I had some extra hardware lying around, and my trusty backup drive got full so, I decide it was time to build a lab environment so I could develop stuff easier. This involves, to start with a Windows Server 2016 Essentials server. Hopefully everyone out there will find the process I’m going through to set this all up useful.
One of the first steps is creating a Windows Domain. There’s a pretty good TechNet article on this that gives some really good advice for people new to the industry. There are a few things you don’t get to do often in IT, and creating a domain from scratch, unless you routinely install Windows systems for customers is one of them.
The process for creating a Windows domain is pretty simple and basically the same on newer versions of Server. You set up the server, give it a static IP, promote it to a domain controller, and follow the wizard. It reboots a couple of times, and you have your very own Windows domain.
Once you do this you pretty much can’t go back, so you have to make some decisions and give it some thought beforehand.
Now, like the TechNet article this is mainly for relative beginners with a network requiring one domain controller (possibly two), small to medium size business owners, and technicians just starting to dip their toes into these waters. This is not for Enterprise IT guys with a huge domain forest. You guys already know what you’re doing. If you’re starting out and you feel your network is big enough for ten domain controllers, three sub-domains and has five thousand users, consider hitting that contact form up there. Also I’m using the Essentials version of 2016. The processes I’ll be describing in this and future articles are similar but not exactly the same as what you’ll find in Standard and Datacenter versions.
Considerations For Naming Your Windows Domain
This is where I’ve seen the biggest mistakes made. You need to answer a few questions and do this very deliberately. Now fortunately, Microsoft has some very good defaults that make this a little easier, but it probably wasn’t always this way.
- Do I have a website and email that’s hosted somewhere outside my premises?
- Will I ALWAYS have that website/email domain or could it be changed it in the future? (Less important)
- Do I like making really creative changes to my DNS to make things work because I named my internal domain the same as my external hosted domain?
- Is anyone actually going to care that the internal domain doesn’t match our external website? (The answer is likely not).
The reason is, and let’s use this website as an example. Say, GoDaddy hosts WorkendTech.com and its email. I then name my internal domain “WorkEndTech.com” as I’ve seen many people do. When I pull up a website on any computers attached to that domain, using my domain controller as a DNS server, I won’t able to reach my website, or get e-mail. This is because internally “WorkEndTech.com” is now referring to my domain controller(s), not GoDaddy’s hosting. Also my email will not magically start going to my email server because I set up an Exchange server to start accepting email for that domain.
This should seem obvious but, you have to tell everything on the Internet where you want that stuff to go. You will then also have to tell your own internal DNS servers that you want “http://WorkEndTech.com” to point to something on the internet, and if your host doesn’t have a static IP assigned to your website, or if they change name servers sometimes, which they may, this can get super annoying. Also, remember once you set the domain up it can’t be changed without wiping the domain controller and starting over.
Now if you host your own website, email, and all that other fun stuff on the very server you’re setting up, this is irrelevant and you might actually consider naming your website and internal domain the same thing for convenience. You can name it something else and point your internal stuff to an internal server a lot easier than the situation above.
Consider using the .local extension for your domain heavily. That way you can differentiate it from your external domain. By default Microsoft will assign it this way.
Setting Up Your First Domain Server 2016 Essentials (And other versions of Server)
So you’ll need a few things before you start.
- A Static IP for your server.
- A name for your domain (See considerations above).
- A hostname for your server.
- Internet Access for your Server (OK this is breaking some security rules, but it makes time synchronization easier. If your router has an NTP server on it, just network access will do).
- About 30 minutes.
Step 1 – Install Server 2016 Essentials on your machine. Just get the DVD or use a Bootable USB drive.
Step 2 – Give your server a static IP. Reboot the server. Ignore the “Configure your Server” wizard that pops up. It’ll pop up on reboot. You can even close it. I’m not sure how to make it pop back up manually, but rebooting seems to work fine.
Step 3 – A wizard for “Configuring Your Server” should pop up automatically. Read it, click Next.
Step 4 – Make sure your Time Zone and Date/Time are correct.
If the time and date and time zone aren’t correct hit the “Change System Time and Date Settings” and you need to change the time zone here. Usually it’s just the time zone that’s wrong as it is always set to US Pacific time by default. Click Next once that’s all set up.
Step 5 – Enter your company name. The wizard will suggest a domain name and host name for your machine. With mine, I put in WorkEndTech. It suggested WORKENDTECH as the domain and WorkEndTeServer. Obviously I changed it.
I changed my server name to just WorkEndTechServer and made sure my domain was WorkEndTech.local. You can make doubly sure or change the full domain name by clicking the “Change Full DNS Name”. I highly suggest doing this just to make sure.
You can also go with a different naming scheme for your servers, changing the host name will in no way affect the domain name. Click Next.
Step 6 – Create a network admin username and password. I’d suggest against “administrator”. You can use your own name. I went with WorkEndAdm. Click next.
Step 7 – Choose whether you want to use the recommended security settings or do that all later. I just went with the recommended and clicked next. You can tweak those security settings later if you’d like. Click Next.
Step 8 – The wizard will then start setting up your server as a domain controller for you. This process can take up to half an hour depending on your hardware. I’ve seen some take as little as three or four minutes. It will reboot, continue to set up, and possibly reboot again.
That’s it. You’re pretty much done. The server is now a domain controller. You can now start joining client PC’s to it, making group policy stuff, adding users into to Active Directory, and adding roles and features.
If you found this post helpful, please consider supporting me on ko-fi.