MsExchange Blog Spot Telnet25

September 17, 2014

Configuring Internal Application Relay with Receive Connector Part#2

Filed under: General — telnet25 @ 4:14 am

Open your newly created internal Receive connector my making right click on it and selecting properties

clip_image001

In order to allow Anonymous Authentication follow the steps in this order. On the Authentication Tab TLS is selected by default.

  • Click Permissions and select “Exchange Servers” and click apply

clip_image002

  • Now go back to Authentication and select “Externally Secured” this is where the magic starts

clip_image003

  • I will explain in details why we selected this option and what happened in the background.
  • Go back to Permissions Tab and select this time “Anonymous”

clip_image004

  • If you don’t follow the order you will receive error, some controls aren’t valid.

You must set the value for the PermissionGroups to ExchangeServers when you set the AutMechanism parameter to a value of ExternalAuthoritative.

clip_image005

  • You got this because you did not follow the order listed above.
  • If you enable “Eternally Secured” you will be forced to use limited offer TLS with this connector,
  • You can go back and mess with Permissions groups if you do have any requirements.

clip_image006

Step-1 —————> Permission Groups, Select Exchange Servers

Step-2 —————> Authentication Settings, Select Externally Secured

Step-3 —————> Permission Groups, Select Anonymous

Externally Secured meaning is, This Receive connector will lift off most of the restrictions, you are pretty much trusting the internal Servers, the relaying servers are “Trusted: therefore you will be adding the IP address of the relaying servers into here.

clip_image007

Here is list of permissions gets assigned to this connector

Accept-Authoritative-Domain

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}

Bypass-Anti-Spam

MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}

Bypass-Message-Size-Limit

MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}

SMTP-Accept

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}

Accept-Headers-Routing

MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}

SMTP-Submit

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}

Accept-Any-Recipient

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}

Accept-Authentication-Flag

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}

Accept-Any-Sender}

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

See the  Receive connectors

Get-ReceiveConnectors

clip_image009

Add AD Permissions to this Receive Connector

$ReceiveConnector = "E1\Internal_Relay-1"

Get-ReceiveConnector "$ReceiveConnector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

clip_image011

Now let’s see the properties of this connector

Get-ReceiveConnector -Identity "E1\Internal_Relay-1" | fl

clip_image012

Now if you have applications will relay off this connector and they are defined with short names, you will need to add your SMTP domain name in this filed, otherwise the short name completion may fail with 501 5.1.3 Invalid address Short Name Rcpt SMTP address etc.

Basically the application server is passing valid from SMTP Address format on the relay submission and on the CC or BB it is passing short names such as casey.Dedeal

From: ApplicationRelay@smtp25.org

To: Casey.Dedeal

Bcc: Jon.Doe

clip_image013

To overcome with this issue allow applications to continue to use short names on the CC or BCC field use

$ReceiveConnector = "E1\Internal_Relay-1"

Set-Receiveconnector "$ReceiveConnector" -defaultdomain ZtekZone.com

clip_image014

Now this connector will append default specified SMTP domain to short names when application is performing relay submission.

clip_image015

One less to worry , especially for applications who are written poorly. ( none full SMTP compliant)

If you like to see the AD Permissions on this connector

$ReceiveConnector = "E1\Internal_Relay-1"

Get-ReceiveConnector "$ReceiveConnector” | Get-ADPermission | where {$_.extendedrights –like “*Any-Recipient”}

image

Lastly , use network sniffer and SMTP loggings options  to further troubleshoot any SMTP submission failures on this connector.

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

SMTP Application Relay Receive Connector Exchange 2010 and 2013

Filed under: General — telnet25 @ 2:51 am

Internal Application Relay Connector Part-1

If you get this far and reading this article, most likely you do need to build internal Application Relay Connector with Exchange 2010 or Exchange 2013. Part-1 I will list the requirement and sample deployment plan, which will assist you to pull swift, head ache worry implementation. Trust me on this planning correctly at the very beginning is the way of doing it right. Each time I roil into small, big projects this becomes reality.

