Create an Active Directory 'Appliance' with Windows Server 2012
- By Greg Shields
Look closely the next time you install Windows Server 2012. You'll notice a subtle wording change in Windows Setup where you're asked to select the OS you want to install. This release's default OS is Windows Server 2012 (Server Core Installation). One must consciously take the action and change that selection to its alternative: Windows Server 2012 (Server with a GUI).
Curious about this new and somewhat-leading verbiage, I cornered Microsoft Distinguished Engineer and Lead Architect for Windows Server and System Center Jeffrey Snover to inquire about the change. "Server Core is our recommended configuration, and so we wanted people [with Windows Server 2012] to have to make a conscious decision not to install it," he told me.
So "not" installing Server Core now requires a conscious rejection, eh? That's a subtle and gutsy move for Microsoft. It's also a smart one. Server Core offers a smaller attack surface, reduced resource requirements, and diminished support for the kinds of apps one really shouldn't install onto servers such as domain controllers.
These servers have long served a specific and often single purpose in Windows environments. It only makes sense that we begin treating them like the appliances they are. If you view them alongside all the other appliances, you might just think about getting over your Server Core wariness.
Deploy That Appliance!
Deploying DCs has long been a nuisance. But Windows Server 2012 changes things with its remote-friendly Server Manager. Active Directory Domain Services (AD DS) deployments in Windows Server 2012 are now fully remoteable via both the Server Manager GUI and the Windows PowerShell command line. Both are useful features for a Server Core OS that's almost entirely UI-free.
Provisioning the first DC in a domain is a task that generally requires interactivity. It was deploying the next two, three or three dozen that -- in the past -- required too much manual effort just to configure a few settings. DCs by design are intended to be mirror images of each other, or "clones," if you will. That said, until now the virtual environment activity we think of as "cloning" hasn't been an option.
Virtual Domain Controller Cloning in Windows Server 2012 removes that limitation. Source DCs can now be added to a new Cloneable Domain Controllers group and then cloned by your favorite hypervisor. DCs must first be outfitted with a special configuration file, DCCloneConfig.xml, which can either be created manually or via the New-ADDCCloneConfig Windows PowerShell cmdlet.
Windows Server 2012 supports "Virtualization-Safe Technology." DCs in Windows Server 2012 now detect when a previous snapshot is being applied and will take action to protect AD from corruption. The feature is facilitated by the new VM-GenerationID, which detects and employs the necessary safety measures. Note your hypervisor platform must also support VM-GenerationID for these protections to work.
Manage That Appliance
Many IT pros in the past shunned Server Core due to worries about day-to-day management tools. Too often, AD management happened exclusively on the console of the provisioned DC. Microsoft furthers its nudge toward the DC-as-appliance with new and enhanced remote management tools.
Windows desktops get a new GUI for the AD Recycle Bin and for configuring Fine-Grained Password Policy, while the AD Administrative Center adds a Windows PowerShell history viewer. Combine this new graphical exposure with the improved Windows PowerShell experience in AD, and the notion of remote management for the AD appliance grows ever more approachable.
Admittedly, not every server might be a Server Core candidate, but a large and growing number are. For those -- such as DCs -- that fit, Windows Server 2012 offers a perfect opportunity to get your appliance on.
Greg Shields is a senior partner and principal technologist with Concentrated Technology. He also serves as a contributing editor and columnist for TechNet Magazine and Redmond magazine, and is a highly sought-after and top-ranked speaker for live and recorded events. Greg can be found at numerous IT conferences such as TechEd, MMS and VMworld, among others, and has served as conference chair for 1105 Media’s TechMentor Conference since 2005. Greg has been a multiple recipient of both the Microsoft Most Valuable Professional and VMware vExpert award.