Redundant ADDS Config - SomethingGeneric/sparkle.local GitHub Wiki

On DC01 I first used sconfig to set the server's static IP.

• Once logged into DC01, I ran the sconfig command and typed "8" to configure the server's Network Settings
• I then typed "1" to select the index number of the server's only network adapter
• From here, I then proceeded to configure the necessary IP settings for DC01 and then typed "4" to exit to the main menu.

^^ Screenshot of the IP settings used for DC01-Sparkle.

Additionally, I also used sconfig to change the system hostname to dc01-sparkle.

• Within the sconfig menu, I typed "2" to configure the Computer Name for DC01
• After entering a new hostname for DC01, I then pressed "enter" to set the new change.

^^ Screenshot of the hostname command being run on DC01 to show that the new hostname was successfully configured.

Following a system reboot to apply the new hostname, I also used the following commands within a PowerShell terminal to install the ADDS role onto DC01 and promote it to the domain controller of sparkle.local.

• Install-WindowsFeature AD-Domain-Services -IncludeManagementTools (Used to install the ADDS role onto DC01)
• Install-ADDSForest -DomainName <Domain_Name_Here> (Used to configure/promote DC01 as a domain controller following the install of the ADDS role)

In order to more easily manage DC01 and DC02, I decided to setup Mgmt01, which uses a desktop version of Windows Server 2019 (Useful as this allows me to use RSAT to manage both DC01 and DC02, which are both running Windows Core).

From here I configured IP/networking for Mgmt01 and made sure that the DNS was setup to join the domain.

^^Screenshot of Mgmt01 networking, showing DNS pointing to DC01)

Additionally, I used Server Manager on Mgmt01 to rename the system to Mgmt01-sparkle. To do this, I used the following steps:

• I opened Server Manager on Mgmt01
• Navigated to the local server tab
• Selected Computer Name
• Selected Change and renamed Mgmt01 to mgmt01-sparkle
• Lastly, I clicked "OK" and rebooted the system to apply the new hostname

^^ Screenshot of me using the "hostname" command on Mgmt01 to verify that the new hostname was configured.

In order to join Mgmt01 to the sparkle.local domain, I used Server Manager again to navigate to Mgmt01's "System Properties" which allowed me to join the system to the local domain. This task was completed using the following steps:

• I opened Server Manager on Mgmt01
• Navigated to the local server tab
• Select Domain
• Selected Change and specified Mgmt01 to be a member of the sparkle.local domain
• I clicked "OK" and inputted the credentials of my domain admin user to join the domain
• Lastly, I rebooted the system to finalize the domain join process

^^ Screenshots of me successfully configuring and adding Mgmt01 to the sparkle.local domain.

On Mgmt01, I used Server Manager to add new roles and features to the local system to help assist with the remote management of DC01 and DC02

Roles and Features that were installed, Include:

• RSAT Tools
  • ADDS Management
  • DNS Management
• Group Policy (allows Mgmt01 to edit Group policies for the Domain)

Similar to the setup of DC02, I used sconfig command to set the server's static IP.

^^ Screenshot of sconfig being used to set the Static IP for DC02

From here, I used sconfig to change the system hostname to dc02-glitter. (A reboot was needed to apply the changes.)

Following the reboot, I then configured DC02 to join the sparkle.local domain by using sconfig to change the system's Domain/Workgroup Membership. Here I was able to specify DC02 to join the sparkle.local domain and used the credentials of a Domain Admin account to finalize the Domain Join task (DC02 was rebooted again to apply the new changes).

^^ Screenshot of sconfig being used to show that DC02 was successfully joined to the sparkle.local domain.

Lastly on Mgmt01, I used RSAT and Server Manager to install the ADDS role onto DC02. After the install, I then proceeded to configure and promote DC02 as a new secondary domain controller on sparkle.local.

In order to manage the DNS servers on both DC01 and DC02 using Mgmt01, I first needed to add the necessary RSAT management:

• On Mgmt01, opened Server Manager > Manage > and selected Add Roles and Features
• In the Add Roles and Features Wizard Menu, I selected Role-based or feature-based installation and specified the installation to take place on Mgmt01
• From here, I navigated to Server Features and selected the following features to be installed:
  • Group Policy Management (enables Mgmt01 to edit/modify group policy settings for sparkle.local)
  • RSAT Tools
    • AD DS and AD LDS Tools
    • DNS Server Tools

---

Next, I used Server Manager again to add DC01 and DC02 to the list of servers that can be managed by Mgmt01:

• From Server Manager, I clicked Manage > and selected Add Servers
• I clicked Find Now and added both DC01 and DC02 to Mgmt01's list of managed servers
• Lastly, I clicked OK to complete this selection.

---

After completing this setup, we were now able to configure the DNS servers for both DC01 and DC02:

• In Server Manager, I navigated to All Servers and right clicked on DC01
• I then opened DNS Manager > Navigated to Reverse Lookup Zones and created a new Primary Reverse Lookup Zone for sparkle.local
• Following this, I then proceeded to update the PTR Records for the A Records stored in the DNS server's Forward Lookup Zone
• I also added new A Records and PTR Records for the new systems on the team's network (ex. Fw01, w1, w2, etc).

---

Following this, I navigated to DC02's DNS Manager to configure its DNS Server:

• I configured a new Primary Zone for DC02's DNS server (this allows DC02 to act as both a DC and a DNS server for sparkle.local)
• Additionally, I set this new zone to replicate DNS records from DC01 which helps to ensure redundancy of the domain's DNS service

^^ Screenshot of DNS Manager being used on Mgmt01 to show the successful setup of DNS servers on both DC01 and DC02.

Additional Note: Although both DNS servers on DC01 and DC02 will sync with one another periodically, you can used the following PowerShell commands to force a given server's DNS to sync their records:

• Enter-PSSession <DC01/DC02>
• dnscmd /zoneupdatefromds <domain_name.local>