Step#1 Identity the applications will use this connector and use sample table below

image

image

Planning

  1. Test new Receive Connector for application relay
  2. Verify application relay works after cut over
  3. If you do not have test environment the table below will help you to test in production
  4. Make certain you have fail back steps included into your cut over implementation plans
  • Let’s create the connector,
  1. Creating Internal Application Relay Receive Connector Part#1
  2. Log onto your management Server, or Exchange HTS (Hub Transport Server) with correct administrator privileges via RDP ( Remote Desktop Protocol)
  3. After successful logon, Click on All Programs, Microsoft Exchange Server 2010, Exchange Management Console, run EMC with administrator privileges by making right click on it, accept any UAC prompts by clicking yes.

clip_image001

  • Expand Microsoft Exchange on Premises
  • Go down to Server Configuration, Expand it click on Hub Transport Server

Now each Server will have Client and Default connectors, if you do not know what they do , you may want to do use your Bing-Fu skills to get to know them, in most cases you would leave these connectors alone and create receive connector with desired authentication methods and permissions which we are about to do.

clip_image002

  • Now in the middle pane make right click and select “New Receive Connector”

clip_image003

  • Give it a name and click next

clip_image004

  • If you have any special requirements you can change listening port , use server FQDN on the connector and click next, if not leave with defaults and click Next

clip_image005

  • Now click on red X and delete the subnet defined there

clip_image006

  • Add the IP address of the application server, (this could be HLB proxy IP address etc.), the IP address id being used to talk to this connector

clip_image007

  • Click new

clip_image008

  • Click Finish

clip_image009

  • You could practically skip all GUI and use the PS listed below to get the same work done, Change required filed if you wish to create same connector from PS.

New-ReceiveConnector -Name ‘Internal_Relay-2′ -Usage ‘Custom’ -Bindings ‘0.0.0.0:25′ -Fqdn ‘e1.ZtekZone.com’ -RemoteIPRanges ‘10.10.10.172’ -Server ‘E1′

clip_image011

  • If you refresh GUI you will notice both connectors are there

clip_image012

We are done with part one, On part 2 we will configure the internal Application Relay Connector with correct settings, to allow internal applications to relay successfully stay tuned.

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

August 27, 2014

Managing RBAC Roles with RBAC_Manager, with Five easy steps.

Filed under: General — telnet25 @ 2:44 pm

We will look into using RBAC Manager R2 rom (CodePlex) to manage our environment. There are several cmdlet’s also available.

Download RBAC manager From this link , unzip the files and execute RBAC_Manager.exe.

Note: RBAC_Manager.exe runs into memory space , it means you do not have to install it. If your environment is “secured” this could be pretty neat news. I still recommend making sure , you are clear with your work place existing policies etc..

image

Now provide required parameters and click ok to connect.

image

You will be seeing Management Roles , listed on the left pane

image

*PS equivalent for what you are seeing would be

#Get all management Role Entries

Get-ManagementRoleEntry "*\*"

After making making up your mind what Management Role you like to use as parent and create new one, simply “right click” and select “New Role From Here”

image

*PS equivalent

If you like to see what cmdlet;s assigned to specific Role entry

Get-ManagementRoleEntry "Active Directory permissions\*"

image

Create new Role from Parent

New-ManagementRole "ZTEK Active Directory Permissions" -Parent "Active Directory Permissions"

image

Note: As far as name convention goes for the Management Roles, make some plans and follow them. Having simple name convention for Management roles and Role Groups will provide more simpler management to your organization.

image

image

Select the Role and get rid of any cmdlet you do not want to associate with this Role, Click Save on the top menu to save the changes.

image

PS Version ( Remove All cmdlet,  but Like ( matches ) the filter )

Get-ManagementRoleEntry “ZTEK Active Directory permissions\*” | Where {$_.name -Like “Get-User”} |  Remove-ManagementRoleEntry -Confirm:$False

