The purpose of this series of posts is to explore and use Workspace ONE AirLift into a Lab environment to migrate devices, applications, and policies (GPOs) from ConfigMgr and Active Directory Domain Services (ADDS) to Modern Management with Workspace ONE.

Table of Content:

Part 1 - AirLift Introduction and Diagram Overview. [Click here]
Part 2 - Servers and Computer Global Configuration. [Click here]
Part 3 - Active Directory Configuration and Domain Join. [You are Here]
Part 4 - Hard Disks Configuration and prerequisite Sources Preparation. [Coming Soon !]
Part 5 - Roles and Features Installation. SPN Creation. [Coming Soon !]
Part 6 - SQL Server, SSRS and SSMS Installation. [Coming Soon !]
Part 7 - WSUS Installation and Configuration. ADK And WinPE Installation. [Coming Soon !]
Part 8 - ConfigMgr prerequsisites: System Management Container creation, AD Schema Extension and Database Creation. [Coming Soon !]
Part 9 - Installation, Overview and Update of ConfigMgr. [Coming Soon !]
Part 10 - ConfigMgr Configuration: Discovery methods Activation, Boundaries creation, Software Center personalization, VLC app configuration. [Coming Soon !]
Part 11 - Airlift Installation, Configuration and Overview. [Coming Soon !]

1 - ADDS and DNS Roles Installation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

1. Open Server Manager.
2. Click on Manage located on the upper right corner.
3. Click on Add Roles and Features.

1.1 - Installation Type Step

1. Leave the default value.
2. Click on Next >.

1.2 - Server Selection Step

1. Leave the default value.
2. Click on Next >.

1.3 - Server Roles Step

1. Check Active Directory Domain Services.

On Add Roles and Features Wizard window:
2. Click on Add Features.

3. Check DNS Server.

On Add Roles and Features Wizard window:
2. Click on Add Features.

In this tutorial, I am not going to install DHCP Server Role on MOB-SRV-DC-01 server because:

• All the Computer/Servers have Static IP.
• pfSense is already configured as a DHCP Server.

5. Click on Next >.

1.4 - Features Step

1. Leave the default values.
2. Click on Next >.

1.5 - AD DS Step

1. Click on Next >.

1.6 - DNS Server Step

1. Click on Next >.

1.7 - Confirmation Step

1. Check Restart the destination server automatically if required.
2. Click on Install.

3. Once installation succeeded, click on Close.

4. Close all windows.

2 - Promote Server to a DC

The following manipulation have to be done on MOB-SRV-DC-01 Server.

To promote MOB-SRV-DC-01 to a Domain Controller:

1. Open Server Manager.
2. Click on the flag on the upper right corner. The flag should have a yellow warning icon.
3. Click on Promote this server to a domain controller.

2.1 - Deployment Configuration Step

As MOB-SRV-DC-01 is the first and only Domain Controller, we have to create a new forest.

1. Select Add a new forest.
2. Next to Root domain name, enter a root domain name.
   In my case, I have choosen the subdomain ad.mobinergy.com.
3. Click on Next >.

Important here, there is multiple popular Domain Naming mistakes. here is the two main ones:

• The first is using a generic top-level domain (TLD). Generic TLDs like .local, .lan, .corp, are now being sold by ICANN, so the domain you’re using internally today – company.local could potentially become another company’s property tomorrow.
• Secondly, if you use an external public Domain Name like company.com, you should avoid using the same domain as your internal Active Directory name because you’ll end up with a split DNS. Split DNS is when you have two separate DNS servers managing the exact same DNS Forward Lookup Zone, increasing the administrative burden.
  => As a consequence, the common best option is to use an inactive sub-domain of a domain that you use publicly.

2.2 - Domain Controller Options Step

1. Next to Password and Confirm password, enter Directory Services Restore Mode (DSRM) password.
2. Click on Next >.

2.3 - DNS Options Step

1. Click on Next >.

2.4 - Additional Options Step

As root domain name is ad.mobinergy.com, default NetBIOS domain name is AD.

