Windows server cannot join an Active Directory domain due to duplicate SID’s

Issue:Windows displays the following error message:

The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system installation. Run sysprep on this machine in order to generate a new machine SID.

Solution:

Run sysprep.exe in a Command Prompt window to generate a new SID.

1. Type c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /reboot and press Enter in the Command Prompt window to change the SID and run OOBE.

Run sysprep.exe in the Windows Graphical User Interface (GUI) to generate a new SID.

1. Press Windows Logo+R, type sysprep.exe and press Enter to run sysprep.exe.

2. Select Enter System Out-of-Box Experience (OOBE) in System Cleanup Action, check Generalize and select Reboot in Shutdown Options to change the SID and run OOBE. Click OK to complete the process.

This information applies to Windows Server 2012 and Windows Server 2012 R2.

Continue Reading

How to Setup and Configure DNS in Windows Server 2012

Setting up a Domain Name System (DNS) on Windows Server involves installing the DNS Server Role. This tutorial will walk you through the DNS installation and configuration process in Windows Server 2012.
Microsoft Windows Server 2012 is a powerful server operating system capable of many different roles and functions. However, to prevent overloading production servers with features and options that are never used, Windows Server provides a modular approach in which the administrator manually installs the services needed. To setup and configure DNS, one must install the DNS Server Role on Windows Server 2012. Check out: More Windows Administration Tutorials.

Install DNS Server Role in Server 2012

To add a new role to Windows Server 2012, you use Server Manager. Start Server Manager, click the Manage menu, and then select Add Roles and Features.

1

Click Next on the Add Roles and Features Wizard Before you begin window that pops up. (If you checked Skip this page by default sometime in the past, that page will, of course, not appear.)

Now, it’s time to select the installation type. For DNS servers, you will be selecting the Role-based or feature-based installation.

2

Next, you will choose which server you want to install the DNS server role on from the server pool. Select the server you want, and click next.

At this point, you will see a pop-up window informing you that some additional tools are required to manage the DNS Server. These tools do not necessarily have to be installed on the same server you are installing the DNS role on. If your organization only does remote administration, you do not have to install the DNS Server Tools.

However, in a crunch you may find yourself sitting at the server console or remotely using the console and needing to manage the DNS Server directly. In this case, you will wish you had the tools installed locally. Unless your company policy forbids it, it is typically prudent to install the management tools on the server where the DNS will be housed.

3

Now you should see the Features window. No need to make any changes here; just click Next.

Next is an informational window about DNS Server and what it does, although one would assume that if you’ve gotten this far, you are already aware of what it is. Click Next to move on.

This is the final confirmation screen before installation completes. You can check the box to Restart the destination server automatically, if you like. Installing the DNS Server does not require a restart, but unless you’ve planned for the downtime, keep that box unchecked, just in case.

4

The DNS Server role should now be installed on your server. There should be a new DNS Role tile in your Server Manager.

5

Configure DNS Server in Server 2012

If you are an old pro with DNS server files, Windows Server 2012 does let you edit the files directly. However, Microsoft recommends that you use the interface tools to avoid errors, especially if you are integrating DNS with Active Directory.

If you want to use the command line to configure your DNS, use the dnscmd command. For those of us who don’t memorize TechNet for fun, a few clicks is all it takes.

Within Server Manager, to configure the DNS Server, click the Tools menu and select DNS. This brings up the DNS Manager window.

1

We need to configure how the DNS server will work before adding any actual records. Select the DNS server to manage, then click the Action menu, and select Configure a DNS Server. This brings up the Configure a DNS Server wizard.

6

There are three options here. You can either: configure a forward lookup zone only, create forward and reverse lookup zone, or configure root hints only.

A forward lookup zone allows you to do the standard DNS function of taking a name and resolving it into an IP address.

A reverse lookup zone allows you to do the opposite, taking an IP address and finding its name. For example, if a user is set up to print to a printer with an IP address of 10.20.12.114, but you need to know what name that printer goes by so you can find it, a reverse lookup can help. (“Ah, hah! It’s you Third Floor Vending Room Printer #1. Why you give me so much trouble?)

Root hints only will not create a database of name records for lookups, but rather will just have the IP addresses of other DNS servers where records can be found. If you already have DNS setup on your network, you’ll probably want to continue using the same configuration you already have. If not, use forward and backward for most situations. (Backup zones typically don’t hurt anything, and they are nice to have when the need arises.)

