Microsoft Azure AZ-800 — Section 9: Manage Windows Servers in a hybrid environment
67. Removing AD DS from a DC in order to install Windows Admin Center
Now in history, Microsoft has always provided us with administrative tools that will allow us to manage our our servers and Active Directory using various graphical tools, as well as, of course, command line tools like PowerShell. One of the things that Microsoft did in a few years back as they introduced the tool called server manager and server manager would allow is a is a graphic tool that would allow us not just to manage a single on-premise server, but multiple on-premise servers. But there is something that server manager kind of drops the ball on, and what that is the azure side of things. Server manager doesn’t really allow us to interact with Azure a whole lot and control things in Azure as well as on Prem.
So Microsoft wanted to introduce a new tool that would allow us not only to manage our on-premise environment, but also, interact with the azure environment all in one central place. And that tool is called the Windows Admin Center. And you might notice that when you first set up a new server and you go into server manager, you get a little pop up box that warns you, Hey, how about getting the Windows admin center? All right? And of course, from there you could go download it and install it, or you could close it, which is what I’ve done in the past. Up until now. But now what I want to do is learn how to set up the Windows admin center.
OK. And so, I want to show you how to do that.
So here I am on NYC server one. I’m going to go out and warn you that NYC Server one is a domain controller. Then Microsoft will not allow you to install Windows admin center on a domain.
So, if you try to install it, it’s going to fail. But what we can do is we can remove the Active Directory from the server, I really no longer need Active Directory on this server for my demonstrations so, I can remove Active Directory entirely off of the server and then make it a Windows Edmondson or if you prefer, if you’d like to keep, if you serve, set up something similar to me and you want to keep the server, you could set up a whole new regular server that is not a domain controller and you could set whack up. Windows had been center on that.
OK, so first thing I’m going to do is I’m going to remove Active Directory off of this machine to remove Active Directory. We’re here in the server manager and go to manage. Remove roles and features. Next, next, and we’re going to uncheck this box remove features, we are going to get an error message. It’s going to tell us that to remove it, we have to demote the domain controller.
So, we’re going to click demote this domain controller right here. And then from there, we’re going to say forced the removal of this domain controller. Click next.
Sorry. This the domain controller. That’s global catalog. Are you sure you want to do all of this? Yes, I’m sure I’m going to say, proceed. We’re going to click next. And there was going to ask us for our password one to put the password in.
OK, and then from there, I’m going to say, demote. All right. I’m going to give it. I’m going to pause the recording while this finishes up. It only takes a couple of minutes after that. You get this message will click close. You’re going to click close again and it’s going to now officially do a restart.
So, we’re going to wait on this to restart now. After the review, you come back in December, manager gets a little warning message here. It’s talking about wanting to promote we don’t want to promote, So, we’re going to go to manage, remove roles and features again. And then we’re going to uncheck Active Directory domain services. And this time we should not get the error message that we got before.
So this going to allow us to go ahead and remove those services. We’re going to click next and then remove. And that’s going to take a moment. I’ll go ahead. And Paul’s a recording while it’s removing the feature. All right. Completely done now, but it is going to need to restart.
So, we’re going to close out of that. We’re going to right click and tell it to go ahead and restart the server again and let that reboot OK. After the reboot here were over in server manager on our server now, and the server is no longer part of the domain, and there’s a couple of things we need to do. First off, we need to go over to this domain controller NYC DC one. We’re going to go into ols and server manager, actor, director, users, computers. And we need to delete the NYC server, one object from domain controllers. You would think it would do that for you, but it does not.
So, we’re going to go right here, we’re going to right click. We’re going to say delete. And it’s going to say, are you sure you want to make sure that the domain is no longer available? We’re going to say it’s gone.
So, we’ll say delete this to make sure. Anyway, hit delete. Click Yes. And at that point, it should be gone. All right. The next thing we need to do is if you’re on different networks like I am, sometimes you need to find out what your IP addresses of your domain controller. If you’re to make sure is currently using a dynamic address, now in the real world to make sure you usually have a static address. But if you’re jumping around to different networks like I do sometimes when I recorded these videos, I’m on different networks. You want to know what your address is for that? DC, DC in my case and this video, my DC is currently set to this address that I got from ADHD. And I want to make sure that my NYC server one is pointing to that IP address.
OK, so, I’m going to jump back over to NYC Server one. Go to assigned by the HDP. Go to the properties of the NIC Network Interface card. The two properties in it is pointing to the correct DNS.
So now I think I’m ready to move forward.
OK, So, we’re going to go right here on a workgroup click workgroup change and domain is exam lab practice. Dot com is the domain name and we’re going to put in the credentials. All right. And it is going to join the domain, so, we are now officially joined back to exam lab practicum. We’re going to close and we’re going to reboot and that’s it. We are now officially set up. We’re now just a member server and we’re joined to the domain. We are no longer a domain controller.
68. Deploy a Windows Admin Center gateway server
So now I’m ready to implement the Windows admin center.
