The 3rd Active Directory task is just a mental assignment to create a naming scheme for several computers that will be added to the domain and decide what hardware feature will attach that machine to the domain name it's given. I chose to name everything "Doug Disciple 1", 2, 3, etc, and use a service tag after each name to tie it to a specific machine.
Active Directory ticket 4 is about configuring the Windows Server on Proxmox as a domain controller. Okay so first I went to the windows server virtual machine in Proxmox, entered the console again, and went to the SERVER MANAGER application in the start menu. Once open, I went MANAGE, or if on the DASHBOARD, then click ADD ROLES AND FEATURES. The first window can be skipped and from there you select ROLE-BASED OR FEATURE BASED INSTALLATION. On the next page select your server, which I did. Now on this page you need to install ACTIVE DIRECTORY DOMAIN SERVICES or DS and ACTIVE DIRECTORY LIGHTWEIGHT DIRECTORY SERVICES or LDS, but in my case, DS was already installed from the 2nd ticket. I selected LDS from the list a few selections below DS and a small window came up offering the option to pick what features to install and I simply selected ADD FEATURES. I hit next three times, checked the option to reboot if necessary after the installation and pressed install. It installed and I closed the window.
Now back in the Server Manager again there was a yellow flag at the top of the Dashboard. When you click this flag, you will click to promote this server to a domain controller. A new window will pop up and select the option to ADD NEW FOREST. A Forest is or can be a group of domains. And then for ROOT DOMAIN NAME I entered Dougs.Disciples. After clicking next, you're supposed to set the DOMAIN FUNCTIONAL LEVEL, which is usually set to the latest version and then entered a DIRECTORY SERVICES RESTORE MODE (DSRM) PASSWORD. I did not specify a DNS delegation. I set the NetBIOS domain name as DOUGSdisciples, it did not want me using spaces or dots to separate the words, it wanted everything as one word. Verification showed a bunch of red flags. It turns out after some troubleshooting that there was no ethernet controller driver installed.
I did some research and some searching around to finally understand the instructions, and there were some confusing things, like the instructions said to download th VirtIO driver ISO and that it could be downloaded from the proxmox wiki page or from the fedora VirtIO driver ISO download page. The name of the file will just be virtio-win-<whatever release>.iso. This is confusing because Proxmox isn't running on Linux and the OS running in the virtual machine is not linux. Besides, even if it was, why Fedora, which is a Linux Distro which is different from Debian which for example is where Ubuntu comes from.
I ran it by Doug just for good measure and he said what he would do is there's another Windows Active Directory Server on Proxmox here, I would just take the driver from that machine and copy it to the new one. But I pointed out to him, if I was in a regular working environment, this mat very well not be the case. I may need to download a driver or something to upload into Proxmox for example, and it may not be a thing that's already on another VM. So I looked up why the VirtIO driver ISO came from Fedora and it said that Fedora makes it but it works with Proxmox and also works with Windows machines. Basically, the fact that it comes from Fedora is just happenstance. It should work fine. Doug said to give it a shot which is what I was thinking. At the end I will have experience finding it and seeing where it comes from and that it works or I will know that it doesn't or some other technicality or something.
Now to upload it. I have it on my laptop, how do I get it into the Proxmox VM my server is running on. ChatGPT said that I need to clock on Datacenter in the side pane in Proxmox, and access the node which will probably be named something like PVE, and then click on storage, then LVM and put it in there. I clicked on PVE and then under that, I scrolled to Disks and ChatGPT said these are not it. This is not where you would load ISO's or containers, etc. So I kept looking. This was time consuming because instead of clicking on disks in the side pane next to the one containing PVE, I was supposed to expand PVE and at the bottom of that pane is a bunch of disk platter icons simply called local and local-lvm. If you click on these, then above one of the side panes is a thing that says what I have been looking for this whole time, simply hidden in LVM but you click on one and it then says that this LVM is located in Storage. Okay...
