Joined: 18 Jan 2004
|Posted: 20.8.2018, 22:42 Post subject: Server 2016 Essentials to existing domain as secondary DC
adding Windows Server 2016 Essentials (or Server 2012R2 Essentials) aka WSE 2016 to existing domain as secondary DC is quite easy, but must follow few steps to ensure smooth promoting WSE2016 as domain controller.
Basically, you will do this:
Install WSE 2016 on bare metal or as virtual machine. By my experience, Hyper-V performs better than VMWare for Windows VMs. Make sure you add at least 2 CPU cores and 12GB RAM to VM
Make sure you NAME your WSE2016 server properly assign STATIC LAN IP and point DNS to existing local DNS domain servers and to itself only. No external or public DNS should be there, no way!
Go through all updates and patches, will probably need few reboots.
If you are joining to 2003 domain scheme, make sure on source server, if scheme is indeed 2003. Check under Active directory Domains and Trusts by right-clicking on FOREST and see, if FOREST SCHEME is at least 2003. If not, upgrade it by clicking appropriate button there.
Again, for pre-2008R2 source domains, you will probably need to enable SMB 1.0 on new WSE2016 server, otherwise it won't be able to join the old domain. Go to Add Roles and Features wizard, and under FEATURES add "SMB 1.0" feature. Reboot after the feature is added.You can remove SMB 1.0 after you demote old domain controller for security reasons.
In some cases the below promotional step will import GPO settings for "Logon as a Service" from old DC. In this case your final step below will fail with unknown error. Also the "weird" Medai Streaming Service, which is rubbish for my opinion, wil cease to start. To avoid that, check Group Policy and see under Default Domain Controller Policy -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment if it is ENABLED and if it is, then see, if there are accounts ServerAdmin$ and MediaAdmin$ listed there. If they are not, then add them, close GPO editor, and run gpupdate /force from command prompt. If policy is DISABLED, ignore this step.
Do NOT continue with WSE Post-deployment Configuration Wizard! Not yet! Cancel it after each reboot and follow below link to promote WSE2016 to existing domain. We'll run this wizard at the end:
That's basically it.
WSE2016 is now your domain controller and you can demote old technology DCs, if you wish.