Building my System Center SP1 Lab Part 1: Domain Controller

Everyone who is working with System Center products should have a lab/test/staging/whatever-you-want-to-call-non-production environment. System Center SP1 “RTM’ed” and I thought, let’s build a new lab environment. Most of the time, you will use parts of your existing infrastructure (like Active Directory or maybe even an existing SQL server) to setup your lab environment. This time I wanted to build a completely isolated test environment with my own, dedicated AD and dedicated SQL server. So this part will focus on setting up a new domain for my lab.

Before Windows Server 2012 was released, there were some limitations/issues with virtualized DCs, especially if you had no physical DCs at all. Windows Server 2012 has many new features and improvements, especially when it comes to running DCs virtualized. Read more about these improvements here:

You may also check out “Virtual Domain Controller Technical Reference (Level 300)” on TechNet:

Setup VM

The VM will be hosted and running on a Windows Server 2012 Hyper-V machine. The system requirements of a Windows Server 2012 DC didn’t change and are basically the same as for Windows Server 2008 R2. Minimum RAM is 512MB, recommended is 2GB, so I will go with 1024MB RAM initially. My lab environment will be very small and I can always increase resources if I need them. You may also consider enabling dynamic memory but I couldn’t really find some useful guidance about dynamic memory and domain controllers. If there’s any good read on that topic, let me know. I connect the VM to my virtual network and the max. size of the extending HD will be 500 GB (just to be safe). I also recommend to assign at least 2 virtual CPUs to your VM.

Since this is a lab environment I will also only install one DC (at least for now). I will backup all lab VMs on a daily basis but I do not really care about uptime.

Windows 2012 Domain Controller

After Windows 2012 is installed, make sure to provide a static IP address to your DC-to-be. I also tend to leave IPv6 enabled and set a static address as well. There’s a lot of discussion whether or not to disable IPv6 and usually people think, disable it if you don’t need it. Anyway, MS recommends to leave it enabled and since it’s enabled by default, I leave it that way. I use the IPv4 to IPv6 converter to create IPv6 addresses:

If this is your first Windows 2012 Domain Controller and you’re still trying to use “dcpromo” to create a domain controller, you will see a message like “The Active Directory Domain Services Installation Wizard is relocated in Server Manager…”.

In the Server Manager, go to Manage –> Add Roles and Features:

Once the Wizard appears, skip the first page and select Role-based or feature based installation:

In the next screen we leave the “Select a server from the server pool” and keep the computer we want to promote to a DC selected in the server pool list. On the Select server roles screen we check the Active Directory Domain Services box:

After you’ve checked the checkbox, the Add Roles and Features Wizard appears. Just click onAdd Features to continue and also check the DNS Server checkbox. Again, click the Add Features button when the Add Roles and Features Wizard appears for the DNS Server role.
You can skip the next three pages as we do not install any additional features on that server at this time. Two pages are only providing additional information about the AD DS and DNS Server role.
On the Confirmation page I chose to automatically restart the server if it is required:

I hit Install and off we go…
The Server Manager will show a warning triangle after the role installation completed:

Click on the “Promote this server to a domain controller”. In my case, I’m installing a complete new, isolated forest:

Next up, Domain Controller Options:

Since I’m not integrating DNS with an existing DNS infrastructure, “no action is required”:

Specify a NetBIOS name:

I leave the Path configuration as it is:

After the Review Options page, you will see the Prerequisites Check:

A bunch of warnings (compatibility, DNS) but at the bottom you should read “All prerequisite checks passed successfully.”. Then click on Install. After a while the server will reboot.
Once the machine is up again you will see the two roles in the dashboard:

One important step after installing a DC is to setup time synchronization:

That was pretty painless and considering my focus to the System Center Suite it’s kind of “off-topic” but maybe this is useful to some of you – it will definitely serve me as “lab documentation”.

Here’s the next part: SQL Server

Cheers and a happy new year!



4 thoughts on “Building my System Center SP1 Lab Part 1: Domain Controller

  1. I am trying to setup a server 2008 R2 DC for a lab environment. I am getting a boat loads of errors when it comes to DNS and CERTIFICATES.

