Friday, August 8, 2008

Windows Server 2008 as a branch office server

Windows Server 2008 as a branch office server: Source of this Artical

Well, with Windows Server 2008 actually being released today I thought I’d put down in writing how I configured a server for one of our branch offices here. I decided that for a small office we’d need DHCP, DNS and a domain controller. However, this being a branch office with no IT function within it, this gave me the perfect opportunity to play with the Windows Server 2008 Read-Only Domain Controller (RODC) role within a Windows Server 2008 Core installation.
First of all, two things to note. Firstly, you must have a Windows 2008 Domain Controller within your environment. Secondly, if you have the Exchange 2003 tools installed on your DC (as we did!) these will no longer work with Windows 2008 - Exchange 2003 isn’t (and will never be) supported. However, Exchange 2007 SP1 is fully supported.

So first of all we need to get Windows 2008 in our current environment. This was really straightforward. Stick the Windows 2008 DVD in your current DC, browse to the Sources\Adprep folder and run:
adprep /forestprepadprep /domainprepadprep /rodc

After preparing your domain for Windows Server 2008, you can then either install a new domain controller or upgrade one of your current DCs. I chose to upgrade one of my DCs because I wanted to check out how well the upgrade process works (and because I’m a bit lazy too). It went without a hitch, apart from the aforementioned problem with the Exchange 2003 System Manager application. To be fair though this was totally my fault thanks to not reading the supported list of applications or even realising that it was installed on this server.
Another caveat to upgrading from Windows 2003 to 2008 is the Windows PowerShell. Windows 2008 will not upgrade a server with this installed; however it isn’t immediately clear how to remove this. PowerShell is actually listed as a Windows Update - so in Control Panel, Add/Remove Programs dialog box you will need to check the box at the top that says “Show Updates” and it’ll be displayed as a Windows Update towards the end of the list.
Anyway, there you go - you now have a Windows 2008 Domain Controller and you can start installing your Read-Only DC for your branch office. Again, the Windows 2008 installation is pretty straightforward - once you’ve done this, you’ll be presented with a nice command prompt when you log on. I’ve used this Technet page to help me through configuring my server.

So first off, you’ll probably want to set a new hostname.

This is pretty simple:
netdom RenameComputer %hostname% /NewName:%newname%
Next up, let’s get our DHCP server installed:
start /w ocsetup DHCPServerCore
The ‘/w’ command tells your command prompt to wait for the operation to finish. It’s not necessary, but I quite like to know when my installation has finished. Next, it’s important to realise that the DHCP service isn’t set to start automatically by default - so let’s change that:

sc config dhcpserver start= auto
Next up, we’ll need some kind of DNS service too:
start /w ocsetup DNS-Server-Core-Role
And finally, we’ll kick off the Domain Controller installation:
dcpromo /unattend:c:\unattend.txt

Now, notice that you need to provide an unattend.txt for the DCPROMO application. This is because Windows Core doesn’t have the DCPROMO GUI. Here’s what I used for my unattend.txt:
[DCInstall]AutoConfigDNS=YesConfirmGC=YesCriticalReplicationOnly=NoDisableCancelForDnsInstall=NoRebootOnCompletion=YesReplicaDomainInDNSName=your domain hereReplicaOrNewDomain=ReadOnlyReplicaReplicationSourceDC=your dc hereSafeModeAdminPassword=pick a restore mode passwordSiteName=site to install inUserName=user who has priveleges to add DCs to the domainUserDomain=user’s domainPassword=user’s password
Hopefully this will work as smoothly for you as it did for me. Finally, you’ll probably want to change the IP address settings on this machine ready for shipping to your branch office. You’ll firstly need to get a list of your interfaces:
netsh interface ipv4 show interfaces
Grab the IDx number of the card you want to configure, then whack in the following command:
netsh interface ipv4 set address name="%ID%" source=static address=%StaticIP% mask=%SubnetMask% gateway=%DefaultGateway%
Finally, you’ll need to add some DNS servers too:
netsh interface ipv4 add dnsserver name="%ID%" address=%DNSIP%index=1
Well, this is all I did to get a branch office up and running. However, for my next branch office I am probably going to look at enabling Hyper-V too and installing a Windows Server 2003 member server to run ISA Server 2006 in order to provide caching and internet access filtering. However, with this server being at a remote location and Hyper-V still in beta I didn’t feel this a prudent move right now.

No comments: