Starting to get a lot of servers in my HomeLab which are consuming a lot of resources. Decided to start reducing core services footprint by running Windows Core where I can.
The benefits of running Windows Server Core include:
- low resource usage
- and greatly reduced attack surface.
Here are the steps that I followed to build my Windows Server Core Domain Controller.
The following settings were used for this build:
| Value | |
| Platform | Hyper-V |
| vCPU | 1 |
| Memory | 2048MB |
| Harddrive1 | 60GB |
| Harddrive 2 | 40GB |
| Network | 1x NIC |
Mount the ISO and install as per normal.
Enter password for the local administrator account to log in.
To configure a dedicated disk to store the AD objects, we need to run Diskpart.
In the command prompt, enter the following commands:
Diskpart
List disk
Create Partition Primary
Select Partition 1
Active
Format FS=NTFS label=App
Assign letter=e
Exit
Now that you are back in Command Prompt, enter the following commands:
sconfig
Now select the relevant number to change the settings.
For this example, i will change the computer name.
2
Enter the new name for the computer.
Restart when prompted.
Log into the server, and run sconfig again.
Time to change the network settings.
8
1
1
S
Enter the IPv4 details
4
Now to install Server Roles.
Type powershell.exe to convert to Windows Powershell.
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -Domainname <NameofForest> -DatabasePath “E:\AD\DB” -LogPath “E:\AD\Log” -SysvolPath “E:\AD\SYSVOL”
Enter the safemode administrator password
Select Yes to All
You have now successfully created a Windows Core Domain Controller.
To add another domain controller to the domain, build to the same specs as the above server.
Run the following commands:
Type the word Powershell to run powershell.
Install-WindowsFeature AD-Domain Services -IncludeManagementTools
Install-ADDSForest -Domainname <NameofForest> -DatabasePath “E:\AD\DB” -LogPath “E:\AD\Log” -SysvolPath “E:\AD\SYSVOL”
Enter the Admin password.
Reboot
Make sure you run DCDiag and confirm that there are no issues.
1 Giant Nerd 