donderdag 24 mei 2012

Add PC01 to the domain and allow remote desktop access by Group Policy

image

In my demo environment I like to use PC01 as a demo client PC.

First step is adding the PC01 to the demo.local domain. Of course the IP-Configuration must be set to make sure the PC01 can find the domain controller.

image

Adding the PC01 to the domain can be done by the same steps as in this blog about SQL01. [Blog]

After the PC01 is added to the domain I would like to be able to use Remote Desktop to connect to the PC01. However when I try to I will get the error:

image

It’s now a domain computer so I will not add users to the local group or change the local policy on the PC. Let’s use a Domain Policy to do this.

Login to you Domain Controller and click start and then type gpmc.msc and hit enter. The Group Policy Management console will start when you did it correct.

As you can see I created a Workstations OU in my Active Directory, I also moved the PC01 to this OU. All following steps will be based on this OU.

image

Right click the Workstations OU and select Create a GPO in the domain…….

image

Give the policy a name and click OK

image

Because we created the policy when we had the Workstations OU selected a link is created on the Workstations OU and the policy is created in the Group Policy Objects.

image

Right click the Policy and select Edit, the following screen will appear

image

Browse to the node as seen in the image and double click the Allow users to connect remotely using ………

image

Select enabled and click OK

image

Now the RDP access is enabled but we still not logon with RDP clients to the PC01. First we need to make sure that the users that you want to be able to do this are member of the local Remote Desktop Users group on the client.

This we will also do within the same GPO.

Still with the just created GPO open go to the Restricted Groups node as shown in the Image and click Add Group.

image

Click browse in the next windows and when the below window appears type remote, click Check Names and select the Remote Desktop Users group. Click OK.

image

And Click OK Again..

image

Click Add as shown below and then Browse to select the users/groups who you want to grant these rights..

image

In my case I created a group in AD that contains the users/groups that I want to be able to use the RDP rights to workstations. After selecting your users/groups click OK

image

And OK again

image

Close the GPO editor window. Go to the GPMC and show the settings of the just created GPO.

image

Seems to be okay, so are we finished? When trying to login true RDP with a user that is member of the GRANT_RemoteDesktopToWorkstations it still does not work..

Did you refresh your PC01? To make sure that the GPO’s are enforced? No?

Access the PC01 by the Virtual Management Console in my case Hyper-V and login with a account with administrative permissions….

Click the Windows start button, type CMD, right click CMD and select Run as Administrator

image 

Type GPUPDATE /FORCE and hit enter, or restart the PC01..

image

Succeeded!!!!

image

 

Hope you enjoy this blog! When you have comments, better solution and recommendation I like to hear from you.
Dynamic Intelligence | LinkedIn | Blog | Twitter

woensdag 23 mei 2012

Adding SQL01 to the demo.local domain & Installing SQL 2008R2

image

In my previous blog I did setup my Domain Controller for the demo.local domain. This blog is about adding SQL01 as a SQL 2008R2 server to the domain. I will not explain how to Install SQL 2008R2, this is done before. Download the PDF here: Blog2 - SQL Server 2008R2 Installation (PDF Download)

This blog is not only for those who already know everything, but also for those who are only using SQL server and never installed there own servers or added them to a domain. So how simply this might be I will explain it below.

I hope you understand how to connect to your server as an administrator after you have installed Windows 2008.

Before we can install SQL 2008R2 on the server we need to add the server to the domain. The first thing to do is to set the IP-Configuration:

image

Next step is to get to the location where you can add the server to the domain.

Click the Windows Start button, then right click Computer and select properties.

image

Click Change Settings in Computer name , Domain and workgroup settings

SNAGHTML27bc3d

On the System Properties screen , type a computer description if you like and then click Change

image

On the Computer Name / Domain Changes screen select member of Domain and type your chosen domain name. In my case demo.local and click OK.

image

When everything is correct, the server will find the domain controller and will ask for credentials that have the right to join the server SQL01 to the domain. In my case the demo.local\administrator.

image

After clicking OK it can take a while depending on your environment. But when correct the next screen will appear, click OK.

image

After clicking OK a warning will appear that you need to restart the server. Click OK.

image

Click Close on the System Properties Screen, now the restart screen appears, click Restart Now.

image

After the SQL01 Server is restarted start a remote desktop connection to the server again. Login with a domain demo.local\administrator account to the server to see or adding the server to the domain succeeded.

image

On the Server Manager page we can see the server joined the domain

SNAGHTML3aec61

We can check on some more places. Login to your domain controller and start Active Directory Users & Computers. Select the Computer node and notice that your server is there.

image

Start the DNS Manager on the domain controller, open the demo.local node and notice that your server is there.

image

So we now added the server to the domain, you can now repeat this for all other servers that you like add to the domain.

