Creating Multiple Active Directory Domains Different Networks using Hyper-v RRAS

Creating Multiple Active Directory Domains Different Networks using Hyper-v RRAS

Configure Child Domain Different Subnet – Hyper-v

 

 

Introduction:

With the need of virtual infrastructure getting high attention for performing testing either in Mid-size or Enterprise organization, need for quick network turnover time is required. There are many scenarios where Engineers have to demonstrate their applications with a day in their hand, Hyper-v saves you from those scenarios. Be it for learning, testing or presentation, the below guide will provide configuration of domains across multiple subnets in Hyper-v environment.

 

This lab is built on the following

Servers

Description

Windows server 2012 ( standard / Enterprise) - X 2

Server hosted for Active Directory

Windows Sever 2008 R2 / Windows Server ( standard or Enterprise)2012

Server hosted as Router

 

Note: Licensing should be managed accordingly

 

Services

Description

Hyper-v

Install the service on one of the Windows Server 2012.

DNS infrastructure on both servers

DNS service for name resolution

IP Subnets – X 2

192.168.1.x and 10.25.10.x

Routing and Remote Access

Routing between two subnets

 

 

Assuming that administrators have successfully installed and configured Windows Servers with latest service packs, below are the detail steps needs to be followed

Step1: Install and configure Hyper-v role on the Physical server, the role can be installed through Server Manager à Manage à Add Roles and Features

image 

 

Step2:

 

image 

Click Next from the above screen.

image 

 

Select Role base or Feature based installation and select Next .

image 

 

Select the server from the Server Pool, as I have only one server configured in the Server pool, I have selected my server for Hyper-v installation.

image 

As you can see from above that Hyper-v role is already installed. Perform the above steps to successfully install the Hyper-v on either windows Server 2012 or Windows Server 2008 R2 operating systems.

Once the Hyper-v is installed, it should be configured for Storage and Networking, in an Enterprise Organization, there will be dedicated Storage provisioned for the virtual machines to be hosted, and the VLANs that needs to be configured, Administrators who are performing this lab can communicate with the respective Storage / Networking teams for obtaining the LUN and Network Subnet ( VLAN ) information. I have selected external USB for my lab and hosting all my VMs on the USB disk which has 1 TB of disk space.

 

Note: To utilize advance capabilities of Hyper-v features, it is advisable to use Windows Server 2012 Operating Systems.

 

Step3: Configuring Hyper-v networking with multiple subnets. Hyper-v Virtual Switch Manager provides 3 different types of Network that can be configured on the Virtual machines such as

a)      External – Enable virtual machines to access Internet

b)      Internal – Communication between Virtual machine and Host

c)      Private – Communication between virtual machines and not with Host.

Either Internal / private networks are advisable for testing purpose which will not introduce any problems when the routing and remote access is introduced between networks, I have configured Internal network switch for this lab. To configure Internal Network / Private Network, launch Hyper-v Manager ( virtmgmt.msc )  and navigate to Virtual Switch Manager which would open the below window

image 

 

Click on Create Virtual Switch and enter the required information,

image 

 

 

Step4: On the Hyper-v Host, navigate to Network Connections and enter the IPv4 address as shown below

First Adapter:

image 

 

Second Adapter:

 

image 

 

Ever Action on Virtual Machines!!

 

Step4: Install the Guest Operating Systems and configure the following

a)      Windows License

b)      Windows Firewall Ports

c)      Windows Updates

d)      User accounts and add them to respective local groups ( if required )

e)      IPV4 Network addresses.

The above steps should be performed on the 3 operating systems such as

1)      First Domain Controller ( wind server 2012 ) – 192.x.x.x network

2)      Child Domain Controller ( windows server 2012 ) – 10.x.x.x network

3)      Router ( RRAS ) – both adapters

 

Important: RRAS system / Router should be configured with multiple NICs and Multiple NICs should be added through Hyper-v Manager as shown below

After installing the RRAS server, right the server name à Settings which will open the below wizard

image 

 

From the Add Hardware options, select Network Adapter which should add second adapter to the RRAS server.

 

 

Step5: Navigate to Network Connections ( ncpa.cpl ) and ensure the below settings are configured as shown below

First Adapter

image 

 

Second Adapter:

image 

 

Step6: configuring the Router is the primary step before installing the Domain controllers on the respective Networks. Navigate to the Router Virtual machine and login with the user account which has administrator privileges to install the services.