    The server sits within another DOMAIN- but cannot be a member of that domain. I have to use that DOMAIN’S DNS in order for the server to get Internet Access. I cannot enable the DHCP role on this server as it’s network is a VLAN off another segment and the IT folks have stated that it cannot broadcast DHCP address.

    It is a nightmare, as I have built many a DC in my life – but not one where I have to cripple features of being a DC. Basically the DC is just for users in my group to use for testing our softwares in a network where everything is separate from the corp domain (a lab domain).

    Any help would be greatly appreciated.

    1. I’m sorry, Curtis, I’m not sure I am the right person to ask special DC related questions. I’m not a specialist in that field – that’s why I wrote the blog post. To remember how to setup a DC for a lab environment. I’m afraid my knowledge is limited to those simple things…

  2. If the lab is at work and you already have a corporate infrastructure (Domain DNS DHCP etc) then you have to decide whether the “lab” is public or private. With System Center 2012 R2 you now get all the suit components as a package including SQL server standard edition “free”, it is a huge software platform and one has to plan carefully what you want it to deliver in the end and to whom. I would strongly suggest anyone who is “evaluating” System Center at work creates a “business project” as it needs time resources (probably other IT members and department managers) and money (time and hardware). You have to understand the various applications and what they deliver how and who would use them. After all, System Manager is in the end “cloud computing” and can deliver a “full Microsoft Azure platform experience”. Not only that, it is compatible with VMware, Citrix and Microsoft (HyperV) and can support more than just an inhouse infrastructure. Learning it properly to understand is going to take time, months, you really do want to clearly define what your project is going to achieve and to whom.

  3. Stewart,

    BTW – this is a 2008 R2 DC – all of the servers and computers in the lab are either 2008, 2008 R2 or W7.

    I thought I had lost this website….thanks for your reply. Here is my delimma, we have a corporate environment and this DC will be only for the lab. In order for the computer to get to the Internet – I have to use one of the DNS entries from the corp network. I have DNS1 = and DNS2=corp DNS1 from computers. The Time is synching with the corp NNTP server.

    It is PRIVATE and is not seen by anyone not on accessing the LAB’s Segment ( We have our own subnet for lab printers and computers and other servers. They are used for testing our software products and attempting to replicate customer issues. We have all addresses from .10-.240 in that segment.

    We need access to the following — LDAP, CERT AUTH, AD, EXCHANGE 2013 (I plan to install on the DC), and we have a SQL server which will need to use the AD Accounts from this server once setup.

    I have built it once, and could not get anything to properly work — the EVALUATE THIS ROLE would give all sorts of errors. I thought I would try SBS 2011, as we are replacing an SBS 2003 server with this one (it will be retired). I gave with SBS 2011 this weekend, when I could not get it to talk to the Internet without putting a ROUTER on the desk where the server sits and configuring it to be the pass through – as the INET Wizard kept seeing the CORP DHCP and DNS and failing out.

    Right now the only ROLE I have on in the server is AD DOMAIN SERVICES and DNS (as I have run DCPROMO already. Eventually I would like to have the following:

    1) LDAP capabilities for use on other computers and printers to authenticate and do email addr lookups.

    2) CERT AUTH for creating SSL certs to test SSL in the environment.

    3) Every user have a HOME FOLDER and EMAIL (Exchange 2013) through Outlook Web.

    4) Service accounts and Groups to use for managing users – our old DC everyone knew the DOMAIN ADMIN and LOCAL ADMIN password and trashed the server.

    5) I am not seeing a NEW USER WIZARD like in SBS 2011 (and SBS 2003) that can use templates to create a new user with EMAIL and FOLDER and allow you to choose different templates for them which puts them into specific groups.

    I am fairly proficient with setting up a DC (have one at home). but I think part of my problem comes from the DC within a corp environment and I have been told that it cannot broadcast DHCP or DNS info to the network. So it needs to be only seen by machines where we set the DNS1 entry to its IP ADDRESS to setup authentication on them, or once the computer is added to the domain (ASCLAB.local).

    I have scoured the Internet looking for a walk through to do this, and one was pretty close – but I was getting tons of errors in the ROLE CHECKS. I am not skeerd of Yellow Triangles – it is the Red Circles that get me. 🙂

    If anyone has any ideas on how best to get this done – a website, a forum, anything – I would be so grateful.


Leave a Reply