Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)

A question I often get is ‘why should I use Windows Server Core edition’? This is difficult to manage and I do not like a server without a graphical interface.

The first thing I always tell you is, you DON’T HAVE to do anything, but my advice is to do it. Especially for a number of crucial server roles.

Some advantages of Windows Server Core edition at a glance:

· It’s faster (less services running, no overhead, no graphical user interface)

· More secure

· It’s modern

· Less disk space required

· Smaller footprint

· Smaller attack surface

· Faster deployment

Difference in installed services:

On Windows Server 2022 with a graphical user interface, there are 210 installed services. On the Windows Server Core edition, there are just 127 installed services. That’s a big difference of 83 services.

image

image

Defference in running services:

On Windows Server 2022 with a graphical user interface, there are 73 running services. On Windows Server Core edition, there are just 66 running services. That’s a difference of 7 servies.

image

image

Used diskspace on the C drive

On Windows Server 2022 with a graphical user interface, the installation of the operating system uses around the 13 GB of space.

image

The Windows Server Core edition, just uses arount the 9 GB of space for the operating system.

image

Performance (CPU and memory)

In performance, there is a little difference on ‘normal’ usage of the server. The memory usage on Server Core edition is around the 1,6 GB and 2,1 on the graphical version. The CPU load is also a little less as you can see.

image

image

Summary:

The choice of whether or not to deploy Windows Server Core within the infrastructure depends on a number of things. First of all, the workload or application must be suitable to run on Server Core. This is certainly not the case for all applications or server roles.

Especially for crucial server roles, such as domain controllers, it is advisable to use Server Core. It offers a number of advantages, which contributes to a more stable and secure environment.

And with Remote Server Administration Tools (RSAT), Microsoft Management Console (MMC), Windows Admin Center or Arc, a Windows Server with core edition is easy to manage.

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

The first step is to configure the following things:

  • Machine name
  • Static IP from the Azure Portal (NOT within the VM)
  • Static DNS from the Azure Portal (NOT within the VM)
  • Date and Time
  • Install all the latest updates

image

image

image

After logging in to the first domain controllers, there’s just one big black screen with ‘SCONFIG’ open, that’s all!

image

The next step is to prepare the data partition on our second disk to place the ADDS database, NETLOGON and SYSVOL directories. For this configuration, we are using DISKPART. We have created a new volume on the second disk It’s drive D: with 16 GiB storage and disk caching is disabled.

image

After the first configuration of the servers, we are ready to start the installation of the necessary services and features. Press ‘15’ to enter Powershell.

Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools

image

Install-ADDSForest -DomainName "network.lab" -DomainMode 7 -ForestMode 7 -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs"

image

image

Because we are using Windows Core edition, we don’t have any graphical management tools on the domain controllers. Therefore, we have installed the Remote Server Administration Tools or RSAT on a management server.

image

Here we can start ‘Active Directory Users & Computers’ to take a look into our new created Active Directory environment.

Install-windowsfeature -name AD-Domain-Services, DNS -IncludeManagementTools

image

Install-ADDSDomainController -DomainName "network.lab" -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs" -Credential (Get-Credential "network.lab\azlocadmin")

image

image

Now we have two active domain controllers in our Active Directory environment, based on Windows Server 2022 Core edition.

image

Create a Central Store for your group policy ADMX and ADML files. Copy all the files from:
”C:\Windows\PolicyDefinitions” to “\\network.lab\SYSVOL\network.lab\Policies\PolicyDefinitions”.

image

Open the Group Policy Editor again and see if the policy definitions are loaded from the Central Store.

image

Wrap up:
We have created two domain controllers in Azure, based on Windows Server 2022 Core edition (no graphical user interface). We have created a new Active Directory Forest with a single domain ‘network.lab’. And last we have created the Central Store for storing the group policy definitions (ADMX and ADML) files.

In the next parts we are going to harden some security settings, configure Log Analytics for monitoring and configure Azure Backup for Back-up and Disaster Recovery.

How to: Remove ‘old’ RDS server from farm

When you delete a old RDS Session Host server from your environment whitout first deleting the server from your RDS Farm, you’ll receive the following error:

image

Install SQL Management Studio on your RDS Connection Broker and connect to the following server name:

\\.\pipe\MICROSOFT\##WID\tsql\query

2019-02-13_16h22_03

Create a new query:

SELECT TOP 1000 [Id],[Name] FROM [RDCms].[rds].[Server]

image

Here you can see all your servers in your RDS Farm. Notice the Id of your ‘old’ server. In this example it is server ‘RDS-01’ with ID 2.

Create a new query:

use RDCms;
delete from rds.RoleRdsh where ServerID = ‘2’;

image

Start Powershell on your RDS Broker server and type:

Get-RDServer

image

Now you can open your Server Manager again and manage your RDS Farm!

Build a virtual S2D cluster with Windows Server 2019 build 17744

Windows Server 2016 and 2019 Storage Sapces Direct (S2D) allows building HA storage systems using storage nodes with local storage, such as SATA or SSD disks.

