Install Windows Server Essentials with a Custom Domain Suffix
June 27, 2015 2 Comments
After a brief argument with Susan Bradley, and i use the term brief and argument loosely, Grey Lancaster and i were left with a problem…
So can someone blog that/post that on TechNet so that folks aren’t hacking up what they are doing now?
Grey, of course, deferred to me. So here i am Saturday night and I’m writing this. I don’t mind of course because i have nothing better to do, but i digress.
Yes, you can install Essentials 2012 R2 (and probably other versions) with any domain suffix, not just the “.local” that the Essentials Configuration Wizard (ECW) will default to..
After the preinstall of your OS, on an Essentials SKU box, you will be launched directly into the ECW. You can close it, or ignore it. It will come back. If you are deploying the Essentials Role, just follow these steps before you install the role.
First thing, you will probably want to rename your Server, via the system properties.
Now, open Server Manager. Wait for the inventory check to complete and hit Manage then Add Roles and Features.
We are going to just add Active Directory Domain Services at this point, select that and accept the defaults on the popup regarding features and admin tools.
Click next and accept all the defaults.
The install should take a few minutes depending on the speed of your server but my VM is pretty low spec and didn’t take long.
Once that’s installed we can run the Post Deployment task, still ignore the Essentials task at this point.
Click on Promote this Server to a Domain Controller.
The first step, is an important one.
Select ‘a new forest’ and choose a name.
There is a minefield of information out there about the right domain name to choose, some prefer a generic name, some insist on using the same name as your public name.
I am going to choose a sub domain of my public domain name.
You can accept the defaults on the rest of the wizard, unless you need to make changes to suit your environment. Chances are, you don’t. If you are not sure – ask before continuing!
You can review your settings, it is your last chance to change them and then when you are ready hit next.
Some pre-requisite checks will be run, barring any major errors (which are unlikely) you can go ahead and hit install.
Go and have a beer. That’s what I’m doing.
Of course when you come back you may be confused (depending on how many beers you consumed) to see your Server has rebooted itself.
You can now login as the domain admin. and as explained earlier the ECW will kick off again.
Now, before you continue with the Essentials setup you might want to do some other configuration.
Enable DNS Scavenging.
This is a really useful and often overlooked configuration change, and so easy with PowerShell.
Load up an Elevated PowerShell window..
$ipv4 = (Get-NetIPAddress -AddressFamily IPv4 | select *)
$ipA = $ipv4[0].IPAddress
$sMask = $ipv4[0].PrefixLength
$ipNet = $ipv4.IPAddress[0].Split(".")
$ipNet = $ipNet[0] + "." + $ipNet[1] + "." + $ipNet[2] + ".0"
$sNet = $ipNet + "/" + $sMask
Set-DnsServerScavenging -ScavengingState $true -ApplyonAllZones -ScavengingInterval "7.00:00:00"
Add-DnsServerPrimaryZone -NetworkID $sNet -ReplicationScope "Forest"
Install DHCP?
(You may get a warning if your server is still on a dynamic IP)
Save this as a ps1 file (don’t forget your PowerShell Execution Policy)
Write-Output "Detecting Network Settings.."
$server = $env:ComputerName
$domain = $env:UserDnsDomain
$domainName = $env:UserDomain
$serverDomain = $server + "." + $domain
$ipv4 = (Get-NetIPAddress -AddressFamily IPv4 | select *)
$ipA = $ipv4[0].IPAddress
$ipNet = $ipv4.IPAddress[0].Split(".")
$ipNet = $ipNet[0] + "." + $ipNet[1] + "." + $ipNet[2] + ".0"
$ipRouter = ((Get-NetIPConfiguration -InterfaceIndex ($ipv4[0].ifIndex) ).IPv4DefaultGateWay).NextHop
$dhcp = Get-WindowsFeature | where { $_.Name -match "DHCP" }
Write-Output "Installing DHCP.."
Add-WindowsFeature $dhcp -IncludeManagementTools
$dhcpStart = Read-Host -Prompt "Enter Start IP Of DHCP Scope"
$dhcpEnd = Read-Host -Prompt "Enter End IP Of DHCP Scope"
$exclusions = Read-Host -Prompt "Add Exclusions? Y/N"
$scopeName = "$domainName DHCP Scope"
Write-Output "Configuring DHCP.."
