Integrating a Domain controller into a small office setup

Similar Messages

• Question about adding Windows 2012 R2 Domain Controller, into a native Windows 2008 R2 single forest domain

  I current have a two server domain, both Windows 2008 R2 and fully updated.   The two servers are on subnet 10.0.1.0 /24
  - Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
  - Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
  AD Domain: COMPANY.LOCAL
  I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
  /24 subnet.
  - Windows 2012 R2 Server C: 192.168.1.1
  What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server?   Are they anything like the following:
  1. Install Windows 2012 R2 server (Server C)
  2. Point Windows 2012 R2 server DNS servers at Server's A and B
  3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
  4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
  * Question:  Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)?  Or will I need to add the 10.0.1.0 /24 zone to the DNS
  server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?

  Hi,
  Regarding the issue here, please take a look into below articles:
  System Requirements and Installation Information for Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn303418.aspx
  Release Notes: Important Issues in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn387077.aspx
  Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
  http://technet.microsoft.com/en-us/library/jj574134.aspx
  Here is an example for promoting Windows Server 2012 to a DC, see:
  Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
  http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
  As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain,  bascially there is no special need to add zones,  for more information, please see:
  Understanding Active Directory Domain Services Integration
  http://technet.microsoft.com/en-us/library/cc726034.aspx
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

  Hello,
      I have a client that we are planning to migrate to 2012 over time.  They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
      We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server.  I was then going to install the
  2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog.  My question is will Exchange 2003 still function
  normally in this scenario?
     I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work.  We will eventually migrate to 2003, they just don't want to
  do it all at once, due to costs and other issues.
  Thanks.

  I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
  to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
  A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
  If it won't, can the 2012 server be a member server in the 2003 AD?  The 2000
  DC it is replacing, just shares files on the network in addition to being the lone AD server
  Yes, it can be a member server.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Simple but reliable small office setup

  Hi group,
  I need some advice on setting up a simple but reliable small office wireless network. Up until now, we had a consumer AP combined with wired connections. However, we're moving to a new office where it's difficult to implement a wired network and we decided to implement a good quality wireless network.
  So, I was looking into business quality wireless AP's and it looks as if the Aironet 1600 is an interesting option. However, I'm not a (wireless) network specialist and have no knowledge of controlled AP's.
  The office is (only) 278 square meters (24 x 11.6), divided in two main areas by a supporting wall with two large doorways. I would like to keep the setup costs to a minimum, ideally using only 1 AP. This might mean placing the AP on the ceiling near the dividing wall (which is roughly in the middle), or on the wall itself.
  We need to support fast wireless connections from 15 laptop computers now, and up to 25 in the near future. Also, we'd like to support 15-25 mobile devices, i.e. tablets or smart phones.
  I've found some info on the differences between the AIR-CAP1602 and AIR-SAP1602 models, as well as the Internal and External antenna versions. It seems to me we could use the Standalone (SAP1602) model. However, I don't have enough knowledge to determine if the Aironet 1600 is actually appropriate for our requirements and if yes, which model.
  I would very much appreciate your advice!

  A 1600 would work or even a 2600. I prefer the 2600/3600 though but cost is your concern. I would also place the AP on the ceiling but belies the ceiling maybe in the middle if possible. Don't place the AP above the ceiling because you will loose coverage. Internal antennas are fine and just to note, rule of thumb is 25 users per AP so just in case you need more throughput, maybe using two separated by 3-5 meters would help also. If the 1600's are the choice for you then look at having one or two APs.
  Sent from Cisco Technical Support iPhone App

• Restoring a Domain Controller - When other DC's are available

  I'm trying to get some clarity and confidence on the proper way to restore domain controllers.  here are my questions:
  1. What is the proper way to restore a Domain controller into an existing Forrest where other domain controllers are present when you have a system state backup taken by Windows Server Backup?
  1a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
  2. What is the proper way to restore a Virtualized Domain Controller into an existing Forrest where other domain controllers are present when you have a 3rd party image based backup solution that has HyperV VSS writers?  
  2a. In this scenario - will i need to enter into DSRM mode prior to booting the server?

  1. What is the proper way to restore a Domain controller into an existing Forrest where other domain
  controllers are present when you have a system state backup taken by Windows Server Backup?
  You can restore the DC using two possible methods:
  Method 1: Do a non-authoritative restore using a system state backup. Do not do an authoritative restore so that you do not lose recent changes here.
  Method 2: If the DC is an FSMO holder then size the FSMO roles to another DC, do a metadata cleanup and then re-install the server and promote it again as a DC. If it is not an FSMO holder then simply do a metadata cleanup and then re-install
  the server and promote it again as a DC.
  1a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
  Yes. You need to get inside DSRM mode to restore the DC from a system state backup.
  2. What is the proper way to restore a Virtualized Domain Controller into an existing Forrest where
  other domain controllers are present when you have a 3rd party image based backup solution that has HyperV VSS writers? 
  You can read that: http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers
  Also, see that about DC cloning in Windows Server 2012 and higher: http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012.aspx
  2a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
  You can find the details in the links I shared.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Install Active Directory Domain Controller on Windows server 2008 enterprise, dont login on Sql Server 2008 R2

  I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
  I have uninstalled ADDC but i still can't login on SQL server 2008r2.
  please help me. it  is very very disaster!
  I think is loss account SQL server 2008r2!

