Aim: Add and configure server roles (ADDS without DNS delegation /certificate /

DHCP/DNS).
Course Outcome: CO3.- Articulate in building analytical and creative thinking so that they
can move themselves in the field of core server usage for social and technical reasons with or
without virtual machines.

Tools: Virtual Machine (VM Virtual Box)

Procedure: The Server Manager Dashboard screen provides, at a glance, all roles installed
on the server, and will notify you of any errors or concerns. It also offers a Quick Start
menu of hyperlink options.

To manage servers running operating systems older than 2016, you must install the
following software and updates on the remote server(s):
https://docs.microsoft.com/en-us/windows-server/administration/server-
manager/server-manager

i. DNS Server service using Server Manager without Delegation

1. Open Server Manager and click Add roles and features.

2. In the Add Roles Wizard, if the Before You Begin page appears, click Next.
3. On the Installation type screen select Role-based or feature based installation and
click Next.
4. On the Server Selection screen select the server and click Next.
5. On the Server Roles screen select DNS Server, if prompted click Add Features and
click Next.
6. On the Features screen click Next.
7. Read the information on the DNS Server page, and then
 8. click Next.
9. On the Confirmation page, verify that the DNS Server role will be installed, and then
click Install.

To configure the DNS Server service

1. Open Server Manager, click Tools and click DNS.

2. Create DNS zones for the same DNS domain names that were hosted on the DNS servers
before the critical malfunction. For more information, see Add a Forward Lookup Zone
(https://go.microsoft.com/fwlink/?LinkId=74574).

3. Configure the DNS data as it existed before the critical malfunction. For example:

o Configure DNS zones to be stored in AD DS. For more information, see Change the
Zone Type (https://go.microsoft.com/fwlink/?LinkId=74579).
o Configure the DNS zone that is authoritative for domain controller locator (DC
Locator) resource records to allow secure dynamic update. For more information, see
 Allow Only Secure Dynamic Updates (https://go.microsoft.com/fwlink/?
LinkId=74580).

4. Ensure that the parent DNS zone contains delegation resource records (name server (NS)
and glue host (A) resource records) for the child zone that is hosted on this DNS server.
For more information, see Create a Zone Delegation (https://go.microsoft.com/fwlink/?
LinkId=74562).

5. After you configure DNS, you can speed up registration of the NETLOGON Records.

Note
Secure dynamic updates only work when a global catalog server is available.
At the command prompt, type the following command, and then press ENTER:
net stop netlogon
6. Type the following command, and then press ENTER:
net start netlogon

ii. To install Active Directory Certificate Services

Log on as a member of both the Enterprise Admins group and the root domain's Domain
Admins group.

1. In Server Manager, click Manage, and then click Add Roles and Features. The Add
Roles and Features Wizard opens.

2. In Before You Begin, click Next.

Note: The Before You Begin page of the Add Roles and Features Wizard is not
displayed if you have previously selected Skip this page by default when the Add
Roles and Features Wizard was run.

3. In Select Installation Type, ensure that Role-Based or feature-based installation is

selected, and then click Next.

4. In Select destination server, ensure that Select a server from the server pool is
selected. In Server Pool, ensure that the local computer is selected. Click Next.

5. In Select Server Roles, in Roles, select Active Directory Certificate Services. When
you are prompted to add required features, click Add Features, and then click Next.

6. In Select features, click Next.

7. In Active Directory Certificate Services, read the provided information, and then
click Next.

8. In Confirm installation selections, click Install. Do not close the wizard during the
installation process. When installation is complete, click Configure Active Directory
Certificate Services on the destination server. The AD CS Configuration wizard
opens. Read the credentials information and, if needed, provide the credentials for an
account that is a member of the Enterprise Admins group. Click Next.

9. In Role Services, click Certification Authority, and then click Next.

10. On the Setup Type page, verify that Enterprise CA is selected, and then click Next.

11. On the Specify the type of the CA page, verify that Root CA is selected, and then
click Next.

12. On the Specify the type of the private key page, verify that Create a new private
key is selected, and then click Next.