Add-DhcpServerInDC -DnsName $serverDomain -IPAddress $ipA
Add-DhcpServerv4Scope -Name $scopeName -StartRange $dhcpStart -EndRange $dhcpEnd -SubnetMask "255.255.255.0"
$scopeID = (Get-DHCPServerv4Scope).ScopeID
if (($exclusions) -eq "y")
{
$dhcpEclStart = Read-Host "Exclusion Start IP?"
$dhcpEclEnd = Read-Host "Exclusion End IP?"
Add-DhcpServerv4ExclusionRange -ScopeId $scopeID -StartRange $dhcpEclStart -EndRange $dhcpEclEnd
}
Set-DHCPServerv4OptionValue -ComputerName $serverDomain -dnsServer $ipA -dnsDomain $domain -Router $ipRouter
Set-DhcpServerv4DnsSetting -ComputerName $serverDomain -DynamicUpdates Always -DeleteDnsRROnLeaseExpiry $true
$username = $env:USERNAME
$username = "$domainName\$userName"
$pwd = Read-Host -AsSecureString -Prompt "Enter Password for $username"
$cred = New-Object System.Management.Automation.PSCredential($username,$pwd)
Set-DHCPServerDNSCredential $cred
Set-DHCPServerSetting -ConflictDetectionAttempts 2
Write-Output "DHCP Configured"
With any luck that will run without errors, it does for me but hey its Saturday night and I’ve been drinking.
Finish Essentials Wizard
Now we can finish our ECW.
If you did choose to install DHCP you may want to disable the DNS Configuration of Essentials Clients before installing the connector. You can use my script here to do this.
Hopefully this is of use and not a drunken shambles.
BAZINGA!
About Robert Pearman
Title (Required) 
Hey, Robert:
I came across your blog because of a link Susan Bradley posted. I’m a fellow MVP (O365) and I’m hoping you can help a brother out. I recently migrated an SBS2011 system to straight Server 2012 R2 (single VM as a DC). Exchange removed from SBS before all the hoohah as the organization went onto O365. All well and good. I then decided to install the Essentials Experience role and that went well, at least it looked like it did. Of course preexisting domain clients didn’t show up in machine listings but all users did so that was good.
Things fell apart went I went to enable the whole remote access. Wizards ran and I was able to apply the SSL cert but I hit issues with configuring router access. The wizards didn’t like the manual entries made on the RV042 router, then things got super weird when I enabled uPnP on the router and reran the wizard. In the end RWA worked as I could gain access from the WAN but all hell broke loose on the LAN as, suddenly, there was no web access to the outside world. All web access resulted in a 404 and trying to access the router IP (gateway) was redirected to IIS!
Super weird. I ended up uninstalling the role as well as IIS and a few other bits the role had installed. I’m back to a working server and working Internet access from the LAN but I’m a bit stumped at what may have happened when the role enabled. I’d like to have the role in place but now I’m leery of trying again on the DC. I’m wondering if you have come across something like this in your travels? There really isn’t a lot of info out there about bringing the role up on an existing DC. Your comments and thoughts would be greatly appreciated.
Hi Robert,
I don’t like to use UPnP as I don’t trust it. I know that some routers make things difficult with Essentials – the wizards don’t always recognise a port is open etc, which is usually due to something like NAT loopback or similar.
The symptoms you describe sound like a router configuration error rather than an issue with Essentials, because their is no Web filtering component of Essentials that would interrupt and redirect web traffic back to IIS, maybe one of the port forwards got screwed up and any request to the defalt gateway on 80/443 was redirected back to the internal IP of the Essentials server?
I would be happy to help you out if you do decide to reinstall the role.
I have a tool here, https://gallery.technet.microsoft.com/Windows-Server-Essentials-556159c3, that checks Essentials for default values which might be useful if the same symptoms occur again. I might also try and get hold of an alternate router, just for testing, to rule out any issues there.
Rob.