When you deploy a new virtual machine, for example Windows Server 2016/2019 or 2022, you’ll get the C: drive with the operating system, the D: drive for the TEMP storage (most of the VM types) and a DVD drive.
The DVD drive is not needed in some situations, for example on domain controllers. This type of servers you want to harden the security as much as possible. So, for domain controllers we’re deploying in our customer environments, we want to disable the DVD drive.
We run the following command when deploying new domain controllers in Azure.
## Disable DVD drive
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cdrom -Name Start -Value 4 -Type DWord
After this step, reboot the server and your DVD drive is gone!
Now the Release Candidate version of Windows Server 2012 is available, I’ve setup a new testlab to play with this new version of Windows. A few posts ago you’ve seen the installation of Windows Server 2012. Now we’re going to prepare this server to become a domain controller. The simple command “DCPROMO” don’t work anymore, so we’ve to do some additional actions.
1.) Open the Server Manager and select Add roles and features
2.) Select Role-based or features-based installation
3.) Select the right server, in my example W2012 (172.16.1.100)
4.) Select the roles Active Directory Domian Services and DNS Server
5.) Select the features Group Policiy Management and DNS Server Tools
6.) After the installation of this roles and features, there’s a notification within the Server Manager Dashboard
7.) Select Promote this server to a domain controller. A Deployment Configuration Wizard starts
8.) Select Add a new forest and fill in the Root domain name. In my example TESTLAB.LOCAL
9.) Both Forest and Domain functional level are Windows Server 2012 Release Candidate
10.) If the domain controller is also an DNS Server, check the Domain Name System (DNS) server
11.) The domain controllers becomes also an Global Catalog (GC)
12.) You could choose to install an Read only domain controller (RODC)
13.) Fill in the NetBIOS name of the new domain. In my example TESTLAB
14.) Specify the location of the AD DS database, log files, and SYSVOL directory. Default it will be
C:\Windows\NTDS and C:\Windows\SYSVOL
15.) After all configuration, there’s a last prerequisites check. After this step, you can hit Install
16.) The server will reboot and the new Domain Controller is ready to use.
You can script all the steps above with powershell. You can use the following script.
# Windows PowerShell script for AD DS Deployment
Import-Module ADDSDeployment Install-ADDSForest ` -CreateDnsDelegation:$false ` -DatabasePath “C:\Windows\NTDS” ` -DomainMode “Win2012” ` -DomainName “TESTLAB.LOCAL” ` -DomainNetbiosName “TESTLAB” ` -ForestMode “Win2012” ` -InstallDns:$true ` -LogPath “C:\Windows\NTDS” ` -NoRebootOnCompletion:$false ` -SysvolPath “C:\Windows\SYSVOL” ` -Force:$true