13. On the Cryptography for CA page, keep the default settings for CSP
(RSA#Microsoft Software Key Storage Provider) and hash algorithm (SHA2), and
determine the best key character length for your deployment. Large key character
lengths provide optimal security; however, they can impact server performance and
might not be compatible with legacy applications. It is recommended that you keep the
default setting of 2048. Click Next.
 14. On the CA Name page, keep the suggested common name for the CA or change the
name according to your requirements. Ensure that you are certain the CA name is
compatible with your naming conventions and purposes, because you cannot change
the CA name after you have installed AD CS. Click Next.

15. On the Validity Period page, in Specify the validity period, type the number and
select a time value (Years, Months, Weeks, or Days). The default setting of five years
is recommended. Click Next.

16. On the CA Database page, in Specify the database locations, specify the folder
location for the certificate database and the certificate database log. If you specify
locations other than the default locations, ensure that the folders are secured with
access control lists (ACLs) that prevent unauthorized users or computers from
accessing the CA database and log files. Click Next.

17. In Confirmation, click Configure to apply your selections, and then click Close.

iii. Configure DHCP on Windows Server 2016

Step 1. Open Server Manager and click Add roles and features.

Step 2. Click Next to start the Role and Feature Wizard.

Step 3. Choose Role-based or feature-based installation and click Next.

Step 4. Choose the server on which you want to configure DHCP and click Next.
Step 5. Choose DHCP from server roles. As soon as you choose DHCP, a new window
appears. Click Add Features.

Step 6. Click Next. The DHCP Server Feature is enabled.

Step 7. Click Next. The .NET Frameworks that are required for the DHCP server are already
pre-selected.

Step 8. Read the explanation about the DHCP function, then click Next.
Step 9. Click Install.

Step 10. Click "Complete DHCP configuration".

Step 11. Click Next to continue with the DHCP Post-Install Wizard.

Step 12. Click Commit (Choose Skip AD authorization if your machine is on workgroup).
Step 13. Click Close and you are done with configuring DHCP.

iv. The DNS Server Role Installed On Windows Server 2016

1. Open the Server Manager window and proceed to Local Server
2. Click Manage and “Add Roles and Features”

3. Once the Add Roles and Features Wizard window appears, take the time to read the
information in the “Before you begin” section, before clicking next

4. If you are using Role-based or Feature-based installation, select the radio button next to it
5. Select the server you wish to use for this role. Typically for a DNS-Only setup, its the
same one as the machine you’re looking at this on. However, the option to remotely install
the role is available

6. Select the DNS Server role.

7. A window then asks you to confirm the dependencies (usually just the Administration
Tools required for the DNS role) to also be installed. Click Add Features, as this is usually
required

8. The check box should be marked in a black check icon. (The black box in this window
typically means that not all features are installed in this tree. Usually this is by default a thing
for File and Storage Services). Then click Next to move forward
9. In the features window you can install additional features which are often not needed for a
DNS-only configuration, however, do not hesitate to take a look at them and keep them in
mind if you find a absolute need for them later
10. In the next window, it gives you a brief description of the services and its functions,
indicating things that may be affected by this role or requires this role to be installed

1. The final confirmation of the installation. It presents the option to restart the
destination server (recommended for bulk installations) and returns you to the server
manager window
Running/Configuring DNS Role

1. Select the DNS option on the sidebar of the Server Manager

2. Select the server you wish to manage, right click it, and click DNS Manager
(Alternate method, Click the Start Menu, select Administrative Tools, and click DNS)
3. Click Action
4. Click Configure a DNS Server…
5. A prompt will appear, welcoming you to the Configure a DNS Server wizards,
click Next.
6. Select one of the 3 options you wish to use that may suit your needs.

1. Reference Book:

R1 MCTS- Guide to Microsoft Windows Server’2008 Network Infrastructure Configuration,

Micheal Bender, Course Technology Cengage Learning.
R2 MCITP: 5 in-1 Study System, Windows Server 2008 Enterprise Administrator, Steven
Johnson, 2009, Wiley Publishing, Inc

2. Video Lecture on YouTube URL:

• https://www.youtube.com/watch?v=2-438yqQwiw
• https://www.youtube.com/watch?v=lsjp9VIZpSY
3. Relevant Web Link
https://en.wikipedia.org/wiki/Windows_Server_2008
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-
portal