Thursday, October 20, 2016

Windows Server 2016–Active Directory–Part1

  1. Part1 - Windows Server 2016 – Active Directory
  2. Part 2 - Windows Server 2016 – Active Directory – Temporary Group Memberships
As you know, the latest version of Windows Server - Windows Sever 2016 - is currently available. It is available in Azure as well as I mentioned here.  You can read “what is new with Windows Server 2016” in this Microsoft article here.   In general, Windows Server 2016 provides:
  • Added layers of security - Enhance security and reduce risk with multiple layers of built-in protection.
  • New deployment options - Increase availability and reduce resource usage with the lightweight Nano Server.
  • Built-in containers - Develop and manage with agility thanks to Windows Server and Hyper-V containers.
  • Cost-efficient storage - Build highly available, scalable software-defined storage and reduce costs.
  • Innovative networking - Software-defined networking to automate with cloud-like efficiency.
I am not going to the details of Windows Server 2016 or it’s capabilities here. You can read all that information in the above mentioned URL. My plan is to start a new blog series on Windows Server 2016 and Active Directory functionalities.  To begin this, I will add a new Widows Sever 2016 to my existing Active Directory 2012 domain and promote the Widows Sever 2016 as an additional domain controller. The Domain Promotion process is very similar to the previous versions of windows.
There is an upgrade to Active Directory Schema. Shema can be upgraded during the domain promotion process. The new Schema or ObjectVersionNumber is 87. Some addition information is included here in my TechNet wiki article. You can verify this by using ADSI Edit or DSQuery or PowerShell commands.
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
clip_image002
dsquery * CN=Schema,CN=Configuration,DC=labanddemo,DC=com -scope base -attr objectVersion
clip_image004
As a reference, I have provided the following table that lists the Active Directory Schema and the corresponding Object Version:
Active Directory Object Version
Windows 2000 13
Windows 2003 30
Windows 2003 R2 31
Windows 2008 44
Windows 2008 R2 47
Windows 8 Beta 52
Windows 2012 56
Windows 2012 R2 69
Windows Server 2016 87

***ObjectVersion 39 - Please refer http://blogs.technet.com/b/askds/archive/2011/07/15/friday-mail-sack-peevish-nediquette-edition.aspx clip_image006
Anyway, we can start this journey with DC promotion process. The following section provides step-by-step instructions.
  1. Join computer to your exiting Active Directory Domain.
clip_image008
2. Click OK on the Welcome window and restart the server. After the reboot, this server will be member server in your existing Active Directory Domain. By default, this server will be in Computer Container.
clip_image010
3. Login to the server using a domain credentials (domain\username). You need to have proper permission to upgrade the schema and add an additional domain controller.
clip_image012
4. Next step is to add ADDS server roles onto your new Windows Server 2016 server. Open Server Manger and select Add Roles and Features option.
clip_image013
5. Click Next on the Before you begin window.
clip_image015
6. Select Role-based or Feature-based installation option. Click Next.
clip_image017
7. On the Select Destination Server window, select your local Windows Server 2016 server. Click Next.
clip_image018
8. From Server Roles option, select Active Directory Domain Services. Accept the additional Role Feature requirements. Click Add Features.
clip_image019
9. Click Next on the Select Features window.
clip_image021
10. Click Next on Active Directory Domain Services window.
clip_image022
11. Select Install option to begin AD DS role installation Process.
clip_image024
12. Now you have installed the AD DS role onto your new Windows Server 2016. Next step is to add an additional domain controller for your existing domain. As you can see on the following screenshot, you need to perform some cognition and post-deployment option to complete this task. Click Close.
clip_image025
  1. From Server Manager, select Promote this server to a domain controller option. This will initiate the DCPROMO (Yes. I still like this word!) process.
clip_image027
14. As you can see on the following screenshot, you have 3 options:
1. Add a domain controller for an existing domain
2. Add a new domain to an existing forest
3. Add a new forest.
4. For this exercise, you will be selecting the first option - Add a domain controller for an existing domain
5. If you have only one domain and this new server is part of that domain, default domain name will be listed in the Domain column.
6. Provide a domain credential with proper permission to perform these tasks. If the current/logged in user doesn’t have sufficient permission, you can select Change option to enter a new credential.
clip_image029
15. From the Domain Controller Options window,
1. select the appropriate options for your environment. In my scenario, I will be selecting:
1. Domain Name System (DNS) server
2. Global Catalog (GC)
2. Provide a password for Directory Service Restore Mode (DSRM)
3. Click Next.
clip_image031
16. Click Next on the DNS Options window.
clip_image033
17. On the Additional Options window, select appropriate AD data replication option. I will be selecting Any Domain Controller option for this exercise. Click Next.
clip_image035
18. From Paths window, select appropriate path for AD Database and Log file. Click Next.
clip_image037
19. The next section will perform:
1. Forest and Schema peroration for Windows Server 2016.
2. Domain Preparation for Windows Server 2016.
3. Click Next to continue.
clip_image038
  1. Click Next to continue and begin the Prerequisites Check.
  2. Verify the Prerequisites Check result. Click Next to start the Domain Controller promotion process.
clip_image040
22. I have included the common Prerequisites warning information for your reference here.
Windows Server 2016 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).
This computer has at least one physical network adapter that does not have static IP address(es) assigned to its IP Properties. If both IPv4 and IPv6 are enabled for a network adapter, both IPv4 and IPv6 static IP addresses should be assigned to both IPv4 and IPv6 Properties of the physical network adapter. Such static IP address(es) assignment should be done to all the physical network adapters for reliable Domain Name System (DNS) operation.
A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "labanddemo.com". Otherwise, no action is required.
23. Reboot the server after completing the DCPROMO process. After the restart, the new Windows Server 2016 will be an additional domain controller in your existing domain. The Schema will be upgraded to Windows Server 2016.
I believe this is good for Part-1 of this blogs series. In Part-2, my plan to focus more on Active Directory related functionalities. Please post a comment here if you like to see an particular topic in this blog series.
  1. Part1 - Windows Server 2016 – Active Directory
  2. Part 2 - Windows Server 2016 – Active Directory – Temporary Group Memberships

