As a future resource for myself and a resource for others, I thought it might be nice to write a blog post on this. There are a few tricks and features that I have discovered in my quest to create this domain. I hope you are able to benefit from them in some way.
The idea here is to create Windows server 2012 as the first domain controller and then add Windows 2008 R2 later. To start, there are a few things that you should keep in mind:
- DNS – When you install the domain forest for the first time, you have the option of creating that domain controller as a DNS server as well. This is the option I will be using as it is the most simple and integrates well.
- Functional Level – You ALWAYS want your functional level to be set the the OLDEST server you have as a domain controller (DC). More on that later but for right now, just make sure you keep in mind which server is your oldest.
- Computer Name – The computer name of domain controllers are, as far as I am aware, nearly impossible to change after it has been added to the domain. You should change this before walking through this if you so wish.
- Options – There are many ways to go through this process. This walk-through will allow you to get a gist as to how this can be done. Weather you start with 2008 R2 or 20012.
- Pro – I do not consider myself a pro at any level. In fact, I hope that if there are any improvements that can be made, I would expect and appreciate them to be placed in comments below. I believe it your duty (if you find errors) to report them in the comments as my intentions are to help as yours should be.
So, lets start:
Log in to Windows Server 2012 -> open the ‘Server Manager’ console -> click manage in upper right corner.
From the drop down menu, select ‘add roles and features’.
The wizard comes up and offers you a step by step instruction.
The first window will probably be ‘Before you begin’.
Click next and make sure you have select ‘Role-based or feature-based installation’.
Click next and ensure that your server is selected in the menu and click next again.
The next window should be ‘Select server roles’. Here is where you choose ‘Active Directory Domain Services’ and a dialog window pops up.
In the dialog box, it offers to include the important packages or features with the installation of AD. Choose ‘Add features’.
From here, you continue to press ‘Next’ until ‘Install’ is an option.
After installation, you should see something like this on your console:
If you chose to close this window before it finished installing (Optional), you might look for something more like this:
In the above window, the yellow ribbon contains a hyper-link to click which is to promote the current server to a DC.
You could also see this from the Management Console:
Clicking the link in that context menu brings you to this window:
From here, because this is our first server on the domain, you should choose ‘add a new forest’ and insert the domain name you wish to have.
After clicking next, you are presented with this screen:
This is extremely important, especially in our case. The functional level is important because in-between the different Windows Servers (AD DS) there are new features being integrated from year to year. The functional level basically states which features your domain will be using. While there may be ways to lower your functional level after setting it, it is never recommended because of the problems that can result. This is where you want to enter the level that matches that of your lowest server (in this case Server 2008 R2). You can move this up later on if you were to upgrade your server.
Put in the password of your choice and click next twice. After verifying your netBIOS name, click next (you should not have to edit this) click next three times. This is the next screen and it totally normal too!
From here, click ‘Install’ and wait for the installation to complete. The system reboots.
You will then need to sign back in after the system reboots. You should remember however, that this time, you will need to sign into the domain, not just the local machine. This means your login will be something like this:
After loggin in, you will notice that you are now on the domain and that your server is a domain controller!
Now to get the 2008 R2 to join it!
Log into 2008 R2. By this point, I would expect you can follow the above steps to install the Role of ‘Active Directory Domain Services’. Do so now and after reboot continue here:
Open ‘Server Manager’ and in the right pane choose ‘Roles’. From here you should see that there are some red ‘x’s that show errors:
If you click on the ‘Active Directory Domain Services’ in the ‘Roles Summary’ section you will be led to a page that has a yellow banner. In that yellow banner, there is a hyper-link that is for ‘dcpromo.exe’. click it and a wizard appears (not a witch-wizard, though it would make it easier).
This wizard will guide you through most everything simply. Press next twice and you will be presented with this screen:
Obviously you want to add to existing forest and add to an existing domain in this case. Select these and click next.
This screen presents you with two things you must do:
The first input field, you should insert the full name of the domain that you wish to add the DC to. From here, click ‘Set’ and add your username and password for the domain (not the computer). Then click next.
If you are like me, you prob. got this error. This is because you must have server 2 pointing to the server 1 as its primary DNS. Otherwise, there is no way for the name to go through address resolution. The world wide web does not know about your domain (neither should it for security reasons). Therefore you point server 2 to the server 1 as its DNS and off it goes!. (assuming your username, password, and domain name were typed correctly).
This should be what you see. You then click next a few times (assuming you just want the basic domain controller) until you see this:
Here you can choose if you want a read-only domain controller. If you want to know more about this, here is the link to Microsoft’s site. For the rest of this, you click next until you reach the password for the domain. Enter the password and then
PS. if you get an error after clicking next on the last screen shot, it should be OK to just pass it. If you have problems later, you can still install a DNS role to the server if it does not do what it needs to. I felt confident with this answer considering it worked for me and there is at least one other person out there who says likewise 🙂
Hope all went well for you and as I said before, I would expect that you contribute to this if you see a kind of error or see a way to help make this more clear. Thanks and enjoy!