Staging a Branch Office Domain Controller

Operating System

Chapter 6

Deployment and Operations Guide

Abstract

This chapter outlines the steps to create a staged domain controller for a branch office at the staging site. After completing these steps, you will have a staged branch office domain controller ready for the necessary pre-shipment configuration. The pre-configuration steps must be performed right before the domain controller will be shipped to its branch office; these are in the next chapter.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Windows, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.

1200

Contents

Introduction 1

Chapter Sections 1

Resource Requirements 1

What You Will Need 1

What You Should Know 2

Process Flowchart 3

Deployment considerations 4

Installing a Staged domain controller 5

Installing Windows 2000 in a Workgroup 5

Copy the Script Files to the Server 5

Configure the Preferred and Alternate DNS Servers 6

Configure DNS Client and Add Registry Entries 6

Install other Monitoring Tools 7

Install AppManager Agent 7

Install Operations Manager agent 7

Verifying dns 8

Verify Connectivity 8

Promoting and configuring the Branch Office Domain Controller 10

Promote the Server to a Branch DC in the Staging Site 10

Create Connection Objects with the Staging Site Server 10

Post DCPROMO Quality Assurance of Branch Office Domain Controller 12

Verifying Replication 12

Schedule the Quality Assurance Check to Run Every Day 12

Summary 14

Introduction

Now that the staging site domain controller has been created and configured, you can begin the process of staging domain controllers for your branch offices. This chapter will step you through the first phase of the process of creating a staged domain controller. By the end of the chapter, the sample environment will appear as follows:

After completing the procedures in this chapter, you must complete the second phase procedures in the next chapter just prior to shipping the domain controller to the branch office.

Chapter Sections

This chapter covers the following procedures:

· Installing a Staged Branch Office Domain Controller

· Verifying DNS

· Promoting and Configuring the Branch Office Domain Controller

· Post Dcpromo Quality Assurance of the Branch Office Domain Controller

Before beginning the staging steps, ensure that the following prerequisites are available.

Resource Requirements

A representative from the network team that can provide DNS and IP network information.

What You Will Need

To complete the procedures in this chapter, you will need:

· All branch domain bridgehead servers installed in the hub site, including the HUBDC1 server.

· The staging site branch domain controller installed and replicating with the hub site.

· Microsoft® Windows® 2000 Server or Windows 2000 Advanced Server

· The latest Service Pack

· The Microsoft Windows 2000 Resource Kit

· The password for the QACheck account for scheduling the QA_Check.cmd script.

· The branch office installation scripts shared on the staging site domain controller.

· The quality assurance scripts shared on the staging site domain controller.

What You Should Know

To complete the procedures in this chapter, you will need:

· The username and password for a user account that is a member of the branch office domain, Domain Admins group.

· An IP address that is valid for the staging site subnet, unless you are using DHCP to assign IP addresses.

· The name of the staging site domain controller.

Process Flowchart

Deployment considerations

The processes covered in this chapter should be performed at the physical staging location, using the staging site branch domain controller, Staging, as the source domain controller for the installation. This will provide the best performance during installation.

The first phase involves installing Microsoft Windows 2000 and configuring the server for DNS. In addition, because we have turned off the intrasite KCC in the staging site, you will be creating manual connection objects between the staging site domain controller and each domain controller you stage. By using manual connection objects for each branch domain controller during staging, you eliminate the possibility that any branch domain controller replicates with another branch domain controller in the staging site, which may be having problems.

Installing a Staged domain controller

To stage a domain controller for a branch office, you must first install a new server that will be promoted to be the branch office domain controller.

Note: As you perform the procedures in this chapter, you should document the configuration of the servers in the DC Staging Checklist.xls job aid included with this guide.

Installing Windows 2000 in a Workgroup

The first step for staging a domain controller is to install Windows 2000 in a workgroup, including the components in the below list. One method for automating this is to use the Setup Manager tool in the Microsoft Windows 2000 Resource Kit to create an answer file and Uniqueness Database File (UDF) for the installation of the staging site domain controller.

Note: When you are staging anew domain controller, configure the server during installation with an IP address that is valid for the staging site. The IP addresses that are valid for the staging site were assigned to the staging site in the Sites.csv file created in Chapter 4 of this guide. Using the example in this guide, a domain controller would be installed with an IP address of 10.10.30.2 and so on. Do not assign the server an IP address for a branch office until you reach the procedure in Chapter 7 of this guide.

· The DNS Server service

· Terminal Services in remote administration mode

· The Support Tools from the Windows 2000 Server compact disc

· The Microsoft Windows 2000 Resource Kit

· Active Perl from the Microsoft Windows 2000 Resource Kit

· The Remote Command Service from the Microsoft Windows 2000 Resource Kit

· The Recovery Console

· The latest Windows 2000 Service Pack

Note: The installation of the Support Tools and the Microsoft Windows 2000 Resource Kit can be automated by directly launching the Msi file for each with the /qb switch.

The server must be assigned a fixed IP address in the staging site subnet or the DNS server will not start properly.

Copy the Script Files to the Server

1. Log on to the server as Administrator.

2. Start a command prompt.

3. Establish a network connection to the staging site domain controller to ensure the commands in steps 5 and 6 function correctly by using the following command:

Net use \\<servername>\IPC$ /u:branches\administrator

Where <servername> is the name of the staging site domain controller and branches is your branch office domain name.

