Windows Server 2008 as a branch office server

Well, with Windows Server 2008 actually being released today I thought I’d put down in writing how I configured a server for one of our branch offices here. I decided that for a small office we’d need DHCP, DNS and a domain controller. However, this being a branch office with no IT function within it, this gave me the perfect opportunity to play with the Windows Server 2008 Read-Only Domain Controller (RODC) role within a Windows Server 2008 Core installation.

First of all, two things to note. Firstly, you must have a Windows 2008 Domain Controller within your environment. Secondly, if you have the Exchange 2003 tools installed on your DC (as we did!) these will no longer work with Windows 2008 - Exchange 2003 isn’t (and will never be) supported. However, Exchange 2007 SP1 is fully supported.

So first of all we need to get Windows 2008 in our current environment. This was really straightforward. Stick the Windows 2008 DVD in your current DC, browse to the Sources\Adprep folder and run:

adprep /forestprep
adprep /domainprep
adprep /rodc

After preparing your domain for Windows Server 2008, you can then either install a new domain controller or upgrade one of your current DCs. I chose to upgrade one of my DCs because I wanted to check out how well the upgrade process works (and because I’m a bit lazy too). It went without a hitch, apart from the aforementioned problem with the Exchange 2003 System Manager application. To be fair though this was totally my fault thanks to not reading the supported list of applications or even realising that it was installed on this server.

Another caveat to upgrading from Windows 2003 to 2008 is the Windows PowerShell. Windows 2008 will not upgrade a server with this installed; however it isn’t immediately clear how to remove this. PowerShell is actually listed as a Windows Update - so in Control Panel, Add/Remove Programs dialog box you will need to check the box at the top that says “Show Updates” and it’ll be displayed as a Windows Update towards the end of the list.

Anyway, there you go - you now have a Windows 2008 Domain Controller and you can start installing your Read-Only DC for your branch office. Again, the Windows 2008 installation is pretty straightforward - once you’ve done this, you’ll be presented with a nice command prompt when you log on. I’ve used this Technet page to help me through configuring my server.

So first off, you’ll probably want to set a new hostname. This is pretty simple:

netdom RenameComputer %hostname% /NewName:%newname%

Next up, let’s get our DHCP server installed:

start /w ocsetup DHCPServerCore

The ‘/w’ command tells your command prompt to wait for the operation to finish. It’s not necessary, but I quite like to know when my installation has finished. Next, it’s important to realise that the DHCP service isn’t set to start automatically by default - so let’s change that:

sc config dhcpserver start= auto

Next up, we’ll need some kind of DNS service too:

start /w ocsetup DNS-Server-Core-Role

And finally, we’ll kick off the Domain Controller installation:

dcpromo /unattend:c:\unattend.txt

Now, notice that you need to provide an unattend.txt for the DCPROMO application. This is because Windows Core doesn’t have the DCPROMO GUI. Here’s what I used for my unattend.txt:

[DCInstall]
AutoConfigDNS=Yes
ConfirmGC=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
RebootOnCompletion=Yes
ReplicaDomainInDNSName=your domain here
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=your dc here
SafeModeAdminPassword=pick a restore mode password
SiteName=site to install in
UserName=user who has priveleges to add DCs to the domain
UserDomain=user’s domain
Password=user’s password

Hopefully this will work as smoothly for you as it did for me. Finally, you’ll probably want to change the IP address settings on this machine ready for shipping to your branch office. You’ll firstly need to get a list of your interfaces:

netsh interface ipv4 show interfaces

Grab the IDx number of the card you want to configure, then whack in the following command:

netsh interface ipv4 set address name="%ID%" source=static address=%StaticIP% mask=%SubnetMask% gateway=%DefaultGateway%

Finally, you’ll need to add some DNS servers too:

netsh interface ipv4 add dnsserver name="%ID%" address=%DNSIP%index=1

Well, this is all I did to get a branch office up and running. However, for my next branch office I am probably going to look at enabling Hyper-V too and installing a Windows Server 2003 member server to run ISA Server 2006 in order to provide caching and internet access filtering. However, with this server being at a remote location and Hyper-V still in beta I didn’t feel this a prudent move right now.


Google
 



This entry was posted on Wednesday, February 27th, 2008 at 9:09 am and is filed under Windows Server 2008. Find similar posts by selecting any of the following tags: . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Comments so far

  1. on Wednesday February 27 2008 at 6:33 pm Fred wrote:

    Cool, that’s really good to know, thanks

  2. on Tuesday March 4 2008 at 9:41 pm Clayton wrote:

    Hi, I was wondering how you managed to uninstall the exchange 2003 tools from your dc after the upgrade to 2008. I also forgot I had it installed and when I try to uninstall it, it fails with some errors on prepping the domain. My google-fingers are tired so I came back to your blog here which was one of the first (and only) places I’ve found that described this specific situation.

    Any ideas?

  3. on Thursday March 13 2008 at 7:47 am Rob wrote:

    Hi Clayton,

    Sorry but I can’t remember doing anything particularly special - although the Exchange support tools didn’t function after the upgrade, the uninstall process went fine as far as I can remember.

    My only suggestion would be that it requires the IIS 6 management tools - perhaps installing that feature will then let you run the uninstall.

    Sorry I can’t be more help,

    Rob

  4. on Tuesday June 24 2008 at 8:02 pm Rob wrote:

    In reply to Clayton - a bit late I know, but if you run the following command:

    regsvr32 /u %windir%\System32\maildsmx.dll

    This will get rid of the annoying message about MMC not being able to load the snap-in.

    Hope this helps,

    Rob

Have your say

Fields in bold are required. Email addresses are never published or distributed.

Some HTML code is allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
URIs must be fully qualified (eg: http://www.domainname.com) and all tags must be properly closed.

Line breaks and paragraphs are automatically converted.

Please keep comments relevant. Off-topic, offensive or inappropriate comments may be edited or removed.

  1. About Me

    Rob Whitehouse is an IT professional from Fulham in London, the UK. At work he specialises in systems architecture and large scale web infrastructures. He's an MCSE for Windows NT4 and 2003 as well as an MCITP: Windows 2008 Enterprise Admin and an MCTS: SQL Server 2005. He has also dabbled in Java, C# and pretty much every web-based language. Outside of work he can be found watching or playing sports, or in the local pub.

  2. Search

    Google
     

  3. Recent Posts

  4. Archives