How To Set Up A New Windows Domain – Server 2016 Essentials

I had some extra hardware lying around, and my trusty backup drive got full so, I decide it was time to build a lab environment so I could develop stuff easier. This involves, to start with a Windows Server 2016 Essentials server. Hopefully everyone out there will find the process I’m going through to set this all up useful.

One of the first steps is creating a Windows Domain. There’s a pretty good TechNet article on this that gives some really good advice for people new to the industry. There are a few things you don’t get to do often in IT, and creating a domain from scratch, unless you routinely install Windows systems for customers is one of them.

The process for creating a Windows domain is pretty simple and basically the same on newer versions of Server. You set up the server, give it a static IP, promote it to a domain controller, and follow the wizard. It reboots a couple of times, and you have your very own Windows domain.

Once you do this you pretty much can’t go back, so you have to make some decisions and give it some thought beforehand.

Now, like the TechNet article this is mainly for relative beginners with a network requiring one domain controller (possibly two), small to medium size business owners, and technicians just starting to dip their toes into these waters. This is not for Enterprise IT guys with a huge domain forest. You guys already know what you’re doing. If you’re starting out and you feel your network is big enough for ten domain controllers, three sub-domains and has five thousand users, consider hitting that contact form up there. Also I’m using the Essentials version of 2016. The processes I’ll be describing in this and future articles are similar but not exactly the same as what you’ll find in  Standard and Datacenter versions.

Considerations For Naming Your Windows Domain

This is where I’ve seen the biggest mistakes made. You need to answer a few questions and do this very deliberately. Now fortunately, Microsoft has some very good defaults that make this a little easier, but it probably wasn’t always this way.

Questions

  • Do I have a website and email that’s hosted somewhere outside my premises?
  • Will I ALWAYS have that website/email domain or could it be changed it in the future? (Less important)
  • Do I like making really creative changes to my DNS to make things work because I named my internal domain the same as my external hosted domain?
  • Is anyone actually going to care that the internal domain doesn’t match our external website? (The answer is likely not).

The reason is, and let’s use this website as an example. Say, GoDaddy hosts WorkendTech.com and its email. I then name my internal domain “WorkEndTech.com” as I’ve seen many people do. When I pull up a website on any computers attached to that domain, using my domain controller as a DNS server, I won’t able to reach my website, or get e-mail. This is because internally “WorkEndTech.com” is now referring to my domain controller(s), not GoDaddy’s hosting. Also my email will  not magically start going to my email server because I set up an Exchange server to start accepting email for that domain.

This should seem obvious but, you have to tell everything on the Internet where you want that stuff to go. You will then also have to tell your own internal DNS servers that you want “http://WorkEndTech.com” to point to something on the internet, and if your host doesn’t have a static IP assigned to your website, or if they change name servers sometimes, which they may, this can get super annoying. Also, remember once you set the domain up it can’t be changed without wiping the domain controller and starting over.

Now if you host your own website, email, and all that other fun stuff on the very server you’re setting up, this is irrelevant and you might actually consider naming your website and internal domain the same thing for convenience. You can name it something else and point your internal stuff to an internal server a lot easier than the situation above.

Consider using the .local extension for your domain heavily. That way you can differentiate it from your external domain. By default Microsoft will assign it this way.

Setting Up Your First Domain Server 2016 Essentials (And other versions of Server)

So you’ll need a few things before you start.

  • A Static IP for your server.
  • A name for your domain (See considerations above).
  • A hostname for your server.
  • Internet Access for your Server (OK this is breaking some security rules, but it makes time synchronization easier. If your router has an NTP server on it, just network access will do).
  • About 30 minutes.

Step 1 – Install Server 2016 Essentials on your machine. Just get the DVD or use a Bootable USB drive.

Step 2 – Give your server a static IP.  Reboot the server. Ignore the “Configure your Server” wizard that pops up. It’ll pop  up on reboot. You can even close it. I’m not sure how to make it pop back  up manually, but rebooting seems to work fine.

Step 3 – A wizard for “Configuring Your Server” should pop up automatically. Read it, click Next.

Step 4 – Make sure your Time Zone and Date/Time are correct.

If the time and date and time zone aren’t correct hit the “Change System Time and Date Settings” and you need to change the time zone here. Usually it’s just the time zone that’s wrong as it is always set to US Pacific time by default. Click Next once that’s all set up.

Step 5 – Enter your company name. The wizard will suggest a domain name and host name for your machine. With mine, I put in WorkEndTech. It suggested WORKENDTECH as the domain and WorkEndTeServer. Obviously I changed it.