  Hello,
  I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
  Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
  You cannot run SQL Server services on a domain controller under a local service account or a network service account.
  After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
  After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
  SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
  SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
  On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
  So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
  Regards,
  Elvis Long
  TechNet Community Support

• Active Directory integrated LION with offline Domain Controller

  Hi,
  I have some OS X Lion machine, and all of them joined into the Win2008 AD. There is no any issue when the Domain Controller is reahcable, but when it is not reahcable, or the machine is not in the same network as the DC, then I am not able to login with my AD user.
  In Windows the last credential is stored on the local machines. So if the machine is OFFLINE from the DC, then it is able to let the AD user to login.
  Is there any trick or option how I can implement it with my LION clients? Or there is no way to use AD user when the AD is not reachable?
  Thanks in advance!

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Best pracices for setting up Domain controller for our remote European offices

  Hi,,
  We have about 17 remote site across Europe (HQ in UK), I want to start revoking the offices local DC's and host them in a couple of Cloud servers in Germany with local NAS boxes for file storage. I will have MPLS network between the offices to the Cloud
  DC.
  Now what would be the best practices and tips for this situation in respect to the DC's. How can I prioritize the remote offices to use the Cloud DC/DNS and not our DC at our HQ in the UK. Would it be better to have a sub-domain created (europe.company.co.uk)
  for the other offices.
  Any suggestions on this setup for the DC

  Hiya,
  on the conceptual level. The reason for having local DC's, is that if the local sites internet line is offline, people are still able to authenticate and access local resources. From that point of view, you might as well just run with your HQ DC's only. Note:
  the cloud does offer availability on their services, that might not be matched by your HQ in terms of double internet lines.
  That said.
  The DNS server of the clients as well as the sites & services of Active Directory. Your clients will use the nearest domain controller available from sites and services information.
  Managing Intersite Replication
  http://technet.microsoft.com/en-us/library/cc794799%28v=ws.10%29.aspx

• Pros and cons in setting AD domain trust into my AD domain for more than 10+ AD domain and some with same FQDN or label ?

  Hi,
  Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different AD sites into my existing single domain forest let say ParentCompany.com ?
  At the moment I only have one single forest AD domain with the Domain and Forest functionality Windows Server 2003. The main domain controller FSMO role holder is in the Data Center spread across three different VMs running on Windows Server 2008 R2.
  The main/parent company has acquired smaller business chain of 15+ offices in which they have their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain).
  Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure previously.
  I'm now considering what are the benefits of creating the AD domain and trust versus importing those AD objects into my domain and then decommission them.
  No need to worry about Exchange Server since all of the user in those sites connecting to the RDS to my ParentCompany.com terminal servers.
  My requirements or goal are as follows:
  1. Simplify the AD domain structure & maintenance
  2. Try to avoid the disruptions of the user in terms of downtime and selecting multiple different domain everytime they login to their PC or SharePoint sites.
  any kind of help and suggestion would be greatly appreciated.
  Thanks.
  /* Server Support Specialist */

  Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different
  AD sites into my existing single domain forest let say ParentCompany.com ?
  I think you mean 10 AD domains.
  Managing multiple domains can be difficult for administration. I usually recommend using a single domain in a single forest with OUs to separate resources whenever it is possible.
  However, if you can't do that then you can simply create trust relationships between your domains. The advantage is that you can enable access to resources to different domains. I do not see cons here.
  The main/parent company has acquired smaller business chain of 15+ offices in which they have
  their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain). Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure
  previously.
  I'm now considering what are the benefits of creating the AD domain and trust versus importing those
  AD objects into my domain and then decommission them.
  I would recommend consolidating your domains into a single one. ADMT is a migration tool that you can use. The advantage would be the ease of administration. Also, by having multiple DCs for the same domain across sites, you will take benefit of High Availability
  of your and DRP.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Best practices for setting up users on a small office network?

