00:03:07,190 --> 00:03:10,820 the install or outcome and let in the same. 27 00:03:10,820 --> 00:03:19,670 Now this way you can fully test your environment before committing the install and add nouns actually 28 00:03:19,670 --> 00:03:28,440 perform this same test and will error out if any of them fail. 29 00:03:29,440 --> 00:03:33,550 Some words about update in Windows power shall help. 30 00:03:33,640 --> 00:03:39,580 Before you go any further it's good idea to update your post shell help files. 31 00:03:39,580 --> 00:03:46,720 Unfortunately there are only stop files man pages included with Windows power show. 32 00:03:46,780 --> 00:03:54,320 This allows windows to update their help files on a regular basis but it isn't terribly helpful if you 33 00:03:54,320 --> 00:03:57,320 are using an unfamiliar command. 34 00:03:57,460 --> 00:04:03,630 The only full help file included with Windows power Shell is left for the update. 35 00:04:03,640 --> 00:04:04,040 Help. 36 00:04:04,050 --> 00:04:05,090 Common blood. 37 00:04:05,200 --> 00:04:11,590 You need to be run in with administrative privileges to update the help files. 38 00:04:11,590 --> 00:04:19,720 You can update directly from Microsoft or update from a network share the basic command is the following 39 00:04:20,080 --> 00:04:21,640 update desk help. 40 00:04:22,060 --> 00:04:26,490 Yes it's just very simple like this. 41 00:04:26,650 --> 00:04:34,730 And if you want to update files from some local source you can run update this help. 42 00:04:34,810 --> 00:04:35,820 Then Dash. 43 00:04:35,860 --> 00:04:47,770 Source POS and to specify the POS where the update files are located but if it is just fresh environment 44 00:04:47,950 --> 00:04:50,090 you are following along with me. 45 00:04:50,170 --> 00:04:58,250 You don't have such a POS but it's a good idea to get in the habit of updating help files whenever you 46 00:04:58,340 --> 00:05:06,560 add new modules to us or if you have servers that don't have Internet access or if you just want to 47 00:05:06,560 --> 00:05:11,990 control your Internet bandwidth you can use this safe help. 48 00:05:11,990 --> 00:05:12,380 Come on. 49 00:05:12,380 --> 00:05:20,630 Glad to download and save the newest help files to network share the command to force an update to the 50 00:05:20,630 --> 00:05:26,620 car and help files and then save them to the to some network share like. 51 00:05:28,790 --> 00:05:30,540 Double backslash. 52 00:05:30,770 --> 00:05:40,310 As there we 1 help files back slash help files director so you can upload download to the files later 53 00:05:40,310 --> 00:05:42,520 on from this destination. 54 00:05:42,560 --> 00:05:48,080 So let's take a look at this example save this help Dash. 55 00:05:48,170 --> 00:06:00,760 Destination Perth and then specify the path to the files and then you can add force parameter before 56 00:06:00,760 --> 00:06:01,840 you start. 57 00:06:01,930 --> 00:06:09,690 You can test the creation process of your forest with the following command test. 58 00:06:09,810 --> 00:06:14,070 There's a tedious forest installation matter. 59 00:06:14,380 --> 00:06:19,530 Please remember that you have to import module HDD deployment first. 60 00:06:19,840 --> 00:06:28,870 So let's run again this command to make sure that it is imported and then we will test the creation 61 00:06:28,870 --> 00:06:29,690 process. 62 00:06:29,740 --> 00:06:30,640 So let's run. 63 00:06:30,670 --> 00:06:40,780 Import this module HDD deployment when it is done and we can run the following command test thus HDD 64 00:06:40,960 --> 00:06:43,370 forest installation. 65 00:06:43,510 --> 00:06:49,230 This domain name then we have to specify that the domain name in quotes. 66 00:06:49,240 --> 00:06:52,750 Let's type some domain name here. 67 00:06:52,750 --> 00:06:56,890 In my case it's the controller so dot com in quotes. 68 00:06:56,890 --> 00:07:05,070 Then the next parameter is this domain net buyers name and includes we again have to specify the name. 69 00:07:05,200 --> 00:07:16,870 I'll type comments also here in quotes then domain there's domain mode seeks a forest mode 6 and no 70 00:07:16,870 --> 00:07:27,860 DNS on network parameter and no reboot on completion parameter and if everything goes fine it will return 71 00:07:27,860 --> 00:07:29,170 two warnings. 72 00:07:29,210 --> 00:07:31,830 One is about the security settings. 73 00:07:32,000 --> 00:07:41,210 It warns about compatibility with some older versions of Windows and due to a change in the cryptography. 74 00:07:41,210 --> 00:07:48,830 This is normal and expected and it can be ignored unless you have computers or devices on your network 75 00:07:49,130 --> 00:07:55,440 that require surgeons that are compatible with Windows anti version 4. 76 00:07:55,490 --> 00:07:59,080 The second is a delegation warning for DNS. 77 00:07:59,090 --> 00:08:02,420 This is also expected in most cases. 78 00:08:02,420 --> 00:08:09,480 Neither warnings is sufficient to stop the installation to create problems problems. 79 00:08:09,510 --> 00:08:11,870 So you are ready to proceed 80 00:08:19,390 --> 00:08:20,300 at this point. 81 00:08:20,320 --> 00:08:27,040 You've configured your server added the necessary windows power show modules and the windows server 82 00:08:27,040 --> 00:08:34,210 rolls and tested your environment all as the ready to do the actual initial deployment of your first 83 00:08:34,210 --> 00:08:38,000 domain controller and route HDD forest. 84 00:08:38,230 --> 00:08:48,070 The actual command to install the new forest and domain is nearly identical to test thus HDD forest 85 00:08:48,070 --> 00:08:49,900 installation. 