Now there were two storage icons, one named local and one named local-lvm. The difference between these is that local is meant for ISO's and local-lvm is just the storage given to that particular VM. I think this is confusing because don't we want to install the VirtIO driver ISO in the storage location intended just for that VM? But ChatGPT is saying that we want to install it in LOCAL because thats where all ISO's and containers and templates and backups are located.
So Doug came along and sped through a bunch of the steps and I didn't get to do them myself but I have to write them before I forget. So under PVE, we went to LOCAL (storage) and and in next side pane click ISO images, click the upload button there. Make sure ISO is selected for the file type and brwse for the file. Then go to the VM that needs the driver, click HARDWARE, ADD, click CD/DVD drive, a box appears that has two red outlined boxes that need to be filled, you can leave the top box as IDE< but the red boxes, pick LOCAL, in the second box pick the ISO you uploaded. Click create, then it will appear under CD/DVD.
Go to file explorer on the VM< navigate to This PC, click on the CD/DVD drive as if it was a physical disk, and you're looking for the 64 bit MSI file which under file type will be called a Windows Installer Package. If you turn file extensions on, it will show as a .MSI file. Click it, click next a bunch of times and done. It installed, and it worked. Doug was surprised. He was sure that I was wrong.
Doug thinks that there were also many ways to solve this, and that when the other server VM was created that they just used a different virtual NIC that didn't need a driver. But we're not sure. He just doesn't think we needed to install a driver to get it working.
2024-11-14 Thursday
Okay so the driver is installed and we have a network connection. Now I need to go back and promote my new Active Directory Server to a Domain Controller by creating a Forest. Again clicking the yellow exclamation point notification at the top of the Window of the server manager under All Servers in the side panel, will bring up the new Window that will let you select the bullet to create a Forest and then give it a Root Domain Name. I wrote DougsDisciples.lan, no spaces allowed, so I basically did Camel-Case and you have to include a "." with a top level domain name and I don't have a website so I used ".lan" but you can also use ".local" and then I pressed next.
I set the Domain Functional Level and Forest Functional Level both at the latest server available and both had WinServ2016 and no higher so I just went with that. Then it wanted me to set a DSRM or Directory Services Restore Mode Password and this is only a practice server and only located on a school server likely to be deleted before long I will just say the password that it finally accepted was "Mtech123Mtech123!". ChatGPT said to just use default DNS settings the the delegation and Doug said that there was no parent directory present because I am the parent directory so skip it. I clicked next.
ChatGPT said:
Default DNS Delegation Settings
When to Enable Delegation: Generally, DNS delegation is only relevant if:
- You already have an external DNS server (e.g., in another domain) that will need to recognize and refer queries to your new AD domain’s DNS server.
- You want other DNS servers to forward requests for your AD domain’s DNS namespace to this domain controller.
Using the Default Option: If you are setting up a single domain or a standalone environment, you can usually skip DNS delegation (which is the default option). In typical Active Directory setups where the domain controller is also acting as the DNS server, checking or enabling DNS delegation is not necessary unless you have a very specific network structure.
When Not to Check It: For most internal Active Directory setups, where you are only concerned with internal clients, you can skip DNS delegation and leave it unchecked. This avoids unnecessary delegation settings, which won’t benefit your setup if there isn’t an external DNS server that needs it.
To sum up: if you’re setting up a standard internal AD environment, it’s safe to leave DNS delegation unchecked.
I clicked next through the Paths set up and moved on to the Review section to make sure it met my requirements. I then clicked next and it gave a series of warnings, which Doug said that weren't errors, go ahead. I clicked install. I pressed Finish and it automatically rebooted.
ChatGPT says that once rebooted, it will be a domain controller and you can start adding users and computers to the domain.
So I was hoping to finish this ticket and I think I did but I am unsure. It went into a boot loop on rebooting. But pressing escape out of the boot loop and selecting the boot drive got it back up and running.
This has been Truncat3d 00000000111100010100110______________end of line
No comments:
Post a Comment