5. Install and administer Active Directory 5.1 Install domain controllers

5.1.1 Add or remove a domain controller from a domain
After installing the Active Directory Domain Services(AD-Domain-Services) role, you can Promote this Server to a domain controller.
Add a domain controller to an existing domain, add a new domain to an existing forest, add a new forest.

When adding a new domain or new forest:
Forest/Domain functional levels should coincide with the oldest version of domain controller that will be used as a DC in this forest or domain.
First domain in a forest must be Global Catalog and cannot be RODC.

Extra note: dcpromo command no longer works unless you are using an unattended answer file

5.1.2 upgrade a domain controller
You cannot upgrade 2003 or 32 bit 2008 DC's.

Pre-requisites:
pre-2003 DC's cannot exist when adding 2012 DC's
Forest functional level should be 2003+

Adding a 2012 DC will now perform an automatic run of the Adprep utility to extend the existing forest/domain schema. However, upgrading a DC to 2012 will require adprep to still be run.

Must be enterprise admin to run adprep /forestprep. Can only be run on 64 bit 2008/2008R2. Server you are running it on must be have connectivity to forest schema master and domain infra master.

Extra note: you can use dsquery to verify the opbjectversion of the forest schema. Objectversion should be 56:
dsquery * "cn=schema,cn=configuration,dc=contoso,dc=com" -scope base -attr objectversion
  
5.1.3 install Active Directory Domain Services (AD DS) on a Server Core installation
 first, install the role:
install-windowsfeature -name ad-domain-services -includemanagementtools

install-addsforest - used for first dc in new forest
install-addsdomain - used for first dc in a new domain
install-addsdomaincontroller - used to add a dc to a domain


5.1.4 install a domain controller from Install from Media (IFM)
IFM is typically used to install a DC in a location where initial replication is impossible or too slow.

On a DC with the same windows version(In this case, 2012 obviously), run the ntdsutil:
c:\windows\system32\ntdsutil.exe: activate instance ntds
c:\windows\system32\ntdsutil.exe: ifm
c:\windows\system32\ntdsutil.exe: create full "c:\ntdsifm"
you can also include the sysvol:
c:\windows\system32\ntdsutil.exe: create sysvol full "c:\ntdsifm"

Now you copy the ntdsifm folder to a media that you transport to the location for the new DC.
While promoting the DC, you check "Install from media" on the Additional Options page, and point it at the media that has the DC info.

Powershell:
Us the -installationmediapath parameter with the install-addsdomaincontroller cmdlet

5.1.5 resolve DNS SRV record registration issues
run the dcdiag command
dcdiag /test:registerindns /dnsdomain:contoso.com

5.1.6 configure a global catalog server
Global Catalogs store information about the overall forest. Replication of a GC can possibly cause lots of traffic.

If you did not configure a DC as a GC you can always do so at a later time using the AD Sites and Services MMC, under the properties for the NTDS Settings for the server, General tab. Check/uncheck GC.