After you’ve made your section, click Next.

Now, you choose whether this server will maintain the zone, or if this server will have a read-only copy of the DNS records from another server.

1

Next enter your zone name. If this is your first DNS server, then this needs to be the root zone name for your entire organization. For example, my zone name might be arcticllama.com. If however, this server will be authoritative only for a subset, and other DNS servers will be responsible for other zones, then the name will need to reflect that. For example, us.arcticllama.com would be the zone name for just the American part of my vast corporate empire 🙂 Click next when you have entered the name.

Now, you need to choose the file name where the DNS records will be stored. The default filename is to add a .dns extension to the name of the zone you chose in the previous window. Unless you have a corporate policy stating otherwise, stick with the convention to make things easier on yourself down the line.

Next you select how this server will respond to Dynamic Updates. Although there are three choices here, only two should actually be used in production. Select the first option to allow only secure dynamic updates if you are integrating your DNS with Active Directory. Select do not allow dynamic updates if your DNS is not integrated with Active Directory and you don’t want to allow dynamic updates. Do not allow unsecured dynamic updates unless you really know what you are doing and have a very good reason for doing so.

Up next is the option to configure forwarders. If your DNS server ever gets a query for which it has no record, it can forward that request on to another DNS server to see if it has the answer

2

For example, in order to provide name resolution for internet connectivity, you can input your ISP name servers here, or use a DNS provider such as OpenDNS. You can (and should) have more than one server listed in case a DNS server is unreachable for some reason. The order forwarders are listed in is the order they are tried, so place your faster and most reliable forwarder at the top of the list.

Click Next and your DNS server is now configured and ready for use.

3

Continue Reading

Installing and Configuring DHCP role on Windows Server 2012

Installing DHCP role via new Server Manager

Ensure the computer has at least one static IP address assigned before starting the role installation.

Launch the Add Role Wizard from Server Manager.
Select DHCP server role and go through the steps needed for installation.

The last page of the wizard (which comes up after the role has been installed), provides a link – “Complete DHCP configuration”.

This provides some tasks that need to be performed to enable the DHCP server role to work properly after role installation.

1

Launch the DHCP post-install wizard and complete the steps required.

Creation of DHCP security groups (DHCP Administrators and DHCP Users). For these security groups to be effective, the DHCP server service needs to be restarted. This will need to be performed separately by the administrator.

2

Authorization of DHCP server in Active Directory (only in case of a domain-joint setup). In a domain joined environment, only after the DHCP server is authorized, it will start serving the DHCP client requests. Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory. See how to delegate permissions to do this in active directory.

3

Figure 3: DHCP Post-Install configuration wizard – Authorization Page

4

In case completing of the post-install step is missed after role installation, the administrator will continue to see a notification on the action pane and also a link on the DHCP role tile on the main Server Manager page suggesting that some configuration is required. That link would go away only after completion of the post-install task.5

The configuration of DHCP server parameters such as scope, options etc. are no longer available in the new Server Manager. The administrator can now launch DHCP MMC either via Server manager (as shown below), or via the DHCP MMC application in the Start Menu, or writing dhcpmgmt.msc on the command prompt. The administrator can now create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients.

6

Installing via PowerShell

To install the DHCP server role via PowerShell, one needs to run the following command:
Command: Add-WindowsFeature -IncludeManagementTools dhcp
Note the extra switch (IncludeManagementTools) which is now needed, in contrast to Windows 7. Without this switch, just the DHCP server role would be installed. The DHCP server RSAT tools which includes DHCP MMC, netsh context and the new DHCP PowerShell cmdlets, is not installed by default, unless you give the above flag.

After the role is installed, there are a few other steps that the administrator needs to perform so that the server can work correctly and lease out addresses. This the post-install configuration as performed by the above mentioned post-install wizard. The administrator can either launch the Server Manager and complete the DHCP post-installation task from there (as this is UI-only task) or run the below set of commands which are an equivalent of above.
Creating DHCP security groups

Creating DHCP security groups

Command:netsh dhcp add securitygroups

You will need to restart the DHCP service for these groups to become active.
Command: Restart-service dhcpserver
Authorizing the DHCP server in Active Directory (only needed for a domain-joined setup)
Command: Add-DhcpServerInDC <hostname of the DHCP server> <IP address of the DHCP server>
Now the administrator can launch DHCP MMC either via Server manager, or via the DHCP MMC application from the start menu, or by writing dhcpmgmt.msc on the command prompt. The administrator can now also create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients using DHCP MMC or the new DHCP PowerShell.
If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2.