Now Click on “Show Role Groups”

image

image

Get-RoleGroup

image

Create Role Group

New-RoleGroup -Name "ZtekZone HelpDesk 1.0"

image

image

here you can select any of the existing roles , custom scope options, it is pretty simple and useful , once you are read click on ok.

image

In this example I will pick up the role we have created earlier

image

Adding member to Role Group

image

image

image

Get-RoleGroup | Select-Object name

image

Get-RoleGroup -Identity "ZtekZone Security Tier 2"

image

Get-RoleGroup -Identity "ZtekZone Security Tier 2" | Add-RoleGroupMember -Member c-Aki.Armstrong

to see the list of members

Get-RoleGroup -Identity "ZtekZone Security Tier 2" | Select-Object name,members | ft -AutoSize

image

you can un-check the box to take Ron out of RBAC Role Group. As you already know RBAC groups are kept in the AD root Forest, in the “ Microsoft Exchange Security Groups” Organization container.

image

image

image

As you can see it is fairly simple to manage the RBAC roles and it is related task with RBAC Manager

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

 

July 30, 2014

Installing Active Directory Certificate Services Windows 2012

Filed under: General — telnet25 @ 11:40 am

 

If you are looking into installing Certificate authority with widows 2012 server follow the simple steps listed in this article. Steps are pretty similar to windows 2008 CA installation

Step#1

Open Server Manager , Manage and Add Roles and Features

clip_image001[4]

Step#2

clip_image002[4]

Step#3

clip_image003[4]

Step#4

clip_image004[4]

Step#5

clip_image005[4]

Step#6

clip_image006[4]

Step#7

clip_image007[4]

Step#8

clip_image008[4]

Step#9

clip_image009[4]

Step#10

clip_image010[4]

Step#11

clip_image011[4]

Step#12

clip_image012[4]

Step#13

clip_image013[4]

Step#14

clip_image014[4]

Step#15

clip_image015[4]

Step#16

clip_image016[4]

Step#17

clip_image017[4]

Step#18

clip_image018[4]

Step#19

clip_image019[4]

Step#20

clip_image020[4]

Step#21

clip_image021[4]

Step#22

clip_image022[4]

Step#23

clip_image023[4]

Step#24

clip_image024[4]

Step#25

clip_image025[4]

Step#26

clip_image026[4]

Step#27

clip_image027[4]

Step#28

Open IIS

clip_image028[4]

Step#30

clip_image029[4]

Step#31

clip_image030[4]

Step#32

clip_image031[4]

Step#33

clip_image032[4]

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

July 23, 2014

Create Custom RBAC roles with quick powerfull cmdlets.

Filed under: General — telnet25 @ 1:49 pm

Here are some handy RBAC cmdlets to help you build your own custom Role Groups, role assignments etc. When you design RBAC Groups , you need to pay attention to your name convention to make sure , Groups, role assignments etc. makes sense, each Role Group created will be located on Microsoft Exchange Security Groups on the root of the forest/Domain , adding members to these security groups also possible using active directors users snap in, so you need to have plan to secure these groups. it might be good idea to tick the box “protect object from accidental deletion” for these groups.

image

image

image

#List all Management Roles

Get-ManagementRole

clip_image001

#List all role entries within given Management Role

Get-ManagementRoleEntry "View-Only Recipients\*"

clip_image002

Note: as you have noticed, all these cmdlet’s , user can run if the user is assigned to a Role Group = Assigned Role = ManagementRoleEntry

