After writing a piece about MDT and installation from a USB key, I’ve gotten a steady stream of requests for a more in-depth piece on the actual installation of MDT, how I recommend it be configured, and some tips and tricks about managing it for a smaller organization, or a small (non-royalty) OEM, or even how it can be used in an environment for building machines for friends or relatives in machines someone might be stuck supporting. With that in mind, I’ve gone ahead and rebuild my lab (as promised earlier this year), and taken some screenshots to go along with this post. I will cover the installation of the WAIK, MDT 2010 Update 1, and DHCP and Windows Deployment Services (for those with a domain, as WDS requires a domain to work properly). I think it’s worth noting that nothing I post here is specifically exclusive to this site, and most of what I’m putting together here has probably been posted on and/or discussed at length all over the internet. I’m just putting together a beginning to end document for those who are looking for a one-stop shop to at least get started, and are willing to try some of the more advanced stuff on their own.
In this part, I am going to (very quickly) review installation of the servers and the Windows Active Directory domain services required to follow the rest of this guide. This is not really the gist of this series, but given that it is required to follow the rest of the guide, I thought it might be important to have a quick review of my (admittedly small) lab environment just in case some of the readers of this guide need help with this particular part of the setup. If you already know how to build (or already have at your disposal) a Windows domain and a second server to handle the other roles, you can skip Part 1 and go to Part 2, where we actually install MDT, the WAIK, and WDS.
Suffice to say, you will need a Windows domain to follow this guide, meaning you will need at least a domain controller. This guide will be done in a Hyper-V environment, with two virtual servers – one domain controller running DHCP, DNS, and Active Directory, and one server (joined to this domain) running Windows Deployment Services and Windows Server Update Services (WSUS) that we will use to install MDT and the WAIK, and use as our “build” machine. This part covers the first half of that equation, installing Active Directory domain services, DHCP, and DNS into a Hyper-V server running on Windows Server 2008 R2 and Hyper-V – note that you could also do this in VMWare, or VirtualBox, or VirtualPC, or any other such virtual environment. I’m using Hyper-V because that’s what I use in my lab, it’s fast, and Windows 7 and 2008 R2 already include all of the drivers and files necessary to run properly in this environment without installing any additional extensions or additions. To each his or her own, I use Hyper-V.
I am not going to go over installing Windows Server or Hyper-V on the server itself, as if you aren’t capable of downloading the trial ISO from Microsoft, or from MSDN, or your Volume Licensing site (etc) and installing Windows Server from one of these, this guide is probably already going to be touching on concepts that may be a little more complicated than you are ready to tackle just quite yet. Going forward, I am assuming you have a server (or workstation PC) that you have installed Windows Server on, and have enabled the Hyper-V role from Server Manager – if you’re using another virtualization solution (or real hardware), modify / ignore / change the instructions below to match your environment as necessary. I am also assuming you have downloaded the trial VHD for Windows Server (again, available from here), and have copied it to the hard disk of the Hyper-V server (you will be using this VHD later as the parent disk for your VMs).
Note that this guide potentially includes screenshots from Windows Server 2008R2, but the content is applicable to Windows Server 2012 and 2012R2 as well without modification.
Create a Virtual Network
First, you need to create the virtual network your VMs will use to talk to each other. Open the Hyper-V Manager console from the Administrative Tools folder in your server’s start menu, and once it is open, click Action > Virtual Network Manager… to bring up the Virtual Network Manager. Select “New virtual network”, select “Internal”, and click the “Add” button:
Next, give the network a name (I called mine “Internal” as per the screenshot), and click “OK” to create the new network:
Create a Virtual Machine for your Domain Controller
Now, you need to create a virtual machine for your domain controller. Click Action > New > New Virtual Machine to bring up the New Virtual Machine wizard. On the first page, give the new VM a name that will show up in the Hyper-V console (I chose “DC”), and click the “Next” button:
Next, give the virtual machine some RAM – I chose 2GB – then click the “Next” button:
Attach the VM to the network you created earlier from the drop-down list (you can see my “Internal” network chosen here), and then click the “Next” button:
Choose to “Attach a virtual hard disk later”, and click the “Finish” button (clicking “Next” will give you a summary, where you will then click “Finish”):
You should now see your newly-created virtual machine in the Hyper-V Manager:
With your VM highlighted, click Action > Settings to bring up the VM settings window. Click “Processor” and change the number of logical processors to “2”, and then click “IDE Controller 0”.
Select “Hard Drive” in the right-hand pane, and click the “Add” button to bring up the New hard drive window:
Click the “New” button, select “Differencing”, and click the “Next” button:
Give the new VHD a file name (I called it “DC.vhd” here), and click the “Next” button:
Point the wizard at your “parent” VHD (either the 2008 R2 trial VHD you downloaded and extracted from the hyperlink I gave above, or another sysprep-ed 2008 R2 VHD you already had) and click the “Finish” button:
You should now have your domain controller virtual machine configured with a new hard disk and 2 processors, as seen below. Click the “OK” button to finish and return to the Hyper-V Manager:
Configure the Virtual Machine to actually BE a Domain Controller
Double-click the new virtual machine you see in Hyper-V Manager to open it in the Virtual Machine Connection viewer, and click the green “Start button” (or Action > Start) to start the virtual machine. If everything went well, it should boot up and complete the end of setup (installing devices, etc). During this setup phase, you may be asked to enter a product key (don’t, just click the “Skip” button) and agree to a EULA license (do):
If something is wrong here, go back and retrace your steps to make sure you haven’t missed anything. If you are using the downloaded VHD from Microsoft, this step may not be necessary. This is normal if it boots directly into Windows.