I changed my server name to just WorkEndTechServer and made sure my domain was WorkEndTech.local. You can make doubly sure or change the full domain name by clicking the “Change Full DNS Name”. I highly suggest doing this just to make sure.

You can also go with a different naming scheme for your servers, changing the host name will in no way affect the domain name. Click Next.

Step 6 – Create a network admin username and password. I’d suggest against “administrator”. You can use your own name. I went with WorkEndAdm. Click next.

Step 7 – Choose whether you want to use the recommended security settings or do that all later. I just went with the recommended and clicked next. You can tweak those security settings later if you’d like.  Click Next.

Step 8 – The wizard will then start setting up your server as a domain controller for you. This process can take up to half an hour depending on your hardware. I’ve seen some take as little as three or four minutes. It will reboot, continue to set up, and possibly reboot again.

That’s it. You’re pretty much done. The server is now a domain controller. You can now start joining client PC’s to it, making group policy stuff, adding users into to Active Directory, and adding roles and features.

 

 

USB to Serial Adapters and Kit Suggestions

Way back in 2008 or so I got a couple of serial adapters for my laptop so I could set up various network devices. Most business class devices, even in the 21st century still use the serial port approach to first set up. Something about security or making things harder for technicians to do their job.

Since laptops don’t often come with serial ports anymore this makes things difficult to set up.

Recently I misplaced the best serial adapter I have ever worked with. The IOGEAR USB 2.0 to Serial Adapter I purchased at Best Buy in probably 2008 or sometime around then. I’ve had other adapters, but this one has worked with every operating system from Windows XP to Windows 10. I think I’ve even plugged it into a few Linux boxes and not had to do anything weird to get it to work.  Something  I can’t say with others.

The only real drawback is it has a short cable. I’m always a little jealous of the ones the phone guys carry with the 9 foot cables, but they always break on them. This one went through daily heavy use for several years, and wherever it is I’m sure still works after nearly decade. I replaced it recently with another one exactly like it.

Anyway, I highly recommend IOGEAR stuff, I’ve got an old KVM switch and some other stuff they’ve made and it’s all managed to outlast a lot of the more expensive stuff I’ve bought over the years.

Kit Suggestions

I’ve founds a few cables need to go with this particular adapter over the years. This is a ‘least number of cables you need kit’.

  1. Female to Female Serial Cable – This is what most devices need. Most network appliances are just computers with a regular serial port sticking out of them. Get a really long one of these. The Amazon link is for a ten foot cable. But you can select a three-foot, six-foot, or up to a hundred foot cable. I’ve never needed more than a ten foot cable.
  2. Female to Male Serial Cable – Some appliances have a backwards serial connection like this. I think they expect you’ll have a serial adapter with a long cable. Weirdly they’ll usually come with a cable like this. ShoreTel devices are one big example of this kind of device. I’ve never needed a super long one of these, but it also will double as an extension. I always just carried a six-foot one and kept it coiled up.
  3. Roll Over Cable With Null Modem – Essentially a “Cisco Cable”. You can get one out of the box a switch came in. The Amazon link there has a generic one for $4 but, honestly if you are buddies with some of your local IT guys you can usually get a hand full of these for free. Every time you buy a Cisco equipment or most other equipment that uses these, it usually comes with one. If you have ninety switches, you inevitably have ninety of these lying around.
  4. Regular RJ45 Null Modem – Some devices need weird pin outs and they usually use RJ-45 connections so having a regular old null modem is great and you can just make whatever cable you need. The link comes with two. Some networking equipment will come with these and a rollover cable that detaches so it’s worth watching out for that.

If you need a crossover cable, my suggestion would be to get a short male to female crossover cable, not a female to female one. I’ve never actually seen the need for one, but they sell them so I’m assuming there’s equipment out there that uses them.

Disable Outlook Call Handling In ShoreTel Director

One of the more helpful, or not helpful features of the ShoreTel phone system is Outlook Calendar integration. I’ve worked with the ShoreTel phone system since roughly 2007 in various capacities and this is one of those features that either works, or doesn’t depending on version of Office, ShoreTel, and phase the moon is in. Typically I’ve never really had anyone that actually wanted it so it never got installed on purpose. However, I’ve had some people ask about this particular feature so I thought I’d post a quick fix here on how to disable it on the server-side.

The complaint is typically the phone won’t ring for mysterious reasons even though everything is configured properly. You’ll often hear that the phone stops ringing at 9:00 but then will start again at 10:00 on Tuesdays.

The instructions below are particularly helpful for people in remote areas where it may be difficult to RDP into their machines to uninstall Calendar Integration.