In this blogpost, I’ll deploy a two node S2D cluster based on Windows Server 2019 build 17744. The main machine is a HP ProBook 450 G5 with Windows 10, 16 GB memory, 512 GB SSD disk, and Hyper-V enabled.

First of all, I’ve deployed the following virtual machines:

  • S2D-W2019-DC01 (Domain Controller, DNS, Group Policies)
    IP address: 172.16.0.100
  • S2D-W2019-HV01 (Hyper-V host, S2D node)
    IP address: 172.16.0.101 (LAN)
    IP address: 10.10.0.101 (Live Migration)
  • S2D-W2019-HV02 (Hyper-V host, S2D node)
  • IP address: 172.16.0.102 (LAN)
    IP address: 10.10.0.102 (Live Migration)

All the servers are installed with Windows Server 2019 build 17744. The first server I’ve configured is the domain controller. My internal domain is s2dlab.local.

For both S2D nodes (S2D-W2019-HV01 and S2D-W2019-HV02), you’ve to configure some additional settings, because this servers are virtual. So we’re going to run Hyper-V in Hyper-V and on that Hyper-V host there’re some guest virtual machines (nested virtualization) 😀 Cool stuff!!!


$S2DHOST1 = 'S2D-W2019-HV01'
$S2DHOST2 = 'S2D-W2019-HV02'

# List all virtual machines
Get-VM

# Enable nested virtualization on virtual machines
Set-VMProcessor -VMName $S2DHOST1 -ExposeVirtualizationExtensions $true
Set-VMProcessor -VMName $S2DHOST2 -ExposeVirtualizationExtensions $true

Next, you’ve to Configure the following settings within the VM configuration:

  • Disable dynamic memory;
  • Set the number of virtual processors to 2 or 4;
  • Turn on MAC address spoofing on your network interface(s);

           

Now the domain controller is up and running and both S2D nodes are installed and configured with Windows Server 2019, it’s time to add some storage. Both servers have 3 x 50 GB virtual disks attached! Note!! this is only for testing and demo!! 

So we’ve 300 GB storage available for our S2D cluster. After this is done, you can install the following roles and features within Windows Server:

  • (Role) File and Storage Services;
  • (Role) Hyper-V;
  • (Feature) Failover Clustering;

           

Now all the components are ready to build the cluster. It’s recommended to run the cluster validation before building your cluster! The name of my cluster is ‘S2D-CL01’ with IP address 172.16.0.200/16. Note!! Uncheck the option ‘Add all eligible storage to the cluster’!!

The cluster is up and running. As you can see within your Active Directory and DNS configuration, there’re three computer objects (two cluster nodes and one Failover Cluster object).

                 

The last step before enabling ‘S2D’ on our cluster is checking the disk configuration.


# List all available disks within the cluster nodes
Get-PhysicalDisk

# Enable Storage Spaces Direct on the cluster
Enable-ClusterS2D

# List all Storage Pools within the S2D cluster
Get-Storagepool S2D*

     

Now our cluster is Storage Spaces Direct (S2D) enabled. The last step is to create a virtual disk within our Storage Pool and add it as a Cluster Shared Volume (CSV) to the cluster, wo we can store workloads on it! Bacause we’ve a two node cluster, the only Resiliency type is Two-Way Mirror.

                 

Wrap Up:

In this blogpost we’ve builded a two nodes virtual Storage Spaces Direct cluster in Hyper-V (Windows 10). The S2D nodes are running Windows Server 2019. It’s really a nice opportunity to run this configuration virtual on your laptop or desktop, while nested virtualization is supported and it works great!!

In the next blogpost I’ll show you to install and configure a virtual machine within our S2D cluster. Also performing some live migrations to show the high availability and resiliency of our setup!

Demo movie: Storage Spaces Direct in Windows Server 2016

The following movie shows the power of Storage Spaces Direct in Windows Server 2016. From the local disks, to storage pools and cluster, all the layers are explained!! Very useful when you want to know exactly how Storage Spaces Direct (S2D) works.

Software Defined will be the feature! So prepare yourself….. 🙂

Microsoft Ignite 2016 Slidedeck and Video downloader

MSIgnite_Atlanta_Skyline_Jan20_TW

Have you missed the Microsoft Ignite 2016 event…..no problem!! MVP Michel de Rooij has created a script to download all the content (videos and slidedecks). So you can watch all the content again.

This script will download all the Ignite 2016 slidedecks and videos that are available from Techcommunity via the OneDrive URL on the session page. Video downloads will leverage a utility which can be downloaded from https://yt-dl.org/latest/youtube-dl.exe, and put it in the same folder as the script. The script itself will try to download the utility when the utility is not present.

Special credits goes to:
Original scraper for slidedecks by Mattias Fors, http://deploywindows.info.
Adjusted for video downloading by Michel de Rooij, http://eightwone.com
Enhancements by Scott Ladewig http://ladewig.com

Download the script here.

2016-10-12_14h14_44