So first things first, we had server manager. Server Manager was a great tool, but server manager was only for on-premises use lets you administer multiple servers, but on-premise only you couldn’t integrate with the cloud. Microsoft wanted to create a tool that would let you not only manage things on-premise, but also, interact with Azure in the cloud and manage multiple servers in multiple places, whether they were in the -or data centers, or whether they were on-premise. And so, they created WACC Windows Admin Center. First thing you got to do is you got to download Whack Windows Admin Center and install on a server. The server cannot be a domain controller.
So, in NYC Server one, we want to make sure that that is in order to make sure this why we, if it was a domain for we would remove Active Directory. But NYC Server one is just a member server, So, we’re now ready to install Windows Admin Center.
So, I’m going to go to my web browser, open up my web browser that I’m just going to go to Google, and we’re just going to do a search for installing the Windows admin center. All right.
So, I’m just opening up the Edge web browser here. All right, and then once Edge Web browser is opened up, I can go to the Windows and Google and search for Windows admin center.
OK, so, I’m going to do that. And we’ll see. Download Windows Admin Center.
OK.
So go there. And right here. Click on the Windows Admin Center Microsoft page. We’re going to scroll down to the bottom of this page and your home when you do this, it could look a little different than mine. But I mean, look for this download button right here. Download now. It’s going to take us to the products and service page where we can download a copy of the Windows Admin Center.
So here it is right here. All right. And so, I’m just going to click to continue on. That’s going to make me fill out a little form.
So, I’m just going to put just a bunch of stuff in here just to kind of get through it very quickly. Fake email billboard.com. And then just put in a phone number here just to keep it happy.
OK. And then we can put in country. And then I should now be able to install download this. Okay, So, it’s now downloading the file and it’ll take a moment to download. Obviously, depending upon how fast the internet connection is now, when you install this on a server, that server can be made what is called a Windows Admin Center Gateway. The Windows Admin Center Gateway is a central server where multiple admins can be connected into it and manage the Windows Admin Center from their own computer so you can have Windows client computers. Admins are using remote it into the server and using the server using Windows Edmondson or to administer multiple on-premise servers, as well as what’s in Azure Active Directory.
OK, so, I’m going to open this file and it’s going to say preparing to install welcome to the wizard.
So, it’s doing its little preparation and then verifying everything is in order. It’s trying to make sure that there’s no ports block or anything like that that could cause an issue. It’s also, of course, making sure this not a domain controller because it won’t let you install it on to make sure.
So, we go here, except we’re going to click next. All right. Says, do you want to give any additional diagnostic data to say required? And then from there, do you want it to use Microsoft Update to keep the tool updated? For now, I’m going to say I don’t want to just to move through this quickly. And then at that point says, OK, install the windows had been set around the server. Use a gateway server.
OK, so that’s what we’re doing. We’re going to make the server gateway server. A Gateway server simply means that you’re putting this on the server you’re installing. Everything is needed and users could actually connect into this gateway server, even from their own client. Computers have yet Edmonds running a client computer that can remote into this machine and use this to manage again servers on-premise and also, in the cloud.
So that’s what we’re going to do. We’re going to click next.
OK, then it says allow Windows Admin Center to modify this machine’s trusted hosts settings.
OK. Yes, we want to do that so that it can allow the ability for this machine to manage other machines. And then we’re going to say use when our am over eight steps only we could do that if we wanted to require HTTPS, which is going to require a certificate to do that. For now, I’m just going to leave that turned off, but I’m going to allow when our room without HD https encryption right now. But if I want to do that, I could install a digital certificate to do that automatically. Update Windows Admin Center, although I leave, that turned on next.
OK, then it’s going to say select what port you want to use. It’s going to use Port 443. This fine as long as there isn’t some other service on this server that is utilizing Port 443.
So, if there was like a web server on here that was using Port 443, then you’d need to use a different port. The next thing that’s important is that you’ve got to have a digital certificate for the traffic.
Now it’s going to allow you to set up a self-signed certificate, which is fine. You can you can have a self-signed certificate, but it’s only for 60 days.
Now what you could do is install a Microsoft Certificate Active Directory Certificate services on the server. You know which you could go in here, server manager manage, add roles and features. Next, next, next. And you would install this right here, and you could give yourself a certificate from your own server, or you could get a certificate from a commercial CAA or something like that if you want. We’re not going to get into all that here. I’m just going to do this to get by for now. But eventually, because it will expire in 60 days, you might want to set up your own certificate authority on this machine.
OK. And so at that point, we’re going to we could also say redirect H2 to be port 80 traffic eight steps if you want. I’m just going to click install. All right.
So at that point, it is now officially going to start installing the Windows admin center. I’m going to pull the recording and just let it install.
Now that the wizard is done, you’ll notice that says ready to connect from a PC says open the URL in the browser on a PC. This the URL that you can use to get to. It tells you if the certificate was provided, you use the name specified in your certificate. It also says see what browsers are supported so you can actually open this up. Of course I’ve got Edge, which obviously Edge is supported. No problem.
So at that point, I can click this link. It’s going to open this up and I’m going to have to authenticate so, I can just put in my administrator name here and my password. And there we go. It is now logging me on, says it successfully installed, and we officially got the Windows Admin Center set up. All right. And that is how you get the Windows Admin Center implemented. We’ve now got our server set up also as a Windows Admin Center Gateway, as you can see it, says NYC -Server one exam, one practicum gateway.
So as far as getting it initially implemented, we got it.