Joining a computer to a Windows domain is usually one of the first steps a systems admin will perform (after the virtual machine or server has been built that is).
Usually, the server is ready to go before being handed over to a DBA to complete the SQL Server install and configuration.
We, as DBAs, may take this process for granted.
But, it's a process I believe you should know how to do. In fact, a lot of these challenges will focus on building servers to support SQL Server installations (single instances, multiple instances, clusters, availability groups, etc.).
Knowing your way around Active Directory is extremely helpful when troubleshooting issues or just in general when communicating with systems admins.
This week's challenge will be four parts:
- Verifying Windows firewall settings on DC1.
- Setting the preferred DNS server address on SRV1.
- Join SRV1 to the domain.
- Login on SRV1 using the domain administrator account.
Ready?
Estimated time to complete: Less than 1 hour.
Step 1: Verify Windows Firewall Settings on DC1
You may be tempted to just turn off the Windows firewall. After all, this is a sandbox.
If you did that, you would be missing out on learning what ports are required to allow communication between your client machine, SRV1, and your domain controller, DC1. You can find the list of ports below.
Firewall Rules for Active Directory
Fortunately, when you installed the ADDS server role, the wizard created these rules for you.
But, let's make sure.
- Connect to DC1 and open Windows Defender Firewall with Advanced Security.
- Click Inbound Rules.
- You should now see several rules, beginning with "Active Directory Domain Controller" listed.
- Review the Protocol and Local Port columns. Do they match the ports listed on the "Firewall Rules for Active Directory" page?
Next, you need to make sure the client machine, SRV1, can find the domain.
Step 2: Setting the preferred DNS server address
SRV1 likely received it's DNS settings via your hypervisor's DHCP server. For me, that's 192.168.88.2 (same as the gateway IP address).
Depending on your hypervisor, you can manually set a preferred DNS server IP so that every machine you build, receives the correct DNS settings.
To complete this challenge, you'll need to set the DNS server IP address to the IP address of DC1. You can either do this via the hypervisor network preferences or manually configuring the network interface, on SRV1.
In my case, that's 192.168.88.3. Here's what my network interface settings, for IPv4, looks like.
If you're using VMware Workstation Pro, you can use the Virtual Network Editor to modify your Vnet settings. Here's what it would look like using that method.
If you use the Virtual Network Editor, remember, those settings will only be applied if your client servers use DHCP and you'll need to restart SRV1 for these settings to be applied.
In the real world, you wouldn't leave your SQL Servers with DHCP address (usually). So knowing both methods will be helpful.
By the way, you can also manage these settings using Ansible and Powershell (we'll cover these later on).
Confirm your DNS settings by opening a command window and typing "ipconfig /all."
Next, it's time to join SRV1 to the domain.
Step 3: Join SRV1 to your domain
With your DNS server settings confirmed, try to ping DC1 using the fully qualified domain name. If the ping was successful, join the domain.
Check the link below for more information.
Again, you'll join the domain manually this time. But, later on, you'll see how to simplify this step using Ansible and Powershell.
After joining, SRV1 will need to reboot.
Next, switch over to DC1 and confirm you can see the SRV1 computer account.
- Open Active Directory Users and Computers
- Expand the domain and then click on the Computers folder.
- Do you see SRV1 in the list? Good. Check out the properties for the account while you're here.
Final step. Let's make sure you can login to SRV1 using a domain account.
Step 4: Login using a domain account
Switch over to SRV1 and login with the domain administrator account. Remember to use DomainName\Administrator when logging in.
In my case, that would be HOMELAB\Administrator. We'll add some users and groups in the future.
Helping Others and Sharing Your Results
That's it for this week.
If you have tips other readers can learn from, please share them in the comments. You can message me on LinkedIn or post about it and tag me with the #dbachallenges hashtag.
By the way, if you indicated that you were interested in automation when signing up for this newsletter, you'll start receiving an additional midweek email.
This email will focus solely on automation and how I'm progressing on building the Ansible for SQL Server DBAs course. It'll also provide a behind-the-scenes look along the way.
If you didn't choose automation as one of your interests, there's still a way you can join the list.
Check out the link below.
Ansible for SQL Server DBAs: Automation Simplified
Feedback
If there's a DBA Challenge you'd like to see, please let me know by replying to this email. Have ideas on how to make these more useful? I'd love to hear those too.
Good luck and I'm looking forward to seeing your results!
Luke
Responses