Here is simple snapshot to digest the relationship

clip_image003

#Create new Role from existing Parent Role

New-ManagementRole "HelpDesk Permissions" -Parent "View-Only Recipients"

clip_image004

#Remove all Role Entries , except selected one

Get-ManagementRoleEntry “HelpDesk Permissions\*” | Where {$_.name -ne “Get-User”} | Remove-ManagementRoleEntry -Confirm:$False

image

#Locate managementRole

Get-ManagementRoleEntry “HelpDesk Permissions\*”

clip_image006

#Add additional CMDLET if needed to management Role

Add-ManagementRoleEntry “HelpDesk Permissions\Get-MailboxPermission”

clip_image007

#Locate ManagementRole to verify desired cmdlet is assigned to it

Get-ManagementRoleEntry “HelpDesk Permissions\*”

clip_image008

#Create New Role Group

New-RoleGroup "HelpDesk 1.5"

clip_image009

#Add Role assignment to Role Group

New-ManagementRoleAssignment -SecurityGroup "HelpDesk 1.5" -Role "HelpDesk Permissions"

clip_image010

#add member to Role Group

Add-RoleGroupMember “HelpDesk 1.5” –Member C-Ron.Buzon

clip_image011

#locate members

Get-ManagementRoleEntry “HelpDesk Permissions\*”

clip_image012

#remove Members from desired Role Group

Remove-RoleGroupMember “HelpDesk 1.5” –Member C-Ron.Buzon

clip_image013

# Find desired user, List all the Roles

Get-ManagementRoleAssignment -GetEffectiveUsers | ?{$_.EffectiveUserName -eq “Administrator”} | select Role

clip_image014

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

July 15, 2014

How To Create CUSTOM RBAC ROLE Exchange 2010 & 2013

Filed under: General — telnet25 @ 8:53 pm

We would like to utilize RBAC Role model and create custom RBAC Role for specific needs for a business. These needs could be different from one environment to another. This article will be good reference for you to get your customization. Having said that, first thing to understand is the RBAC Layers.

There are 6 Layers which make up the Role Group Model

  • Role group member
  • Management role group
  • Management role assignment
  • Management role scope
  • Management role
  • Management role entries

clip_image001[4]

Goal:

  1. Create Custom Role Group
  2. Create Custom RBAC Role Entry with desired cmdlet’s
  3. Add Custom Role entry to Role
  4. Add role to Custom Role Group
  5. Add Members to Custom Role Group

In this example we will use following template

image

Note: You can build your own management Role , and modify management role entries same way in this article. The process is pretty straight forward.

Task#1

Figure out all role entry contains set-mailbox (set-mailbox is one of the cmdlet we have as our requirement)

Get-ManagementRoleEntry *\Set-Mailbox

clip_image002[4]

 

Task#2

Create the management role with related parent Role

New-ManagementRole -Name “Assign Mailbox Access” -Parent “Mail Recipients”

clip_image003[4]

Task#3

Get-ManagementRoleEntry "Assign Mailbox Access\*"

Verify all cmdlet assign to newly created management role, as you can see we have many cmdlet we don’t want, therefore we will need to remove most of them and only keep what we need.

clip_image004[4]

Task#4

Remove what you don’t need

Get-ManagementRoleEntry “Assign Mailbox Access\*” | Where {$_.name -ne “Add-MailboxPermission”} | Remove-ManagementRoleEntry -Confirm:$False

clip_image005[4]

Task#5

Verify the Role entry , minimum cmdlet is assigned.

clip_image006[4]

Task#6

Add additional cmdlet

  • Add-ManagementRoleEntry "Assign Mailbox Access\get-mailbox"
  • Add-ManagementRoleEntry "Assign Mailbox Access\get-mailboxPermission"
  • Add-ManagementRoleEntry "Assign Mailbox Access\remove-mailboxPermission"
  • Add-ManagementRoleEntry "Assign Mailbox Access\set-mailbox"

clip_image007[4]

Task#7

Add remove any role entries if desired

Verify one more time to make sure we have all we wanted. If required continue to add by using same one liner cmdlet

Add-ManagementRoleEntry "Assign Mailbox Access\set-mailbox" —————> you can replace set-mailbox

If you need to remove use

Remove-ManagementRoleEntry "Assign Mailbox Access\set-mailbox"

clip_image008[4]

Task#8

Create new Role Group

New-RoleGroup “Audit Team”

clip_image009[4]

Task#9

Let’s put them together

New-ManagementRoleAssignment -SecurityGroup "Audit Team" -Role "Assign Mailbox Access"

clip_image010[4]

Task#10

Add-RoleGroupMember “Audit Team” –Member C-Ron.Buzon

clip_image011[4]

We are done lets look at this from ECP

clip_image012[4]

clip_image013[4]

Now if c-ron.Buzon logs in, he will only get the cmdlets assigned to him via RBAC Role. As you can see RBAC permissions model is very efficient and effective. When creating Roles, group and Role entries, you may want to think about unifying name convention and plan this out before start implementing it into production environment.