How to Remotely Disable Automatic Outlook Call Handing in ShoreWare Director

Step 1 – Log into ShoreWare Director

Step 2- Go to your user’s Personal Options.

Step 3 – If the box that is labeled “Outlook Automated Call Handing” is checked, simply uncheck it and hit save.

The user’s phone should now ring, even if they have something scheduled in Outlook.

Note – You should be able to change what call handling mode ShoreTel Communicator goes into with Calendar Integration installed in each individual appointment. You may have to go into Outlook’s add-ins manager and physically enable the add-ins if you want the feature to work.

 

Site Changes

I had to change the theme of the site. I haven’t used Chrome in a long time due to it having been a total piece of garbage on most of my machines. Anyway, put it on my trusty Surface 3 as Firefox was taking up a ton of memory, notice basically no links or anything worked with the site on Chrome. Figured that was probably happening to everyone since my other WordPress sites worked fine.

Same problem cropped up on my fiance’s computer running Chrome as well. Figured out it was the WordPress theme. Looked like it hadn’t been updated since 2014 or so. A real shame too, it was a good, no-nonsense theme that loaded fast and worked really well for this blog.

I could probably figure out what the problem is, but it’s probably time to change it and the Twenty Seventeen theme is pretty cool so we’ll see how that runs until I can find something close to what I had or someone who will design me one.

ShoreTel Backup Method Revisited

Occasionally I’ll get a comment on the blog that says, “This post is three years old but it worked” which is really nice to hear. It also means that at least in the case of ShoreTel most stuff is fairly consistent between versions.

I was thinking about backing up ShoreTel servers today and looked at my old post on backing up your server and thought this would be a good time to post again about using a method I’ve found that works well, but that ShoreTel doesn’t seem to talk about.

I am going to disclaim this, as ShoreTel does not suggest it. However, if you poke through this blog, other forums, and talk to ShoreTel customers and partners you’ll find out that basically none of them set up a backup plan on standalone servers. If they do it’s ShoreTel’s included scripts, which almost always fail after a minor update, if they ever worked in the first place.

Backing Up Your Stand Alone Server With Windows Server Backup

You’ll need a NAS or other remote storage for this. These instructions are a little more ‘theory’ than the precise step by step instructions I’d rather give. They’re also geared for Server 2008 and Server 2012. It should work just fine with Server 2016 and forward as Server Backup hasn’t changed much since the 2003 days. If you are still using 2003 you’ll need an external hard drive and a floppy disk probably.

You will also need an installation media for Server 2008/2012 for this to restore correctly. You can usually download this from Microsoft. Someone with a volume license agreement or a Microsoft partner can usually get you the Installation Media (I’ve never had a problem getting one for free if it was an emergency). If you have an install disk from a major hardware vendor like Dell, this will work too as you aren’t actually using the install media to do the installation. I do not think you’ll need your Server Key, but you should be keeping a copy of that somewhere safe anyway.

Step 1 – Open server backup and select the option for a scheduled backup.

Step 2 – You will want to do a full back up to a remote share. The remote share is your NAS. Depending the on the version you may be able to do incremental backups to a remote share as well. Don’t do this. Just do a full, bare metal backup of everything every night or once a week or whatever you feel comfortable with.

Note: A word on the scheduling. You want this to be some crazy hour when nothing is going on. I’ve checked logs on a few servers with this set up. It does not take long, anywhere from ten minutes to an hour at most. Depends on the speed of the machine, NAS and network. It uses shadow copy snapshots so it basically is just copying an image of the machine when the backup copy job starts. I HAVE run these during the day and it doesn’t seem to mess anything up. I would not trust that to happen on a really busy server.

Note 2: This method just backs up the server once, and wipes out the previous backup. Because ShoreTel is constantly writing and deleting stuff, I am of the opinion that a full backup every time is better. This is really for disaster recovery not recovering a deleted extension or a voicemail someone accidentally got rid of.

Restoring the ShoreTel Server

This is pretty straight forward. You want to boot from the Server 2008/2012 installation media and select the “Restore my server” or advanced options instead of the “Install” button. You’ll find a restore from image option. You can usually browse for the image on a network location, sometimes you may need to put it on an external drive (May be a version thing).

You’ll need similar or the exact same hardware to use this. Some backup software will let you restore on dissimilar hardware but, I have no idea how well this works with ShoreTel. It’s probable you could make this work somehow with virtualization though. Newer versions of Server Backup make a VHD file so, it’s entirely likely you could boot it directly in HyperV, but that’s just speculation.