Deploying Windows Server 2012 and Windows Server 2012 R2 Domain Controllers
- By Mitch Tulloch
Active Directory Domain Services (AD DS) provides a distributed database and directory service that stores and manages information about the users, computers, groups, shares, printers, and other types of objects that comprise an organization’s IT infrastructure. With AD DS, you can create the following:
- A forest that acts as the security boundary for your organization
- One or more domains that define the scope of authority of administrators in your organization
- A hierarchical collection of organizational units (OUs) to simplify delegation of authority for managing directory objects
- Sites that map to the structure of your organization’s network
Domain controllers are servers that host AD DS within your infrastructure, and the process for deploying domain controllers has been enhanced in several ways beginning with Microsoft Windows Server 2012. The Active Directory Domain Services Configuration Wizard (dcpromo.exe) used in previous Windows Server versions has been replaced with a new Active Directory Domain Services Configuration Wizard that simplifies the task of deploying new domain controllers to help reduce the possibility of error. Windows PowerShell now provides a way of scripting all aspects of domain controller deployment, making it possible to automate the mass deployment of domain controllers in data center environments. Safeguards have also been introduced so that you can safely virtualize domain controllers, which simplifies deployment of private and public cloud solutions.
Windows Server 2012 R2 introduced several more enhancements to Active Directory, the most important of which is Workplace Join. Workplace Join enables information workers to join their personal devices to the Active Directory infrastructure of their company to access company resources and services from these devices. Workplace Join is enabled by means of a new Device Registration Service (DRS) included in the Active Directory Federation Role in Windows Server 2012 R2. Administrators can use Workplace Join to identify known devices with device authentication and can then provide these devices with conditional access to resources. The result for users is a more seamless Single Sign-On experience to company resources from trusted devices.
This chapter describes how to prepare for the deployment of Windows Server 2012 and Windows Server 2012 R2 domain controllers, how to deploy domain controllers using both Server Manager and Windows PowerShell, and how to take advantage of domain-controller virtualization.
Lessons in this chapter:
- Lesson 1: Preparing for deploying domain controllers
- Lesson 2: Deploying domain controllers using Server Manager
- Lesson 3: Deploying domain controllers using Windows PowerShell
Before you begin
To complete the practice exercises in this chapter
- You need at least two servers that have a clean install of Windows Server 2012 R2 and are configured as stand-alone servers in a workgroup. They can be either physical servers or virtual machines, and their TCP/IP settings should be configured to provide connectivity with the Internet.
- You might need additional servers to perform some of the optional exercises in the “Suggested practice exercises” section. You might also need access to installation media for earlier Windows Server versions for some of these exercises.
- You should be familiar with basic AD DS concepts such as forests, domains, organizational units (OUs), sites, domain controllers, schema, replication, and so on.
- It will be helpful if you also have at least rudimentary knowledge of using Windows PowerShell.