Note: I have installed Windows Server 2008 R2 as Router.

Navigate to Server Manager à Add Role Wizard and click Next

image 

 

 

Select Network Policy and Access Services ( installed ) from the Add roles wizard.

image 

 

Select Routing and Remote Access à Click Finish to install the role successfully.

 

 

 

 

Step7: Open Routing and Remote Access from Administrative Tools. Right Click on Server and click Properties which will open the below wizard.

image 

 

Select Local Area Network ( LAN ) Routing only and click OK .

 

Step8: From the Router, ensure the routing is successful between 2 subnets. You can use PING to perform the tests, if ICMP is blocked in the environment, administrators can quickly connect to windows shares on either network which will ensure the connectivity is successful.

image 

From the above result, successful ping is performed between two subnets successfully.

 

 

 

Default Gateway Configuration

Post configuration of RRAS, there is a need to change the Virtual Machines Default Gateway. The DG should be pointing to RRAS as shown below 

image 

 

 

 

 

 

 

 

Forest Root Domain Installation

Step9: Navigate to Forest Root Domain (This will be the first Domain in the Active Directory Forest and the First Domain Controller). Below are the steps to configure the first Domain in the Active Directory Forest.

Install Active Directory Domain Services role:

image 

 

image 

 

 

 

image 

 

 

image 

 

image 

 

image 

 

image 

 

Note: Some of the snapshots are collected from my previous post, server name might be different but steps remains same.

 

 

Step10: Promoting the server to domain controller which can be performed by navigating to Server Manager à AD DS

image 

Click on More which is towards right end of “Configuration Required for Active Directory Domain Services “, administrators will view the below wizard 

image 

From the above wizard click on “Promote this server to a domain” which would bring the following wizard 

 

 

Select Add a New Forest from the below wizard

image 

 

Enter the domain name ( FQDN ) and click next . ( Provide the necessary administrator credentials to perform the action)

We have successfully installed and configured Active directory Forest Root Domain on the first Domain Controller.

 

 

Child Domain Configuration

 

Step11: Before installing Child Domain on different subnet, ensure the network connectivity is successful between ( 192.x.x.x and 10.x.x.x Networks ) and proceed by promoting the member server to domain controller / Add child domain to the existing Active Directory Forest.

 

Perform the above steps outlined under ( Forest Root domain Installation / Step9 and Step10)  , while on below wizard select Add a new domain to an existing forest.

image

 

Enter the Forest Root domain / Parent domain to which child domain is configured, select the valid credentials and finish the configuration. This steps would ensure that both Root domain and child domains are configured successfully.

 

Note: if there is no internetworking established between 192.x.x.x and 10.x.x.x Administrators would fail to create child domain.

 

 

 

 

 

Creating Active Sites, Subnet and Site Link Objects

After successfully installing the Primary and Child Active directory Domains, it is required to create the necessary Site Object, Subnet object and Site link Objects to perform the successful replication of Naming contexts. Below are the steps to configure them accordingly.

 

Note1: Creating Sites is not required unless the site has Dedicated Domain Controller or any services requires site topology information ( DFS ).

Note2: To create Subnet / Sites, the user should be member of Enterprise Administrator Group.

 

a)      Create Site Object : Open Active Directory Sites and Services application and perform the below actions

image 

Under Name: <Enter the name of the site you wish to create>

And select the Site Link Object listed below. The site link provides direct communication between the domain controllers in different Sites.

 

b)      Create Subnet Object: Create the subnet object which represent the physical subnet of the organization.

image 

 

Enter the prefix Eg: 192.168.1.1/24 , select the Site object and click OK.

 

c)      Create site Link Object: Site link object establishes successful communication between the domain controllers.

image 

 

 

After creating the respective objects, it’s time to move the Domain Controllers from Default First Site Name to respective Sites, Administrators can right click on the server and click Move and select the Site that acts as place holder.

 

Validating Replication: After moving the servers to new subnets, administrators should test the Replication status between the servers, this can be achieved either through command line utilities (REPADMIN) or through GUI application called Active Directory Replication Status Tool (Downloadable through TechNet)

The output of the tools is as below.

image 

 

 

 

 

Summary: This article demonstrates End-End process involved in creating the Infrastructure to stage Multiple Active Directory Domains across Subnets.

 

 

Sort by: Published Date | Most Recent | Most Useful
Comments
  • What did you use as the DNS configuration for the child domain DC pre and post creating the child domain?

Page 1 of 1 (1 items)