Windows Server Core Full Configuration with PowerShell


Windows Server Core Full Configuration with PowerShell

How to Configure Server Core with Active Directory Services, DNS, and DHCP Using Nothing But PowerShell

Windows Server 2012 offers two installation options: Server Core or “Server with a GUI”. This begs the question: Why would you want to install Server Core instead of the GUI? One reason may be that you have limited physical hardware resources and want to keep the footprint as small as possible.

Recently I needed to build a domain controller, DHCP, and DNS server for a branch office. This office has a Riverbed Steelhead WAN optimization appliance which runs a nested VMware ESXi hypervisor. The appliance has limited memory and disk space, so I needed to keep the installation as small as possible (Incidentally, if I only needed DNS and DHCP, I would have just installed RedHat Enterprise Linux, but having the server be an Active Directory domain controller was also a requirement.)

I’m going to show you step-by-step how I configured Active Directory Services, DNS, and DHCP on a Windows Server 2012 Server Core installation.

To begin you will need the following:

  • A physical or virtual server with a fresh install of Windows Server 2012 Server Core
  • At least one connected network interface
  • 2 GB RAM minimum
  • 40 GB virtual or hard disk for the Server installation
  • 4 GB virtual or hard disk for the swap file (NTFS-formatted during the installation)
  • A management workstation with PowerShell installed

Log in as the local administrator, and we’ll begin by configuring basic networking.

Network Configuration

1. First we’re going to get the name of the network adapter so we can rename it to something more friendly.

get-netadapter

Server Core 2012 rename network adapter

2. Now let’s rename it to “LAN” and assign it a unicast IP address of 192.168.9.6/24 with a default gateway of 192.168.9.8.

Rename-NetAdapter -name "Ethernet" LAN
get-netadapter -name LAN | new-netipaddress -addressfamily IPv4 -IPaddress 192.168.9.6 -prefixlength 24 -type unicast -defaultgateway 192.168.9.8

Server Core 2012 Configure Network Interface IP Address

3. Set the DNS servers to 192.168.20.80 and 192.168.20.81

set-dnsclientserveraddress -interfacealias LAN -serveraddresses 192.168.20.80,192.168.20.8

3. Verify the configuration with:

$ Get-DnsClientServerAddress -interfacealias LAN | format-list

InterfaceAlias  : LAN
InterfaceIndex  : 12
AddressFamily   : IPv4
ServerAddresses : {192.168.20.80, 192.168.20.81, 127.0.0.1}

InterfaceAlias  : LAN
InterfaceIndex  : 12
AddressFamily   : IPv6
ServerAddresses : {::1}

Enable Remote Access

4. I always like to have three methods of accessing a server. In this case, I have console access through VMware ESXi, but I also want to be able to use RDP and PowerShell Remoting. Let’s configure the latter two now.

enable-psremoting
cscript C:\Windows\System32\Scregedit.wsf /ar 0

5. Temporarily turn off the Windows Firewall.

netsh advfirewall set allprofiles state off

Configure PowerShell Remoting

From this point forward, we will use PowerShell Remoting to finish the configuration of the server.

6. Switch to your management workstation and launch PowerShell as an Administrator
7. Allow connections to any host and open a new PowerShell session to the target server.

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
New-PSSession -computername 192.168.9.6 -credential administrator

If the connection is successful, PowerShell will display the new connection as follows:

Server Core 2012 New-PSSession

8. Enter the new PowerShell session

Enter-PSSession 1

The PowerShell prompt will change indicating you are now connected to the target server.

Server Core 2012 Enter-PSSession

Set Swap/Paging File Location

Since our server has a small amount of RAM, the paging or swap file is going to be very important to the reliability of the server. We want to keep it on a separate volume so that an out-of-control process filling up the system volume doesn’t prevent the server from growing the paging file as needed. In this case, C: is the system volume and D: is the volume for the paging file.