1. Change the NetBIOS domain name with a better name if needed.
   In my case, I set it with the name of my own company: MOBINERGY.
2. Click on Next >.

2.5 - Paths Step

1. Click on Next >.

2.6 - Review Options Step

1. Click on Next >.

2.7 - Prerequisites Check Step

1. Verify that All prerequisite checks passsed successfully.
2. Click on Install.

2.8 - Post Configurations

Once Domain Controller is successfully configured, the system will sign out and the server will restart automatically.

After restarting, log in to Administrator session. This account is now a domain account:

3 - Additional Alternative UPN suffix Configuration

The following manipulation have to be done on MOB-SRV-DC-01 Server.

In Active Directory, a User Principal Name (UPN) is the name of a system user in an email address format. A UPN, consists in a merge of:

• A user name (logon name).
• A separator (the @ symbol).
• A domain name (UPN suffix).

For now, the domain name i.e. the UPN suffix is ad.mobinergy.com.

Hence, let's add an alternative UPN suffix to simplify ad.mobinergy.com into mobinergy.com

1. Open Server Manager.
2. On the upper right corner, click on Tools.
3. Click on Active Directory Domains and Trusts.

4. Right click on Active Directory Domains and Trusts
5. Click on Properties.

On Active Directory Domains and Trusts window:
6. Under Alternative UPN suffixes, enter mobinergy.com.
7. Click on Add.
8. Click on Apply
9. Click on OK.

10. Close all windows.

4 - Organizational Unit Creation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

1. Open Server Manager.
2. On the upper right corner, click on Tools.
3. Click on Active Directory Users and Computers.

if needed, you can pin Active Directory Users and Computers to taskbar

4.1 - OU Creation For User Objects

1. Right click on the root domain - ad.mobinergy.com.
2. Click on New.
3. Click on Organizational Unit.

4. Enter Mobinergy Users.
5. Click on OK.

6. Right click on Mobinergy Users OU.
7. Click on New.
8. Click on Organizational Unit.
9. Enter Administrative Users.
10. Click on OK.
    
    
11. Right click on Mobinergy Users OU.
12. Click on New.
13. Click on Organizational Unit.
14. Enter Corporate Users.
15. Click on OK.

4.2 - OU Creation For Computer Objects

1. Right click on the root domain - ad.mobinergy.com.
2. Click on New.
3. Click on Organizational Unit.
4. Enter Mobinergy Computers.
5. Click on OK.
   
   
6. Right click on Mobinergy Computers OU.
7. Click on New.
8. Click on Organizational Unit.
9. Enter Member Servers.
10. Click on OK.
    
    
11. Right click on Mobinergy Computers OU.
12. Click on New.
13. Click on Organizational Unit.
14. Enter Corporate Computers.
15. Click on OK.

4.3 - OU Creation For Group Objects

1. Right click on the root domain - ad.mobinergy.com.
2. Click on New.
3. Click on Organizational Unit.
4. Enter Mobinergy Groups.
5. Click on OK.

4.4 - Organizational Unit Overview

here is the tree structure you should now have:

Close all windows.

5 - User Groups Creation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

1. Right click on Mobinergy Groups OU.
2. Click on New.
3. Click on Group.
4. Under Group name, enter MOBINERGY Local Admins
5. Under Group scope, select Global.
6. Under Group type, select Security.
7. Click on OK.

6 - User Objects Creation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

1. Open Server Manager.
2. On the upper right corner, click on Tools
3. Click on Active Directory Users and Computers.

6.1 - mcrouzet User

1. Right click on Corporate Users OU.
2. Click on New.
3. Click on User.

4. Provide all the required information (don't forget to modify UPN suffix).
5. Click on Next >.

6. Enter the user password twice.
7. To keep things simple:
   • Uncheck User must change the password at next logon.
   • Check User cannot change password.
   • Check Password never expires.
8. Click on Next >.

9. Click on Finish.

6.2 - MECMAdmin User

1. Right click on Administrative Users OU.
2. Click on New
3. Click on User.
4. Provide all the required information (don't forget to modify UPN suffix).
5. Click on Next >.