34 comments:

Hi Santosh,

nice article for on part1, can you share the part2 which you have discussed.

Regards,
Santosh Setty

Windows server 2016 has come up with multiple new features and fixed the previously reported and tested bugs. We are going to discuss its features one by one. If we talk about the security of windows server, then they pre-installed the anti-malware software.They had also added the support for OpenCL and OpenGL. In Windows Server 2016 a new role of multipoint services had been added

Click on the following link to get help with apa essay format and receive an A+!

Nice post! That's extraordinarily well explained and articulated notably favourable circumstances to hosting trade. currently am being an regular reader of your blogs. Thanks most for extraordinary assortment, keep writing.
Thanks and cheers!

Fast dedicated servers

I like your blog, it’s truly amazing. Visit OGEN Infosystem for dynamic website designing and development services and also get SEO Services for website promotion.
SEO Service in Delhi

Thanks for your post! It's good that I can read such a great article.
pozycjonowanie kraków

Thanks for sharing Windows Server 2016" your blog. If you want to create a Windows Server 2016 Contact Us
Best Web Development Company In USA

Thanks for sharing Windows Server 2016 " your blog. If you want to create a Windows Server 2016 Contact us
Best Mobile App Development Services In USA

Your blog is really well written. I really like your blog entries.
pro4people.com

하지 않기 위해서는 찾기 어색한 상황에서 자신의 앞에,나는 강하게 당신이 항상 이러한 https://koreapills.com/ 태블릿으로 당신을,이후 그들은 개인적으로 도움이 나지 않는 한,나는 당신은 또한 다음과 같다

As we know microsoft window is strong and widely use operating system so everyone who use this window must be up-to date about latest version and window server.so this post help everyone for this.
similary quickbooks user must know about the Connection Diagnostic Tool

If you are going to start a new online business, you have to manage good server for your successful business because if you did not do so, you will face financial issues regarding your business. I hope, you will understand about it. Cheap dissertation writing services.

Thanks for share this information for all you are the best writer for all.
Best Boxing Gloves Under 50

You can get everything in life you want if you will just help enough other people get what they want.

oficinas de bancarrota cerca de mí!

Welcome to Real Anchors Developers, your trusted partner in the world of real estate. With a strong foundation built on trust, integrity, and a passion for excellence, we are committed to turning your dreams of owning a perfect home into a tangible reality.

Santhosh Sivarajan's Blog is a digital haven for technology enthusiasts. With a focus on Microsoft technologies, identity management, and cloud solutions, the blog delivers insightful content. Sivarajan's expertise shines through, providing readers with a wealth of knowledge, making it a go-to resource for IT professionals navigating the ever-evolving tech landscape. This blog is a goldmine of information. Your blog packs a punch in just a few sentences. Your words are like gems. Thank you for sharing this! A quick, delightful read that left me inspired.filing for divorce in virginia

suitable for both novice and experienced aquarists. They feature a sleek design, efficient filtration system, user-friendly controls, adjustable settings, and LED lighting for coral growth. These systems are a solid investment for elevating aquarium experiences.
arlington speeding ticket lawyer Your trusted advocate in Fairfax, dedicated to fighting for your rights with unwavering commitment and expertise. Let's turn your legal challenges into victories together.

These activities can help explore emotions, perspectives, and deepen understanding of the poem's message. Reflecting on emotions, sharing feedback, and identifying growth can help in enhancing writing skills and confidence. These activities not only foster creativity but also provide a platform for self-expression and connection with others. Enjoy your poetic journey and reflect on the emotions elicited from these activities.
reckless driving lawyer arlington va Your trusted advocate with a proven track record in navigating legal challenges. Committed to securing justice and delivering results for every client, every time.