9. Get free space on D:

get-wmiobject win32_logicaldisk

Server Core 2012 View Free Space on Drives

10. Set the paging file to fill almost all free space on D:

$CurrentPageFile = gwmi -Query "select * from Win32_PageFileSetting where name='c:\\pagefile.sys'" -EnableAllPrivileges
If($CurrentPageFile){$CurrentPageFile.Delete()}
swmi Win32_PageFileSetting -Arguments @{Name='D:\pagefile.sys'; InitialSize=4036; MaximumSize=4036}

11. Verify the paging file was created

get-childitem d: -attributes hidden

Server Core 2012 Move Paging File

12. Disable automatic paging file size

gwmi Win32_ComputerSystem -EnableAllPrivileges | swmi -Arguments @{AutomaticManagedPagefile=$false}

Join the server to Active Directory and Promote it to Domain Controller Status

13. Rename the computer if needed using the cmdlet

Rename-Computer

14. Add the computer to the domain benpiper.com and reboot

add-computer -domainname benpiper.com

15. Install Active Directory Domain Services

Install-WindowsFeature -name AD-Domain-Services

If all is well, you should see the “Success” exit code.
Server Core 2012 Install-WindowsFeature AD-Domain-Services

16. Promote the server to a domain controller

Install-ADDSDomainController -credential (get-credential)

After running through some tests and making changes to Active Directory, the server should now be a replica domain controller. Go ahead and reboot it again for good measure.

Install and Configure DHCP

We’re going to initially create just one IPv4 scope. The server will provide an IP address, DNS and WINS servers, and a default gateway.

17. Install DHCP services

install-windowsfeature -name dhcp

18. Create the IPv4 scope

Add-DhcpServerv4Scope  -StartRange 192.168.9.100 -EndRange 192.168.9.240 -SubnetMask 255.255.255.0 -LeaseDuration 14.0:0:0 -Name "Data" -ActivatePolicies 0

This newly created scope will be identified with a Scope ID which can be retrieved with the cmdlet

get-dhcpserverv4scope

19. Add DHCP options to the scope: DNS, default gateway (router), and WINS

Set-DhcpServerv4OptionValue -scopeID 192.168.9.0 -DNSServer 192.168.9.6,192.168.20.80,192.168.20.81 -DNSDomain benpiper.com -Router 192.168.9.8 -WinsServer 172.16.51.5,172.17.51.2

20. Finally, verify the scope and options with

$ Get-DhcpServerv4OptionValue -scopeid 192.168.9.0 | Format-List

OptionId    : 51
Name        : Lease
Type        : DWord
Value       : {1209600}
VendorClass :
UserClass   :
PolicyName  :

OptionId    : 15
Name        : DNS Domain Name
Type        : String
Value       : {benpiper.com}
VendorClass :
UserClass   :
PolicyName  :

OptionId    : 3
Name        : Router
Type        : IPv4Address
Value       : {192.168.9.8}
VendorClass :
UserClass   :
PolicyName  :

OptionId    : 6
Name        : DNS Servers
Type        : IPv4Address
Value       : {192.168.9.6, 192.168.20.80, 192.168.20.81}
VendorClass :
UserClass   :
PolicyName  :

OptionId    : 44
Name        : WINS/NBNS Servers
Type        : IPv4Address
Value       : {172.16.51.5, 172.17.51.2}
VendorClass :
UserClass   :
PolicyName  :

Notice that I added this new server’s IP (192.168.9.6) as the primary DNS server. When we promoted this server to a domain controller, DNS was automatically installed and configured as part of Active Directory integrated DNS.

21. Prior to this new server, DHCP was handled by a Cisco L3 switch. Since there are existing leases and since we may add a secondary server in the future, we want to enable conflict detection.

Set-DhcpServerSetting -ConflictDetectionAttempts 1

Verify the setting with

$ Get-DhcpServerSetting

IsDomainJoined            : True
IsAuthorized              : False
DynamicBootp              : True
RestoreStatus             : False
ConflictDetectionAttempts : 1
NpsUnreachableAction      : Full
NapEnabled                : False
ActivatePolicies          : True

22. Last but not least, we must authorize this DHCP server in Active Directory.

Add-DhcpServerInDC

Your DHCP server is now up and running. Verify DHCP bindings/leases with

Get-DhcpServerv4Lease -scope 192.168.9.0
Tags: , , , , ,

One thought on “Windows Server Core Full Configuration with PowerShell

Comments are closed.