TechNet:

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

July 9, 2014

Recovering from Accidentally Deleted AD objects with PowerShell , AD Recycle BIN , Windows 2012 Active Directory.

Filed under: General — telnet25 @ 7:58 pm

We will recovery accidently deleted user account via PS in windows 2012 domain environment. To prepare the scenario we will fist delete the user and recovery it.

Log onto  Windows 2012 DC with administrator privileges.Open PS with administrator privileges

Type following.

Get-ADUser -Filter ‘Name -like "*C-Ron Buzon"’

image

image

We will delete the user

Get-ADUser -Filter ‘Name -like "*C-Ron Buzon"’ | Remove-ADUser -Confirm:$false

image

user has been deleted

image

we can see user within the Deleted Objects container in ADAC

image

Get-ADobject -Filter ‘Name -like "*C-Ron*"’ -IncludeDeletedObjects

image

we will restore this user

Get-ADobject -Filter ‘Name -like "*C-Ron*"’ -IncludeDeletedObjects | Restore-ADObject

image

if I check to see user is back to ADDS

image

image

Read more

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

 

Installing First Windows 2012 Domain Controller into Existing Forest/Domain via PowerShell

Filed under: General — telnet25 @ 7:54 pm

 

Task: Introducing first Windows 2012 domain controller into Existing Forest /Domain. As you already  notices with Windows 2012 , promoting server to be additional domain controller is changed a lot. There is no more DCpromo instead we use GUI or PowerShell to get the work done.

High Level Steps :

  • Install Windows 2012 Server
  • Configure , Server name, IP address
  • Add Server into existing domain as member server ( preferred )
  • Use PS to promote the server to be additional domain controller and modify the DCpromo.ps1 Script

Step# 1

First task is to add the windows 2012 server into existing domain. Adding server into existing domain  before promoting to be domain controller is a good old habit ,  which allows A record to be created  within the existing DNS Forward lookup  zone and helps also ensures correct DNS settings has been configured.

Log into Server

Open PowerShell and type following command.

Install-WindowsFeature -Name Ad-Domain-Services | Install-WindowsFeature

clip_image001

Step# 2

Now copy and paste the , below PowerShell command into notepad , and save it as DCpromo.ps1 ( we use this name to honor DCPromo we have used ages (-:   , you can name it anything you like.

image

You will need to change  “-DomainName "ZtekZone.com"  and if you like any additional customization , such as changing the defaults , SYSLOG, DatabasePath, LogPath etc.

Download the script from here

Run PS Command against pre-defied PS Script

#Installing Domain Controller

Write-Host "………………………….."

Write-Host "Please modify pre defined Script "

Write-Host "To Make sure it fits into your Environment"

Write-Host "………………………….."

Import-Module ADDSDeployment

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-CriticalReplicationOnly:$false `

# Change the DatabasePath if desired

-DatabasePath "C:\Windows\NTDS" `

# Change the Domain name if desired

-DomainName "ZtekZone.com"