Hope you enjoy this blog! When you have comments, better solution and recommendation I like to hear from you.
Dynamic Intelligence | LinkedIn | Blog | Twitter

dinsdag 22 mei 2012

Configuring the Domain Controller

image
This blog describes the steps I made to install my Domain Controller. The starting point is Windows 2008 R2, with all available updates until 20th of May 2012 and Remote Desktop Access is enabled.
First step to make is configuring the TCP/IP settings to match my current network configuration.
image
The preferred DNS is using the local host addressing to make sure the DC01 will be able to find is own DNS environment. The Alternate DNS point to my Router.
Start the Server Manager tooling and click Add Role
image
On the Before You Begin screen click Next
image
On the Select Server Roles screen mark the check box “Active Directory Domain Services”
image
A message box appears to add the required features that makes it possible to install the Active Directory Domain Services. Click Add Required Features.
image
Click Next to continue installation of the Active Directory Domain Services.
image
On the next screen features of the Active Directory Domain Services are explained including the components that will be installed for making DC01 a fully runnable Domain Controller. Click Next.
image
On the Confirm Installation screen read if you want and then click Install
image
Installation is running, have some patients to let it finish.
image
In my case the Installation Results windows shows a Warning about not having enabled automatic update. I like to know what is happening when updating this server and keep it this way. It’s your own choice, click close to continue.
image
On the server manager screen we can see that the Active Directory Domain Services is installed but shows a red cross. This is because we need some other steps to complete.
image
Click the Windows Start button and type dcpromo in the search box. When in the Programs list dcpromo appears right click it and select “Run as Administrator”.
image
A small screen appears that checks all is installed to get on with dcpromo.
image
On the Welcome screen click Next
image
My demo & test environment contains only Windows 2008 or higher server editions. This message warns for using “older” security based servers. Read if you like and then click Next.
image
This will be the first domain controller for a new forest, so select create a new domain in a new forest and click next.
image
Now we need to name the forest root domain, you can choose what you like, mine is going to be demo.local and click Next
image
A window appears that’s going to check or the given root domain is available.
image
Now we need to choose the forest functional level, if you plan to add multiple domain controllers to the forest based on different Windows Server editions you need to make the choice you need. In my environment I will not add Server edition lower then Windows 2008 Server, so that is selected and then click Next.
image
Same for the domain functional level
image
The install will now check or DNS is configured…
image
This is the first DC in the domain so all settings are as desired, click Next
image
A warning appears that A delegation for this DNS server connect be created …… this is correct, it’s the first DC/DNS in the domain and I’m not integrating with an other domain. Click Yes to continue.
image
I leave all locations as default and click Next
image
Type your Restore mode password and click Next. Remember it if you ever need to access the restore mode…
image
On the Summary screen you can read the selections you made and then click next to start configuration.
When this is a try and you would not like to do this again you can Export your settings to a Answer file to use for unattended installation.
image
The installation will now start, have patients to let if finish….
image
Click Finish to complete the installation…
image
The restart screen appears, I select DO NOT RESTART…. Because I want to clear all windows logs before restarting…
image
Click Windows Start button, type eventvwr in the search box and hit enter.
The Event Viewer screen will appear, open the Windows Logs node, right click the Application node and select clear log, click clear in the appearing windows.
image
Repeat above step for security, setup and system log.
Now restart your server! It might take a while before it’s up and running again……
The first thing that you might notice is that you can’t login based on your local credentials.
image
This is now a Domain Controller so you need to login with a domain account, you local account is converted automaticly so you only need to choose your domain. Click Use another account.. type <domain>\<user> to login.
image
After you logged in check the Windows Logs with the Event Viewer to see or there are a lot of issues. In my case only the time services needs some attention, this is the primary domain server so he can’t find a top level time services above him. I will fix this later.
Also an error eventId14550 is logged. See http://technet.microsoft.com/en-us/library/ee411032(v=ws.10).aspx for more information…
The simple thing is during startup this services can’t register, following the instructions on the given URL should fix this.
image
And yes, it’s now starting successful
image
We are finished for now, in administrative tools the DNS / DC tools are available, start playing…
image
All is there?
The root domain:
image
We can manage Active Directory:
image
And also DNS seems to be up and running…
image
Hope you enjoy this blog! When you have comments, better solution and recommendation I like to hear from you.
Dynamic Intelligence | LinkedIn | Blog | Twitter