Share this post!

If you haven’t evaluated Windows 2008 Server Core, now’s the time!  Server Core is the ultimate choice for infrastructure services that are role based, utilizing any of the following: Active Directory (Including LDS and Certificate Services), DNS, DHCP, File Services (Including Distributed File System Replication), Hyper-V (Although I would utilize the Hyper-V installer), Print Services, Streaming Media Services and IIS. One of the benefits of Server Core is security by default. Server Core was designed to be a stripped down role-based Operating System with a dramatically minimized security footprint. In addition, Server Core reduces maintenance, management, and storage footprint, ultimately leading to greater uptime. A fundamental concept for Server Core functionality is Remote Administration, since there is minimal access through the server console.

Once Server Core is installed, users logging into the console will receive a Command Prompt instead of the Explorer.exe shell:

For an out-of-box installation start by configuring the IP address & DNS using netsh, set the computer name using netdom, and set the Administrator password using net user (* will prompt for password and confirmation):

netsh interface ipv4 set address name=”Local Area Connection” source=static address=10.10.0.7 mask=255.255.255.0 gateway=10.10.0.1

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=10.10.0.6 index=1

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=10.10.0.7 index=2

netdom renamecomputer %computername% /NewName:MYDC02 /Force

net user Administrator *

Reboot the server to apply the DNS name changes using:

shutdown -f -r -t 0

Login and confirm the IPv4 and computername configuration settings by using “ipconfig /all” and “hostname”.  To build a new domain use the attached MYDC01_Unattend.txt file at the bottom of the post.  Otherwise, to install the domain controller role while simultaneously joining an existing domain, create an unattend.txt file using:

notepad c:unattend.txt

Click Yes to create the file and drop in the following configuration:

[DCInstall]
; Replica DC promotion
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=MYDOMAIN.LOCAL
SiteName=Default-First-Site-Name
InstallDNS=Yes
ConfirmGc=Yes
CreateDNSDelegation=No
UserDomain=MYDOMAIN.LOCAL
UserName=mydomainadministrator
Password=MyDomainAdminS3cr3t
DatabasePath=”C:WindowsNTDS”
LogPath=”C:WindowsNTDS”
SYSVOLPath=”C:WindowsSYSVOL”
; Set SafeModeAdminPassword to the correct value prior to using the unattend file
SafeModeAdminPassword=MyS3cr3t
; Run-time flags (optional)
; CriticalReplicationOnly=Yes
; RebootOnCompletion=Yes

Close notepad, saving the C:unattend.txt file.  Execute the following to install Active Directory domain services and DNS as provided in the unattend file:

dcpromo.exe /unattend:c:unattend.txt

Once the initial AD replication pass has completed, the server will reboot to finalize the domain controller installation process. Login and transfer any desired fsmo roles using ntdsutil:

ntdsutil
roles
connections
connect to server mydc02
q
transfer pdc
transfer rid master
transfer infrastructure master
q
q

Installing and Configuring DHCP Services:

Install the DHCP role using ocsetup. Set the service type to automatic. Start the DHCP service. Authorize the DHCP server in Active Directory. Add a scope using netsh. Add a lease range. Add the default gateway by setting optionvalue 3. Add the DNS servers by setting optionvalue 6.

start /w ocsetup DHCPServerCore
sc config dhcpserver start= auto
net start dhcpserver
netsh dhcp add server MYDC02.MYDOMAIN.LOCAL 10.10.0.7
netsh dhcp server \mydc02 add scope 10.10.0.0 255.255.255.0 SCOPENAME
netsh dhcp server \mydc02 scope 10.10.0.0 add iprange 10.10.0.150 10.10.0.199
netsh dhcp Server \mydc02 Scope 10.10.0.0 set optionvalue 3 IPADDRESS “10.10.0.1
netsh dhcp Server \mydc02 Scope 10.10.0.0 set optionvalue 6 IPADDRESS “10.10.0.6” “10.10.0.7

Installing Printing Services:

Although there are numerous utilities for adding and sharing printers to Server Core, my preference is to install the role and utilize the printer management console to remotely administer the print server. Printer Management is an MMC snap-in that’s available by installing the print server role on a member server or by utilizing RSAT (Remote Server Administration Tools). Two commands are necessary to install the print services role:

start /w ocsetup Printing-ServerCore-Role
netsh firewall set service fileandprint enable

Installing Windows Server Backup:

Similarly, Windows Server Backup can be administered remotely to add backup volumes, schedules or perform restores. Two commands are also necessary to install the Windows Server Backup feature:

start /w ocsetup WindowsServerBackup
netsh firewall set service remoteadmin enable

Installing Distributed File System Replication:

DFS-R can be administered remotely to create a namespace, add root shares and configure replication. If the firewall rules have already been added for fileandprint above, simply run:

start /w ocsetup DFSR-Infrastructure-ServerEdition

Conclusion

There are several other combinations for role-based infrastructure services to install on Server Core. This article covers the roles that will be the greatest value to implement on a secured and stripped down platform: AD, DNS, DHCP, Printing, and DFS-R. Once all roles have been installed, utilize RSAT to remotely administer the role configuration. Feel free to use the following as a small-scale proof of concept deployment scenario for evaluating Server Core functionality:

Either 2008 or 2008 R2 can be utilized to evaluate Server Core.  The OCSetup syntax varies slightly for 2008 R2 installations, so reference online support documents for the R2 specific syntax.

Attached: example unattend file to build a new forest and domain: MYDC01_Unattend
Attached: example unattend file to join an existing domain: MYDC02_Unattend

Thanks for reading!

Share this post!