-InstallDns:$true `

# Change the LogPath if desired

-LogPath "C:\Windows\NTDS" `

-NoRebootOnCompletion:$false `

# Change the AD Site Name if necessary

-SiteName "Default-First-Site-Name" `

# Change the SYSVOL if necessary.

-SysvolPath "C:\Windows\SYSVOL" `

-Force:$true

Now after modifying the script save it onto server into temp Directory

image

From PowerShell Run it

clip_image002

clip_image003

clip_image004

After server reboot if we open Site and Services we will see the additional domain controller

clip_image005

Now couple additional Configuration we will perform on the new domain controller

Add-WindowsFeature RSAT-AD-PowerShell, RSAT-AD-AdminCenter

clip_image006

Now you can open ADAC from GUI

clip_image007

Or you can open it from PowerShell

clip_image008

clip_image009

You can also open Site and Services

dssite.msc

clip_image010

You can open ADUC

Dsa.msc

clip_image011

More to read… AD Team

http://blogs.technet.com/b/askpfeplat/archive/2012/09/06/introducing-the-first-windows-server-2012-domain-controller-part-2-of-2.aspx

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Installing Windows 2012 Core as additional Domain Controller into Existing Forest/Domain. Sconfig is your Friend.

Filed under: General — telnet25 @ 7:46 pm

 

After finishing window 2012 server install , and logging into server all we get is  plain command prompt. If you are tasked to promote this newly installed  Core Server to be the additional domain controller you can use Sconfig to get the mission accomplish.

Type “Sconfig” and hit enter

image

image

Now first thing we will do is to rename the server

Option # 1

image

 

image

we will say no to this one for now, we will set the IP Address

Option # 8

image

Type the index number shown on the menu for the adapter you wish to configure

image

Option # 1

and select Static ( S )

image

as you can see the new configured IP is showing up next to 169.254.1.121

Now we need to take care of  DNS IP Addresses

Option # 2

image

image

image

Option # 4 return the Main Menu

image

Enable RDP Option # 7

image

and now I am going to re-start the server

image

After I login I made sure I can ping my existing DC/GC/DNS Server

image

Firing up SConfig one more time to add the server into existing domain as member server

image

image

Now server is part of the domain and ready to be promoted as additional domain controller

I make sure to log back into domain

image

Now lets fire-up PowerShell

image

image

Fire-up Sconfig  one more time to make sure I have the correct, desired configuration settings.

image

 

Install-WindowsFeature -Name Ad-Domain-Services | Install-WindowsFeature

image

Type notepad.exe on the PS and hit enter

image

Copy and paste below code into notepad.

Core.ps1 ( You need to change the desired filed in the PS script , such as domain name

I have used “-DomainName "ZtekZone.com" change this to suit to your scenario. Once you are done, on the notepad click file and save as , and save the file on the C:\temp directory as “CoreDeploy.ps1”

image 

You can download the script from here

image

 

#Installing Domain Controller

Write-Host "………………………….."

Write-Host "Please modify pre defined Script "

Write-Host "To Make sure it fits into your Environment"

Write-Host "………………………….."

Import-Module ADDSDeployment

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-CriticalReplicationOnly:$false `

# Change the DatabasePath if desired

-DatabasePath "C:\Windows\NTDS" `

# Change the Domain name if desired

-DomainName "ZtekZone.com"

-InstallDns:$true `

# Change the LogPath if desired

-LogPath "C:\Windows\NTDS" `

-NoRebootOnCompletion:$false `

# Change the AD Site Name if necessary

-SiteName "Default-First-Site-Name" `

# Change the SYSVOL if necessary.

-SysvolPath "C:\Windows\SYSVOL" `

-Force:$true

Now within the PS , change the directory to C:\temp directory

image

 

Type “CoreDeploy.ps1”

image

 

image

ZtekZone.com ( is the domain name in my case)

image

image

After server reboots , you need to make sure replication is working etc.

here is AD site and services with the newly promoted server

image

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Largest collection of FREE Microsoft eBooks ever, including: Windows 8.1, Windows 8,PowerShell, Exchange Server, Lync 2013, System Center, Azure, Cloud, SQL Server

Filed under: General — telnet25 @ 10:27 am

 

MS has large e-book offerings , click here to get them

 

image

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Next Page »

Theme: Rubric. Get a free blog at WordPress.com

Follow

Get every new post delivered to your Inbox.

Join 36 other followers