Prepare Active Directory Windows Server 2016 DC Adprep

With the RTM release of Windows Server 2016, many will be thinking about and looking to introduce a Windows Server 2016 domain controller into their existing Active Directory environments.  Let’s take a look at how to prepare Active Directory Windows Server 2016 DC Adprep and what steps are involved to introduce the first Windows Server 2016 into an existing environment.

If you are interested in an in place upgrade of Windows Server 2016 R2, check our post here.

Prepare Active Directory Windows Server 2016 DC Adprep

In my lab setup, I have an existing Windows Server 2012 R2 domain controller running a domain called TESTLAB.LOCAL.  This is a single forest, single domain environment for testing purposes.  The one Windows Server 2012 R2 DC holds all the FSMO roles.

The DCPromo Process

The DCPromo of a Windows Server 2016 server isn’t really DCpromo any longer as it wasn’t in 2012, but it seems like we all still affectionately call it that for a point of reference.  Active Directory Domain Services is installed the exact same way in Windows Server 2016 through the Server Manager Add Roles wizard.

Select the Active Directory Domain Services role.

It brings up the features informational box letting you know the additional features that will be installed with the role selected.

You can select for the server to be automatically restarted or not after installation completes if it needs to restart.

After the role complets, the wizard will tell you that additional configuration is needed to complete the promotion of the server to be a domain controller.

If you click the little flag in server manager with the yellow bang, you can then click the link to Promote this server to a domain controller.

 

Here we want to choose to Add a domain controller to an existing domain.

It is easy to miss the DSRM password field so be sure to enter and confirm.  The wizard won’t let you move forward without it however.

Below are the DNS options.  Notice the warning that “A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found…”.  If you are installing a forest root domain controller that is using Active Directory-integrated DNS, you typically do not need to be concerned about this warning message.

I ran into this error on the next screen –  “Could not retrieve domain controllers.  External component has thrown an exception”.  As it turns out, the issue for me was that I was logged in as a local administrator and not a enterprise administrator from the domain. I had quickly logged in after a reboot previous to launching the promotion wizard.

Update  As mentioned in the comments below, this error also could have been avoided by entering in the “Supply the credentials to perform this operation” domain credentials on the Deployment Configuration screen.

After logging back in as an enterprise administrator on the domain, the replicate from domain controller part of the wizard was error free.

You can verify that you can indeed “talk” to the domain by pulling down the Replicate from combo box…you should see your domain controllers available.

Now for the forestprep and adprep wizards that we have all come to love and hate, as in Windows Server 2012 and higher, this is done for you in the Active Directory Domain Services Configuration Wizard.  This is listed under the Preparation Options page of the wizard.  As noted it will perform:

• Forest and schema preparation
• Domain preparation

As mentioned above, make sure you are logged in as an enterprise administrator to perform these operations at a forest level.

As in Windows Server 2012 and higher, you can click the View script button to see the code in Powershell for the configuration process you have defined in the wizard.

The contents of my View Script are below.

#
# Windows PowerShell script for AD DS Deployment
#

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "TESTLAB.LOCAL" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$true

The wizard will perform one final prerequisites check.

After installing, you will have a functional Windows Server 2016 domain controller, functioning at the lowest functional level required for your legacy DCs (lowest being Windows 2008 level).  This is mainly due to FRS being completely deprecated which is the replication service used to replicate SYSVOL contents.  Windows Server 2016 only supports domain controllers that use DFS for replication.

UPDATE  See the notes from Stuart Rowe below on his comments about Windows Server 2016 actually supporting FRS.  This may prove useful in a handful of use cases.

Final Thoughts

Windows Server 2016 is an exciting operating system that is certainly next generation and allows so many cloud capabilities that they are almost too numerous to mention.  If you are looking to Prepare Active Directory Windows Server 2016 DC Adprep then hopefully this quick post will show how easy the process really is to introduce your first Windows Server 2016 domain controller.