86 00:08:49,960 --> 00:08:56,830 The main difference is that this time you do want to reboot the server when the installation is finished 87 00:08:56,920 --> 00:09:01,710 and because you just run the tests you can skip them. 88 00:09:01,750 --> 00:09:11,080 So lets type the following command install dash HDD forest there the my name the name you want to use 89 00:09:11,080 --> 00:09:14,920 for your forest in my case it's control so dot com. 90 00:09:14,920 --> 00:09:24,790 Then there's the main net bias name parameter and the name you want to use in my case it's control and 91 00:09:25,360 --> 00:09:27,550 parameter domain mode. 92 00:09:27,560 --> 00:09:35,020 6 forest mode 6 and no DNS on network parameter. 93 00:09:35,020 --> 00:09:39,800 Skip regex parameter and force parameter. 94 00:09:39,860 --> 00:09:48,700 The other things added is this fourth parameter to suppress any confirmation prompts you'll still be 95 00:09:48,700 --> 00:09:54,190 prompted for the value of the directory service restore mode. 96 00:09:54,190 --> 00:09:57,220 Or D I S our Ram pass. 97 00:09:57,490 --> 00:10:06,800 You can avoid even that by using the dash safe mode administrator password parameter with a secure string. 98 00:10:07,000 --> 00:10:15,730 Well the equivalent to your password if you are automating a lot of forest or domain creation such as 99 00:10:15,820 --> 00:10:23,770 in lab environment or some others you can use this technique to keep this password parameter. 100 00:10:23,890 --> 00:10:31,110 But in this case we will we won't keep it and we will have to type in this password. 101 00:10:31,300 --> 00:10:35,860 But if you want to automate you could use the following command. 102 00:10:36,310 --> 00:10:45,610 You have to add variable for your password and to you it will be equal to convert to secure a 3 in the 103 00:10:45,610 --> 00:10:54,930 string and then specify the password you want to use and the parameter as plaintext and forest parameter. 104 00:10:55,090 --> 00:10:55,910 So you can. 105 00:10:56,020 --> 00:11:02,890 You could use this before creating your forest and then when you create your forest. 106 00:11:03,040 --> 00:11:14,090 Use the dash as safe mode administrative administrator password parameter now some words about functional 107 00:11:14,090 --> 00:11:20,520 levels which we've specified in this command we've specified two parameters. 108 00:11:20,570 --> 00:11:24,560 Domain mode 6 and forest mode 6. 109 00:11:24,590 --> 00:11:31,400 So here is the table of functional level of Windows operating systems. 110 00:11:31,400 --> 00:11:43,790 As you can see Windows Server 2012 are two has got the default numeric level of 6 the default forest 111 00:11:43,790 --> 00:11:50,900 functional level for Windows Server is typically the same as a Windows server version with the exception 112 00:11:50,900 --> 00:11:58,940 that the default for Windows Server two thousand eight are two is a forest functional level of Windows 113 00:11:58,940 --> 00:12:07,490 Server 2003 the domain functional level can never be less than the forest functional level but it can 114 00:12:07,490 --> 00:12:18,870 be higher if the domain mode isn't specified it is computed from the environment install HDD as forest 115 00:12:18,870 --> 00:12:26,520 has some additional options that might be useful in your environment and that allow you to tweak the 116 00:12:26,520 --> 00:12:36,540 initial configuration we have some parameters and I'll list them domain name it the fully qualified 117 00:12:36,570 --> 00:12:46,740 domain name of the new domain create DNS delegation attempts to create it in the DNS delegation to New 118 00:12:46,740 --> 00:12:55,980 DNS server database pass with this parameter we can specify the location to store the domain database 119 00:12:56,310 --> 00:13:06,150 must be a local fixed DESC DNS delegation credential parameter this parameter is for a credential object 120 00:13:06,150 --> 00:13:16,170 with permission to create the DNS delegation DNS mode parameter to the HDD domain functional level of 121 00:13:16,170 --> 00:13:18,330 the new domain domain. 122 00:13:18,330 --> 00:13:19,280 Net biased. 123 00:13:19,280 --> 00:13:23,080 Name the net biased name of the new domain. 124 00:13:23,190 --> 00:13:24,810 Forest mode. 125 00:13:24,810 --> 00:13:33,960 Functional forest functional level of the new forest for parameter suppresses confirmation prompts installed 126 00:13:33,960 --> 00:13:40,180 DNS install installs active directory integrated DNS server log. 127 00:13:40,180 --> 00:13:48,740 Pass this parameter to specify pass to the lock of then store no DNS on network. 128 00:13:48,870 --> 00:13:58,370 This specifies that there are no DNS servers present on the network no reboot on completion. 129 00:13:58,440 --> 00:14:06,830 This prevents the server from rebooting after the installation completes safe mode administrator password. 130 00:14:06,840 --> 00:14:17,100 This sets the DRM password and you don't have to specify it when installed this forest and you don't 131 00:14:17,100 --> 00:14:18,660 have to confirm it. 132 00:14:18,710 --> 00:14:21,870 Skip auto configure DNS parameter. 133 00:14:21,870 --> 00:14:29,460 This keeps automatic configuration of general surgeons skip breech checks doesn't check the environment 134 00:14:29,490 --> 00:14:37,650 to find out whether the installation will succeed and CIS will pass this parameter is to specify the 135 00:14:37,650 --> 00:14:46,040 fully qualified log local pass to the fixed disk where the CIS vol file will be written. 136 00:14:46,050 --> 00:14:55,530 So Hugh this we are the main parameters which you can use when install the new forest and knew the man 137 00:14:56,040 --> 00:14:57,320 in your environment.