6. Enter the user password twice.
7. To keep things simple:
   • Uncheck User must change the password at next logon.
   • Check User cannot change password.
   • Check Password never expires.
8. Click on Next >.

9. Click on Finish.

10. Add MECMAdmin user member of the following groups:

• Administrators.
• Domain Admins.
• Domain Users.
• Enterprise Admins.
• Group Policy Creator Owners.
• Schema Admins.

11. Click on Apply.
12. Click on OK.

6.3 - SVC_DISCOVERY User

1. on Administrative Users OU, create a new user named SVC_DISCOVERY.
2. SVC_DISCOVERY doesn't need to be member of specific User Groups.

6.4 - SVC_MECMClientPush User

1. On Administrative Users OU, create a new user named SVC_MECMClientPush.
2. Add SVC_MECMClientPush member of MOBINERGY Local Admins User Groups.

6.5 - SVC_SQL User

1. On Administrative Users OU, create a new user named SVC_SQL.
2. SVC_SQL doesn't need to be member of specific User Groups.

6.7 - User Object Creation Overview

here is an overview of all User Object created:

7 - Computer Objects Creation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

1. Open Server Manager.
2. On the upper right corner, click on Tools.
3. Click on Active Directory Users and Computers.

7.1 - MOB-DKT-AIRLIFT-01 Computer

1. Right click on Corporate Computers OU.
2. Click on New.
3. Click on Computer.

4. Under Computer name, enter MOB-DKT-AIRLIFT-01.
5. Click on OK.

7.2 - MOB-SRV-MECM-01 Server

1. Right click on Member Servers OU.
2. Click on New.
3. Click on Computer.
4. Under Computer name, enter MOB-SRV-MECM-01.
5. Click on OK.

8 - MOB-DKT-AIRLIFT-01 Domain Join

The following manipulation have to be done on MOB-DKT-AIRLIFT-01 Computer.

8.1 - Adapter Options Modification

Change adapter options to set MOB-SRV-DC-01 (192.168.1.101) as DNS Server.

8.2 - ad.mobinergy.com Domain Join

1. Open Start menu.
2. Click on Settings.

3. Click on System.

4. Click on About.
5. Click on Rename this PC (advanced).

6. Click on Computer Name tab.
7. Click on Change...

8. Under Member of section, select Domain
9. Enter ad.mobinergy.com.
10. Click on OK.

On Windows Security window:
11. Enter domain administrator credentials.
12. Click on OK.

13. Device is now joined to ad.mobinergy.com domain.
14. Click on OK.

13. Restart MOB-DKT-AIRLIFT-01 computer.
14. After restarting, log in with newly mcrouzet user AD session.

9 - MOB-SRV-MECM-01 Domain Join

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

9.1 - Adapter Options Modification

Change adapter options to set MOB-SRV-DC-01 (192.168.1.101) as DNS Server.

9.2 - ad.mobinergy.com Domain Join

1. Open Server Manager.
2. Click on Local Server.
3. Next to Workgroup, click on the blue WORKGROUP hyperlink.

4. Click on Computer Name tab.
5. Click on Change...

6. Under Member of section, select Domain
7. Enter ad.mobinergy.com.
8. Click on OK.

8. Enter domain administrator credentials on new pop-up and Click OK.
9. Device is now joined to ad.mobinergy.com domain.
10. Restart MOB-SRV-MECM-01 server.
11. After restarting, log in with newly MECMAdmin user AD session.

10 - Update Architecture Diagram

Regarding modifications, here is the updated Architecture Diagram:

11 - Conclusion

This is the end of the Part 3 for this series of posts. In this post we have done the following manipulations:

• MOB-SRV-DC-01 Configuration as Domain Controller.
• AD Preparation.
• MOB-DKT-AIRLIFT-01 ad.mobinergy.com Domain Join.
• MOB-SRV-MECM-01 ad.mobinergy.com Domain Join.

See you in Part 4 to continue the configuration.