Continue Reading

Installing Active Directory on Windows Server 2012

Installing Active Directory on Windows Server 2012

This article will walk you through setting up the Active Directory Role on a Windows Server 2012. This article is intended to be used for those without an existing Active Directory Forest, it will not cover configuring a server to act as a Domain Controller for an existing Active Directory Forest.
Installing Active Directory

Open the Server Manager from the task bar.

From the Server Manager Dashboard, select Add roles and features.

This will launch the Roles and Features Wizard allowing for modifications to be performed on the Windows Server 2012 instance.

1

1- Select Role-based or features-based installation from the Installation Type screen and click Next.
Note: Roles are the major feature sets of the server, such as IIS, and features provide additional functionality for a given role.

2

1-The current server is selected by default. Click Next to proceed to the Server Roles tab.

3

1-From the Server Roles page place a check mark in the box next to Active Directory Domain Services. A notice will appear explaining additional roles services or features are also required to install domain services, click Add Features.

Note: There are other options including, Certificate services, federation services, lightweight directory services and rights management. Domain Services is the glue that holds this all together and needs to be installed prior to these other services.

4

1-Review and select optional features to install during the AD DS installation by placing a check in the box next to any desired features; Once done click Next.

5

1-Review the information on the AD DS tab and click Next.

6

1-Review the installation and click Install.

Note: The installation progress will be displayed on the screen. Once installed the AD DS role will be displayed on the ‘Server Manager’ landing page.

7

Configuring Active Directory

Once the AD DS role is installed the server will need to be configured for your domain.

1 If you have not done so already, Open the Server Manager from the task bar.

2 Open the Notifications Pane by selecting the Notifications icon from the top of the Server Manager. From the notification regarding configuring AD DS click Promote this server to a domain controller.

8

1-From the Deployment Configuration tab select Add a new forest from the radial options menu. Insert your root domain name into the Root domain name field.

9

1-  Review and select a Domain and Forest functional level. Once selected fill in a DSRM password in the provided password fields. The DSRM password is used when booting the Domain Controller into recovery mode.

Note: The selection made here will have lasting effects to features and server domain controller eligibility. For further information on Domain/Forest functional levels see official Microsoft documentation.

10

1-Review the warning on the DNS Options tab and select Next.

11

1-Confirm or enter a NetBIOS name and click Next.

12

1-Configure the location of the SYSVOL, Log files, and Database folders and click Next.

13

1-Review the configuration options and click Next.

22

1 The system will check to ensure all necessary prerequisites are installed on the system prior to moving forward. If the system passes these checks you will proceed by clicking Install.

Note: The server will automatically be rebooted once the installation completes.

15

After the server is done rebooting, reconnect via RDP. Congratulations on successfully installing and configuring a Active Directory Domain Services on Windows Server 2012.

Continue Reading

Configuring Volume Shadow Copies (VSS) on Windows Server 2012 R2

Volume Shadows Copies (also known as Volume Snapshot Service or VSS) is a technology developed by Microsoft to take restorable snapshots of a volume.

On Windows Server 2012 // 2012 R2 it’s quite easy to set up and restore operations are pretty straightforward.

Note: Volume Shadow Copies allow to restore previous states of the entire volume, you can’t restore previous states of single files and/or folders.

Open the File Explorer and right-click on the volume where you want to enable Volume Shadow Copies. Select Configure Shadow Copies:

1

2

Microsoft suggests to use a dedicated drive to store Volume Shadow Copies in case of high-load. Click Yes:

3

A first snapshot will be generated. Default VSS settings work as following:

Volume Shadow Copies will be stored in the same volume
Volume Shadow Copies will take a maximum amount of 10% of the local disk space
The system reserves a minimum of 300MB of disk space for the shadow copies
The system schedules two shadow copies per day (7.00 AM and 12.00 PM)

To modify these settings click Settings:

4

The option panels are quite explicative:

5

6

To restore a previous snapshot just select it and click Revert:

7

Continue Reading