It highlights the importance of assigning static IP addresses to all physical network adapters for reliable DNS operation. Additionally, it notes the necessity of manually creating DNS delegations if an authoritative parent zone is absent. Regular audits and adherence to best practices are crucial for maintaining security and functionality.criminal law, crime

The Microsoft Technology Blogs showcase innovations like Microsoft Copilot, which boosts productivity with AI-driven capabilities, and offer insightful updates and developments across a variety of Microsoft technologies. The blogs showcase enhancements in teamwork platforms such as Microsoft Teams and user-friendly integrations that streamline procedures. For developers and companies who want to stay up to date on Microsoft's products and best practices, these resources are indispensable. The blogs are an excellent resource for utilizing Microsoft's technology to increase productivity and produce outcomes since they combine technical advice with strategic insights.acid reflux dui defense Due to the possibility of inflated breathalyzer readings caused by the combination of alcohol and stomach acid, acid reflux can be used as a defense in DUI trials. Even though it's not usually accepted, this defense emphasizes the importance of precise testing procedures in DUI enforcement. You can consult sites like [FindLaw](https://www.findlaw.com) and [Nolo](https://www.nolo.com) for additional information on this defensive tactic.

This comment has been removed by the author.

Windows Server 2016 Active Directory enhances security with PAM, Credential Guard, and MFA. making it ideal for hybrid cloud settings and improving performance and scalability for complex settings management.
family lawyer arlington tx

Fantastic article! Your thoughts on the newest features of Windows Server were really beneficial to me. What truly caught my attention was the thorough discussion of the advancements made to Virtualization capabilities and Active Directory. The potential for these upgrades to simplify network administration and enhance security excites me in especially. how fast is reckless driving in va

Windows Server 2016 manages network resources and authentication through Active Directory, installed using Server Manager or PowerShell. The server is elevated to a Domain Controller.
Child Custody Lawyer Alexandria

Windows Server 2016 enhances Active Directory (AD), making it more scalable, secure, and resilient. Part 1 covers AD fundamentals, configuring Domain Controller, and efficient user and resource management setups. reckless driving lawyer northern virginia Northern Virginia reckless driving attorneys' experience and knowledge in traffic law are crucial due to Virginia's severe regulations, which can result in fines, license points, and jail time, making them recommended for handling such cases.

Windows Server 2016's positive feedback includes enhanced security features, improved cloud service integration, and improved Hyper-V and storage management. However, critics argue it lacks certain capabilities, like enhanced software-defined networking and deduplication for ReFS. reckless driving second offense virginia CDC Digital Record reviews and comments" refer to the process of reviewing digital health records, providing valuable insights and information for effective decision-making.

Their expertise in traffic law, especially in reckless driving cases, has led to cost reductions and tactical advantages in cases involving Virginia. reckless driving virginia ticket Legal counsel is recommended for traffic charges due to their seriousness, as a traffic lawyer can potentially reduce penalties to less severe offenses like careless driving.

This guide outlines the process of configuring Active Directory on Windows Server 2016. It begins with installing the software, verifying hardware requirements, and then installing it. Next, the guide outlines setting up a static IP address, DNS server, default gateway, subnet mask, and renaming the server. The process is completed by following the installation instructions.dui lawyer rockland county ny

The author plans to launch a blog series on Active Directory and Windows Server 2016 features, promoting Widows Sever 2016 as an extra domain controller and adding it to their Active Directory 2012 domain. what is considered reckless driving in the state of virginia Reckless driving involves exceeding speed limits by more than 20 or 80 miles per hour, with severe penalties compared to other states. Aggressive driving, including weaving in and out of traffic, tailgating, and neglecting to surrender the right of way, can result in reckless driving charges.

If you need any legal help, kindly visit our page. Virginia Harassment Laws

The author plans to start a blog series on Windows Server 2016 and Active Directory functionalities, adding a new Widows Sever 2016 to an existing Active Directory 2012 domain and promoting it as an additional domain controller. The domain promotion process is similar to previous versions, and the new Schema is 87. find a bankruptcy lawyer near me Free consultations with bankruptcy lawyers offer valuable insights into the procedure, lawyer background, and handling of bankruptcy cases, allowing clients to understand their options and expectations.

The author plans to start a blog series on Windows Server 2016 and Active Directory functionalities, adding a new Widows Sever 2016 to an existing Active Directory 2012 domain and promoting it as an additional domain controller. The domain promotion process is similar to previous versions, with an upgrade to Active Directory Schema. dwi vs dui "DWI" and "DUI" are commonly used to describe impaired driving offenses, with "DUI" being the preferred legal term in Virginia. While they are often used interchangeably, they differ in their definitions and applications across states.

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More