Once the machine does finish setup and boots for the first time (if you have downloaded and are using the trial VHD from Microsoft, the administrator password is Pass@word1), you can login with the Administrator account and begin configuring it to service your domain:
In the Initial Configuration Tasks window that will open once you log in, click the “Provide computer name and domain” link, and then click the “Change” button. Enter a computer name for your domain controller in the “Computer name” box (again, I used “DC”), and click the “OK” button:
Click “OK” again when prompted that you will need to reboot, and then click the “Close” button. Click the “Restart now” button when prompted to restart the virtual machine.
Once the virtual machine reboots and you log in as Administrator, you will need to configure a static IP address, install the DHCP and DNS roles, and then install the Active Directory Domain Services role afterwards.
Once logged in, the Initial Configuration Tasks window should open again. To configure a static IP address from here, click the “Configure networking” link, right-click the “Local Area Connection” network item, and select “Properties” from the list to open the Connection Properties window:
Click the “Internet Protocol version 4” item, and click the “Properties” button. Select the “Use the following IP address” radio button, and enter an IP address for this machine. Use a non-routable IP address range for this – I prefer something in the 172.16.0.0/16 range, but you can always use something in the 10.0.0.0/8 or 192.168.0.0/24 ranges as well – for the sake of this guide, I’m using 172.31.31.0/24:
IP Address: 172.31.31.10
Subnet Mask: 255.255.255.0
Default Gateway: (blank)
Once your IP address and subnet mask are entered, click the “OK” button, then click the “Close” button:
Back to the Initial Configuration Tasks window, click the “Add roles” link to bring up the Add Roles Wizard:
Click the “Next” button, then select the “DHCP Server” and “DNS Server” roles:
Click the “Next” button (three times), make sure your network connection is checked, and click the “Next” button again:
Enter a parent domain name for the DHCP server to use (I chose “demo.local”), and enter the static IP address into the “Preferred DNS Server” box that you gave to this virtual machine a few steps earlier, and click the “Next” button:
Make sure that “WINS is not required…” is selected, and click the “Next” button again – this will take you to the Add or Edit DHCP Scopes page. Click the “Add” button, and then enter the Scope name, the IP range, the lease type, and subnet mask, click the “OK” button to save the changes, and then click the “Next” button:
Scope name: demo.local
Starting IP Address: 172.31.31.100
Ending IP Address: 172.31.31.109
Subnet type: Wireless (lease duration will be 8 hours)
Subnet mask: 255.255.255.0
Default Gateway: (blank)
Select the “Disable DHCPv6 stateless mode…” radio button, and click the “Next” button. Then, click the “Install” button to install the roles with the values and configuration you have entered:
If everything went well, you should see the installation report as successful – click the “Close” button to finish:
Now, you need to add the “Active Directory Domain Services” role. From the Initial Configuration Tasks window, click the “Add roles” link to open the Add Roles Wizard. Click the “Next” button, then select the “Active Directory Domain Services” role, and click the “Add Required Features” button when prompted:
Click the “Next” button (twice), then click the “Install” button to install the role:
Again, if everything went well, you should see the installation report as successful – click the “Close” button to finish:
Note that successful installation of the ADDS role does not actually make the server a domain controller – you must now run dcpromo to finish the setup of the server as a domain controller. To do so, click start, type dcpromo, and press ENTER to start the dcpromo wizard:
Click the “Next” button (twice), then select the “Create a new domain in a new forest” radio button, and click the “Next” button:
Enter the fully-qualified domain name (FQDN) of the forest root domain (again, the same domain name you’ve been using, demo.local, if you’re following my guide), and click the “Next” button:
Select a Forest functional level of Windows Server 2008 R2 from the drop-down list, and click the “Next” button (twice):
When prompted “A delegation for this DNS server…” appears, click the “Yes” button, then click the “Next” button:
Enter a restore mode password, and click the “Next” button:
Click the “Next” button again to begin configuration of the server as a domain controller – click the “Reboot on completion” checkbox to reboot the server when the configuration is complete:
Once the server reboots and you log in with the Administrator account (this first reboot after configuration as a domain controller can potentially take some time, so be prepared to wait at the “Applying computer settings” message for a bit if this happens – this is normal), the last step necessary is to Authorize the DHCP server to start giving out DHCP addresses to clients on the network. To do this, open the DHCP console from the Administrative Tools folder from the All Programs menu in the Start menu. Once the DHCP console opens, right-click the server object in the left-hand pane, and select “Authorize” from the menu:
Wait approximately 5 – 10 seconds, and then press the F5 key to refresh the view. You should now see that both the IPv4 and IPv6 nodes are now “green”:
At this point, you now have a domain controller in your lab that is capable of handling DNS and DHCP duties going forward. The next step is to build a virtual machine for your MDT/WDS/WSUS needs, which I will go over in part 2 of this series.