4. If prompted, type the password for the administrator user account on the staging site domain controller.

5. Use the following command to copy the branch office scripts to the new server:

robocopy \\<servername>\BranchDC c:\BranchDC /e

Where <servername> is the name of the staging site domain controller.

6. Use the following command to copy the quality assurance scripts to the new server:

robocopy \\<servername>\ADMonitor c:\ADMonitor /e

Where <servername> is the name of the staging site domain controller.

Configure the Preferred and Alternate DNS Servers

To configure the preferred and alternate DNS servers:

1. Right-click on My Network Places icon on the desktop.

2. Select Properties.

3. Right-click on the Local Area Connection icon. On a multi-homed server, rename each adapter for ease of identification and management.

4. Select Properties.

5. Select Internet Protocol (TCP/IP).

6. Click Properties.

7. Change the Preferred DNS server to the IP address of the staging server.

8. Change the Alternate DNS server to the IP address of one of the bridgehead servers in the hub site.

9. Click OK.

10. Click OK.

11. Close the Network and Dial-up Connections window.

Configure DNS Client and Add Registry Entries

In this procedure, you will run a script (Pre-dcpromo.cmd) that will:

· Randomly configure the preferred hub domain controller for the server.

· Disable Auto Site Coverage.

· Disable Name Service record auto-creation.

· Configure the names registered by the servers.

· Restart the server.

To run this script:

1. Log on as an Administrator.

2. Start a command prompt.

3. Change to the C:\BranchDC folder.

4. At the command prompt type: Pre-dcpromo.cmd and press ENTER. The server will restart automatically at the end of the script.

5. After the server restarts, log on as an Administrator.

6. Click Start, Run, in the Open box type Notepad C:\BranchDC\Pre-Dcpromo.log and then click OK.

7. Verify that the Pre-dcpromo.log file does not contain any errors and that all the commands completed successfully. If a command in Pre-dcpromo.cmd did not complete successfully, resolve the problem and rerun the command.

Install other Monitoring Tools

If you are using the NetIQ AppManager or Operations Manager tools, the following procedures can be used to install the agents. If you are using another third party monitoring tool, this is the stage at which you should install the tool.

Install AppManager Agent

To install the AppManager Agent:

1. Insert the AppManager compact disc and run Setup.exe.

2. Select Next, Select Install AppManager, and click Next again.

3. Select the target directory for the agent and click Next.

4. Be sure that only AppManager Agent is checked and click Next.

5. Check boxes of the services that are on the machine and click Next.

6. Uncheck Authorized Management Server:* and click Next.

7. Enter the name of the NetIQ AppManager Management Server and click Next.

8. If the AppManager management server isn’t online, you will be prompted to retry or skip discovery. You can run discovery later from the management server, so click No. If the management server is installed and available, you will not get this prompt.

9. Replace the asterisk with the name of the management server and click Next.

10. Click Next when prompted for Data Access Object/Open Database Connectivity (DAO/ODBC). Installation of the agent will proceed.

11. Click Yes when asked if you want to append the NetIQ install path to the system path.

Install Operations Manager agent

To install the Operations Manager agent:

1. Insert the Operations Manager compact disc and run Setup.exe.

2. Click Manual Agent Setup.

3. Click Next.

4. Select the destination directory for the agent and click Next.

5. Enter the name of the configuration group of which the agent is a member and click Next. Refer to the Operations Manager Installation documentation for an explanation of configuration groups.

6. Enter the name of the Consolidator computer for this configuration group. If the Consolidator has not been built, you will get a warning indicating that the consolidator version could not be verified. If the Consolidator has already been built, this indicates a problem connecting to the Consolidator computer. If the Consolidator has yet to be staged, click Next.

7. Select Full for the Agent Manager control level and click Next.

8. When the file copy is done, click Finish to complete the agent installation.

Verifying dns

Now that the server is installed, you must verify that the server can communicate on the network and resolve name resolution queries for the domains in your environment.

Verify Connectivity

After the server has restarted and before starting the process of promoting the server to a domain controller, it is important to verify the server can access the staging server and can resolve names properly.

To do this, complete the following procedure:

1. Open a command prompt.

2. Type ping <IP address> and press ENTER, where <IP address> is the address of the staging site server, Staging1, that was configured as the branch domain primary DNS server. You should see the following result:

Pinging <IP Address> with 32 bytes of data:

Reply from <IP Address>: bytes=32 time<10ms TTL=128

Ping statistics for <IP Address>:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

If you do not see a successful ping process, check the IP settings to verify that the server has the correct IP address, subnet mask, and default gateway.

3. Type nslookup corp.hay-buv.com. and press ENTER. You should see the following result:

C:\>nslookup corp.hay-buv.com.

Server: staging.branches.corp.hay-buv.com

Address: 10.10.30.1

Name: corp.hay-buv.com

Address: 10.10.1.1, 10.10.1.3, 10.10.1.2

If you do not see successful name resolution, check the IP settings to verify that the server has the staging server (10.10.30.1) as its preferred DNS server. Verify the DNS records on the staging DNS server, including the reverse lookup records. Do not proceed until DNS is working properly.