Tag Archives: active directory

Create and Manage Group Policy Objects (GPOs) Part 1 of 2

Microsoft Windows Server, , ,

GPOs

GPOs Overview

Group Policy Objects (GPOs) are one of the most powerful components in a Windows Server 2016-based environment. Thanks to GPOs, you can easily manage:

  • Windows settings
  • Application settings
  • Software deployment
  • Folder redirection (user Home folders)
  • Security settings
  • Infrastructure settings such as wireless and networking

Local GPOs

While most environments leverage the power of Active Directory (AD) and assign GPOs through the AD infrastructure, you can use local GPOs to control computers and users that are not part of an AD. Keep in mind that if you apply local GPOs to a system that is part of an AD, the AD-based GPO settings will override the local settings.

There are multiple local GPOs you can use, including:

  • Local Group Policy – this is the “classic” local Group Policy Object that contains a user and computer node with setting for each
  • Administrators and Non-Administrators Local Group Policy – this GPO allows you to control local admins versus non admins; it only has a user node as you would expect
  • User Specific Local Group Policy – these GPOs allow you to configure user-specific settings

NOTE: If you apply all of these to a local system, the priority order is as listed. For example, a user-specific setting would override a local group policy setting.

To create these local GPOs, simply log in as a local administrator and use the mmc.exe syntax in the run menu. Add a Snap In for the Group Policy Object Editor and then Browse for the local computer or users options to create the above local GPO editors.

Linking AD GPOs

When we use GPOs in the Active Directory environment, we link them to specific AD objects in order to set their scope. These objects include:

  • Sites
  • Domains
  • Organizational Units (OUs)

You can link GPOs to these AD objects using GUI tools as well as PowerShell.

Manage Starter GPOs

It is possible to create a template that contains the most common settings for your enterprise and then use this GPO as a template for customize it for certain areas. This is called a Starter GPO. There is a Starter Node in the Group Policy Management console you can use for this purpose.

Adding Active Directory to Windows Server 2016 Core

Microsoft Windows Server, , , ,

Server 2016

Overview of Active Directory and Windows Server 2016 Core

What is the trimmest, slimmest Windows Server 2016 system you can spin up these days? Well, that is Nano Server. But unfortunately, Nano Server does not support hosting Active Directory in any variation. In steps “Server Core” for Windows Server 2016. In this post, I outline just how easy it is to add Active Directory (and a Domain Controller) using this Graphical User Interface-less version of Windows Server 2016.

The Steps

How do we get Active Directory implemented in a “normal” GUI-based version of Windows Server 2016? Well of course we use the Add Roles and Features Wizard launched from Server Manager. We then engage in two steps. We add Active Directory Services, and then we promote the server to a Domain Controller. Nothing changes in Server Core! Except, since there is no GUI, we MUST use Windows PowerShell in order to perform these two steps. Interestingly, we could have done it this way in the Desktop Experience version of Windows Server 2016 as well.

Installing Active Directory with PowerShell in Server Core

In order to perform the first step, installing AD, follow these simple steps:

  1. At the Server Core Command Prompt window, launch Windows PowerShell using the powershell command.
  2. In Windows PowerShell, use the following command:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Be sure to stick around and receive confirmation of success from the system.

Promoting Server Core to a Domain Controller

Here is the process for your second step, the promotion of the Server Core system to a Domain Controller:

  1. At the Server Core Command Prompt window, launch Windows PowerShell using the powershell command.
  2. In Windows PowerShell, use the following command:
Install-ADDSForest -DomainName nuggetlab.com

You will need to provide Directory Services Restore Mode password and press Enter.

Just as with the larger Desktop Experience version of Windows Server 2016, your nimble Server Core needs a reboot when this promotion process is complete.

Deploying and Managing Active Directory with Windows PowerShell: Tools for cloud-based and hybrid environments