Domain join behavior in Windows Server 2012

In this article you will learn how domain join behavior works between Windows Server 8 Beta (Windows Server 2012) and Windows 8 Consumer Preview.

Have you had the chance to evaluate the recently released Windows Server 8 Beta (Windows Server 2012) and Windows 8 Consumer Preview software? More to the point, how familiar are you with Microsoft’s changes to Active Directory Domain Services (AD DS) in Windows Server 8?

Well, that is precisely what we are concerned with in this blog post. By the end of this lab, you’ll know how to:

• Set up a Windows Server 8 Beta computer as a domain controller
• Join a Windows 8 Consumer Preview computer to the domain
• Experiment with Windows Server 8 Beta AD administration tools

Building a Windows Server 2012 Domain Controller

As I described in my Windows Server 2012 installation notes blog post, in Windows Server 8 we use the completely revamped Server Manager as our GUI hub for managing server roles and features. As Figure 1 shows, we can launch the Add Roles and Features wizard by clicking Add roles and features from the Server Manager Dashboard.

Windows Server 2012 (Windows Server Beta) Server Manager

NOTE: The Windows Server 8 Beta Server Manager is a PowerShell host application. Therefore, when you issue commands through the Server Manager GUI, you actually instruct Windows to issue Windows PowerShell 2.0 cmdlets.

The Add Roles and Features Wizard in Windows Server 8 behaves basically the same way as it does under Windows Server 2008 R2. As you can observe in Figure 2, Microsoft has streamlined the interface, combining the “Add Roles” and “Add Features” functionality—this is a convenient and thoughtful improvement!

Adding the AD DS role

To create a Windows Server domain controller, we must not only install the AD DS binaries with the Add Roles and Features Wizard, but we must also run the Active Directory Domain Services Configuration Wizard.

NOTE: The Active Directory Domain Services Configuration Wizard is the latest version of the Active Directory Installation Wizard (Dcpromo) in Windows Server 2008 R2.

Take a look at Figure 3: Microsoft has redrawn the interface to include more options per dialog box page and make the overall AD installation process more straightforward than it used to be.

The New DCPROMO in Windows Server 2012

After you reboot the server, the box is thereafter an AD DS domain controller. Now let’s turn our attention to client device configuration.

Joining a Windows 8 Workstation to the an Active Directory domain

The process of joining a Windows 8 Consumer Preview workstation to a Windows Server 8 Beta domain is exactly the same as it is under Windows 7 and Windows Server 2008 R2.

Log into Windows 8, switch from Metro to the traditional Desktop, and fire up the System Control Panel item. As you can see in Figure 4, the controls for joining an AD domain should look very familiar to Windows Server 2008 systems administrators.

Joining an AD domain from Windows 8 Consumer Preview

After you reboot the client, we can now submit a domain username and password instead of local or Microsoft Account credentials.

Domain logon in Windows 8 Consumer Preview

Our salient question now is, “Okay, so far, so good. Now how can we manage Active Directory from our Windows Server 8 Beta computer? Let us address this question next.

Managing the Active Directory domain with Windows Server 2012

As I told you earlier, your choices for administering a Windows Server 8 Beta domain controller consist of the following options:

• Server Manager GUI
• Windows PowerShell

Note that in Figure 6, label A, any installed roles or features on a target server are listed in the Dashboard. Interestingly, this dashboard view only displays metadata related to the role or service.

To launch the familiar role and service administration consoles, we can open the Tools menu (labeled B in Figure 6) and make a selection from the drop-down menu.

Accessing admin tools from the new Server Manager

Figure 7 demonstrates that Windows Server 2012 still leverages a lot of “legacy” Microsoft Management Console (MMC) technology. I have no earthly idea if MMC consoles will exist in the final RTM code.

Active Directory Users and Computers in Windows Server 2012

Disabling the Metro UI in Windows 8 domain members

The new, touch-centric Metro user interface (UI) exists in both Windows 8 Consumer Preview as well as is Windows Server 8 Beta. The general consensus among Windows Server 2008 administrators is they either like the new interface or they loathe it–there does not appear to be much middle ground.

To this end, a very common and popular question is, “How can we disable the Metro UI for Windows 8-based domain member workstations?”

The answer to that question, of course, lies in Group Policy. Specifically, we are concerned with the Do not show the Start Menu when the user logs in policy, located in the following Group Policy path:

User Configuration\Policies\Administrative Templates\Start Menu and Taskbar

The Windows Server 2012 Group Policy Editor is shown in the screenshot below.

Controlling the appearance of Metro UI in Group Policy

NOTE: As of the Beta release, this Group Policy setting affects only Windows Server 8-based computers. Frankly, I don’t know if this behavior is by design or if it is a bug.

Conspicuously absent in the Windows Server 8 Beta Group Policy repository are policy settings to control Windows on ARM (WOA) tablets and PCs. This speaks to the common knowledge that Microsoft is targeting WOA devices for “unmanaged environments.” In point of fact, WOA devices are unable to perform a domain join in the first place.

Conclusion

Today we learned how to install Active Directory on a Windows Server 2012 computer. We also joined the new domain from a Windows 8 Consumer Preview workstation. Finally, we spent a little time getting to know how the administrative tools work in Windows Server 2012. Please feel free to share your experiences with these pre-release software products in the comments portion of this post. Thanks a lot for reading.