Deploying Windows Server 2012 R2 Essentials in an Existing Active Directory Environment
[This post comes to us courtesy of Rituraj Choudhary from Global Business Support]
In this post we will discuss deploying Windows Server 2012 R2 Essentials in an existing Active Directory domain. Some key points to keep in mind in this scenario are:
- The Windows Server 2012 R2 Essentials once deployed, must be the domain controller at the root of the forest and domain, and must hold all the FSMO roles.
- Windows Server 2012 R2 Essentials can only be deployed into a single domain. Also, a read-only domain controller cannot exist in this domain.
- It can be installed in a pre-existing Active Directory domain only on the pretext that you are migrating to Windows Server 2012 R2 Essentials. Note that there is a grace period of 21 days for completing the entire migration from previous versions of Windows Server Essentials or Small Business Server editions.
Note: If you are planning to deploy a Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with Windows Server Essentials Experience role in an existing Active Directory environment, please follow our previous post.
Here are the steps we need to cover for this deployment:
- Plan migration for LOB Applications
- Complete the initial setup of Windows Server 2012 R2 Essentials
- Rename the computer
- Make it a Replica Domain Controller
- Transfer all the FSMO Roles to the new Windows Server 2012 R2 Essentials
- Configure Windows Server Essentials Experience role
- Make required changes to the DHCP Scope
- Demote and remove Active Directory Domain Services from the source server
- Set up Windows Server 2012 R2 Essentials features
Before beginning the deployment of Windows Server 2012 R2 Essentials in the existing domain, make sure you plan, rehome and reconfigure your Line of Business applications, so that they are available during and post migration, as per your business requirements.
The first step towards the deployment of the Windows Server 2012 R2 Essentials in an existing domain is to complete the initial setup. Once the installation is complete and the server reboots, log on with the local administrator account.
Important: When you log on to the server desktop, you will see Configure Windows Server Essentials wizard that gets triggered automatically. Click Cancel (1) to cancel this wizard at this time, and confirm the cancellation by clicking Yes (2) to the subsequent warning.
Make sure you are connected to the local network. To double-check, you may ping the internal domain name to verify that it resolves to the IP address of the source domain controller.
In most probability you would like to change the name of the server conventionally. Make sure to do that right now, if you intend to. The simplest way would be to open a PowerShell window as an administrator on the target Windows Server 2012 R2 Essentials and issue the following command:
Rename-Computer <new name>
* <new name> is the new name of the local computer in the above command.
Restart the computer for the changes to take effect. Please note that the Configure Windows Server Essentials wizard will show up again and you need to cancel it.
Confirm the new computer name by issuing command hostname on a PowerShell or a Command Prompt window.
The next step is to add this Windows Server 2012 R2 Essentials to the domain as a replica domain controller. To accomplish this, open Server Manager. On the Server Manager Dashboard, click Manage, and then click Add Roles and Features.
On the Add Roles and Features Wizard that shows up subsequently, proceed through by clicking Next on each of these pages: Before You Begin, Installation Type, and Server Selection with the default options selected. On the Server Roles page, click to select Active Directory Domain Services.
This action pops up a new dialog to add some features. Click Add Features to add the features that are required for Active Directory Domain Services. Click Next on Features and AD DS (Active Directory Domain Services) pages, and Install on the Confirmation page.
Once the installation is complete, click Close to close the wizard.
Back on the Server Manager, click the Notifications flag, and click Promote this server to a domain controller to promote the server to a domain controller.
This action should bring up the Active Directory Domain Services Configuration Wizard. On the Deployment Configuration page, select the option Add a domain controller to an existing domain, and then click Select… button next to the Domain field.
You need to enter the domain administrator credentials here, so that it picks up the domain name that exists in the local network.
Select the existing domain name here. Once you click OK, the Domain field should now populate with the FQDN of the domain name, e.g. contoso.local. Click Next.
On the Domain Controller Options page, leave the default options selected, and enter a Directory Services Restore Mode (DSRM) password. Keep it safe so you won't lose it. Now click Next.
Proceed on these pages with the default options selected: DNS Options, Additional Options, Paths, Preparation Options, and Review Options. On the Prerequisite Check page, after certain checks are validated, you will be presented with an option to install. Click Install to proceed.
Note: After you click Install, the server would automatically reboot at the end of the promotion operation.
We have put the GUI options on the blog post for better grasp and visibility by an end user. You may also choose this PowerShell Script over the GUI.
Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "contoso.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true ' * contoso.local is the domain name in this example' * The server will reboot automatically to complete the operation
After the reboot, you would be presented with the domain account to log in with since the server is joined to the domain at this point. After the logon, it will wind up the process of domain controller promotion. You can then verify the domain join and domain controller functionality on a PowerShell window as:
You would again see the Configure Windows Server Essentials wizard pop up. Let's minimize the wizard this time.
Let us now transfer the FSMO roles to the new server. Check the current FSMO role holder domain controller using the command:
netdom query fsmo
These FSMO roles should be with your source server currently.
Run the following commands on an elevated PowerShell window on Windows Server 2012 R2 Essentials to transfer all the FSMO roles on Windows Server 2012 R2 Essentials:
Move-ADDirectoryServerOperationMasterRole –Identity <Target-DC> 0,1,2,3,4
* <Target-DC> is the name of the new Windows Server 2012 R2 Essentials in the above command.
You can either say 'a' once or 'y' 5 times for each operation master roles transfer in the subsequent prompts.
That is pretty much it. You may again run the netdom query fsmo command to verify that they are now with the new Windows Server 2012 R2 Essentials.
Let us now restore the Configure Windows Server Essentials wizard from the Taskbar or Server Manager under Notifications, and click Configure on the Configure Windows Server Essentials page.
This should take a few minutes. Click Close on the Results page after the configuration is complete.
Change the scope options on the DHCP server on the existing domain to point to the new Windows Server 2012 R2 Essentials as the DNS server.
Follow up by demoting the source server. The shortest way to accomplish this is to run the command Uninstall-ADDSDomainController on an elevated PowerShell window on the source server.
Please note that this process reboots the server automatically to complete the operation. After the source server reboots, you may remove the Active Directory Domain Services role from the Server Manager on the source server.
You are now ready to use your new Windows Server 2012 R2 Essentials. You may now proceed to add client PCs using the connect wizard so that it shows up in the DEVICES tab of the Windows Server Essentials Dashboard, set up Remote Web Access etc. and other Essentials features as per your requirement.