Friday, January 30, 2009

Implementing a Windows 2008 R2 domain controller

Since I already have a home 2008 domain that has some production work in it, I opted to install a new forest and domain for beta code, so that if I did break anything or need to rip R2 beta out, it won't affect other services. Once this OS releases, I will definitely be migrating to it at home and will review the 2008 to 2008 R2 upgrade process some more.

Run Dcpromo from Start-Run and this ran for a short while, but that might be because I allocated hardly any RAM to this box :)

Advanced Mode… I like the sound of that!

And we get this glorious warning about security.

After reading up at, there is a workaround if you do experience any of the symptoms of this. So I will press on:

I went with a simple and easy to remember name, that I likely will never use again on this blog, unless I do additional 2008 R2 features on this domain.

This then checks DNS and Netbios for existing names that would conflict, then prompts you for the NETBios name (yes, still, with the netbios, but a fair amount of things still rely on it!)

Now, the Forest Functional Level (FFL)

I of course chose the R2!

Time to delve into the reviewers guide for what features are unlocked with the 2008 R2 Forest Functional Level, which contains everything 2008 did, plus the AD Recycle Bin, which when enabled provides the ability to restore objects without stopping AD and doing a Directory Restore.

For more on the AD Recycle bin, check out:

Of course, choosing the R2 Forest functional level means I would also be doing the 2008 R2 domain functional level. This includes all previous DFL features, plus Authentication Mechanism Assurance. You can read more about this feature here:

Once past the FFL screen, we are asked what other DC options to install with. Being the first DC in a new forest, I cannot choose much here. I do wonder why I would even be given the option to not install DNS.

I had set a static IPv4 address, but left IPv6 using dynamic addressing, so I got a warning:

I chose to ignore this for now, and chose YES.

Accepted the default storage locations, and then set my DSRM password:

I was *really* hoping that "advanced" let me choose a different site name than "Default-First-Site-Name" this time around. Oh well. I think if it was an option here, far fewer installations would be scared to change this.

A quick review of my settings, and we are OFF:

I really like the reboot checkbox, so I checked the box. This is really nice to have, especially if you were bringing up new DC's en masse for a larger existing domain and didn't want to have to keep checking on it.

Once rebooted, I see a new MSC, the "Active Directory Administrative Center"

My stars, this looks very different!

Oh wait, there's what looks more familiar..

Next post will cover USING the recycle bin!

No comments: