Active Directory Domain Services on Server Core (part 1)

A Server Core installation can be administered from another server using remote GUI tools such as Server Manager for most common tasks. However, to manage a Server Core installation locally, you must be familiar with the command-line tools necessary to administer a Windows Server 2008 R2 server and its installed roles. In this lesson, you learn more about the Server Core installation option. You also learn how to configure a domain controller from the command line within a Server Core installation and how to remove domain controllers from a domain.

1. Understanding Server Core

A Windows Server 2008 R2 Server Core installation is a minimal installation of Windows that consumes about 3 GB of disk space and less than 256 MB of memory. A Server Core installation limits the server roles and features that can be added but can improve the security and manageability of the server by reducing its attack surface. The number of services and components running at any one time are limited, so there are fewer opportunities for a user with malicious intent to compromise the security of the server. Because of the decreased roles and features installed, a Server Core installation also reduces the administrative burden of the server, which requires fewer updates and less maintenance.

Server Core supports the following server roles:

• Active Directory Certificate Services

• Active Directory Domain Services

• Active Directory Lightweight Directory Services (AD LDS)

• BranchCache Hosted Cache

• DNS Server

• Dynamic Host Configuration Protocol (DHCP) Server

• File Services

• Hyper-V

• Print and Media Services

• Streaming Media Services

• Web Server (IIS) (including a subset of ASP.NET)

Server core also supports these optional features:

• Failover Clustering

• Multipath I/O

• Network Load Balancing

• Quality of Service (QoS)

• Removable Storage Management

• Simple Network Management Protocol (SNMP)

• Subsystem for UNIX-based applications

• Telnet client

• Windows Bitlocker Drive Encryption

• Windows Internet Name Service (WINS)

• Windows-on-Windows 64-bit (WoW64)

• Windows PowerShell

• Windows Server Backup

2. Installing Server Core

You can install Server Core by using the same steps presented in Exercise 1 of Lesson 1. The following points outline the key differences between a full installation of Windows Server 2008 R2 and a Server Core installation:

• You must select the Server Core installation option when running the Windows Server 2008 R2 installation wizard, as shown in Figure 1.

• At the conclusion of the installation process, you are presented with a command prompt window, rather than the full Windows Server 2008 R2 GUI.

1.3.3. Performing Initial Configuration Tasks

On a server running a full installation of Windows Server 2008 R2, the Initial Configuration Tasks window guides you through post-installation configuration of the server. A Server Core installation provides no GUI, so you must complete the tasks by using command-line tools. Table 1 lists common configuration tasks and the commands you can use. To learn more about any command, open a command prompt and type the name of the command followed by /?.

The Ocsetup.exe command adds supported Server Core roles and features to the server. The exception to this rule is AD DS. Do not use Ocsetup.exe to add or remove AD DS. Use Dcpromo.exe instead.