  Hello,
  I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
  Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
  Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
  All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
  Thank you,

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• Strange issues with domain controller/DNS server

  Our domain controller/DNS server was working fine this morning. Then suddenly we stopped being able to access certain things on it. I could ping it, RDP into it, and access some files on it, but I couldn't run any applications hosted on it, accessing shared
  network files was slow, and different people around the office were getting access denied errors to files and folders they had full control of in NTFS (and in shared permissions).
  At first I noticed an NTP error so I registered w32tm and started the service and that got rid of the error but didn't fix anything.
  Oddly, machines still had internet access.
  We tried rebooting everything, restarting services, nothing has helped.
  When I accessed the server directly through the console I could access everything, could connect to any machine in the office, nothing seemed to be wrong with it.
  Any ideas?

  Is there any recent changes in your network or firewall or antivirus? Is there any change/updates performed in the AD side? I would suggest find out changes being done at the AD or Network/FIrewall level. You can run various diagnostic test within your AD
  environment to find the overall health of the AD infra.
  What does DCDIAG actually… do?
  Active Directory Replication Status Tool Released 
  http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Pricing for VM running WS 2012 E R2 primarily as domain controller for ~5 clients

  Hi
  I am starting a small medical clinic, with only about 6 client PCs.  However, I  would like a domain network structure for security purposes moving forward rather than a workgroup.
  I'm looking at either purchasing a modest server (ie HP Proliant ml310) with windows server 2012 essentials r2 and using it locally (total cost ~$1500) or using a Windows Azure virtual machine to run the domain controller over a VPN.  We already use
  office 365 e3, so don't really need a local server for email, storage etc. I already have an old synology NAS that could be used for disk images etc that we would lose out on with the hosted server solution.
  Can someone verify my calculations for monthly cost estimate I tried using the calculator --1 small VM + 225 GB storage for the OS came to $65/month
  Would I be able to run it on the small virtual machine or would I need to go up to medium just for the OS?  If the later is the case it would definitely not be cost effective.
  Thanks for the help
  TM

  hi tdiddy,
  Thanks for posting!
  About VM and azure storage pricing , I suggest you could refer to this pricing details page and calculations fee:
  http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
  http://azure.microsoft.com/en-us/pricing/details/storage/
  Also, for this billing question Please contact azure billing support team via
  http://www.windowsazure.com/en-us/support/contact/
  Hope it helps.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

  Every few days we see two dialogs with the following messages:
  Dialog 1, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
  Dialog 2, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
  down in 8 day(s) 23 hour(s) 0 minute(s).
  The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
  The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
  adapter properties. 
  I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
  not an option for this scenario.
  I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
  DNS server configured.
  I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

  Thanks for your response Vivian.
  I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
  never displayed these messages.
  The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
  Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
  There are only 2 user accounts configured on this server. The local admin account and another local admin user.
  The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
  The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
  This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
  shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
  server will shut itself down again in 3 days.
  The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
  on its new network and this is what is triggering the messages?
  Am I clutching at straws here?

• How to use DNS server for name resolution for items which don't exist in active directory domain controller DNS

  Dear Experts,
  In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
  DNS
  We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
  forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
  What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
  If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS. 
  How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
  Please assist ASAP.
  regards,

  Hello,
  ok so the GPO setting doesn't apply in any case.
  Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
  What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
  the informations from the Master.
  It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• What is the most appropriate way to generate a static IPv6 for a domain controller?

  DNS Role Best practives is giving errors. Looks like I need to assign ONE static IPv6 to each domain controller and use IT in DNS and DHCP. There are two routers on the network, each assigning a 2002: IP, plus a link local FE80: IP is also assigned.
  Is there a way to generate a static IPv6 for domain controllers that will not change even if the network cards or routers are changed?
  What is the best practice so that domain integrated DNS and DHCP with Exchange 2010 in the domain, will continue to function?
  There is ambiguous information as to whether DC's should have static or dynamic IPv6 IPs. I have tried variations such as IPv4 compatible. IPv4 mapped, ISATAP, etc. but over time have gotten different errors from different sources.
  It is one thing for Microsoft to give error messages about IPv6 but I cannot find any definitive recommednations on this.
  Thanks if anyone finds a universal answer.
  Bob.

  Excellent and valid points, Bob. Your outlook explains in an easy way how the challenges setting up Windows Server are in a sense, self-generated, and in every sense fully avoidable.
  No changes have been made to the warnings or errors in 2013 R2 despite improvements in other areas. This release mainly brought improvements to the setup in areas that were truly broken like automatic account generation for ADFS. Since that's a decade old
  feature it's probably best not to wait for Microsoft to clarify, and I appreciate your recommendations.
  I'm bumping this thread since it's the first result for 192.168.1.1 on ipv6 on Google right now, and since there's no way to see how often it's being referenced I wanted to add some additional information.
  Multiple NIC's can be specified by using the scope ID parameter supported since Vista, that appears as a percent-sign at the end of IPv6 addresses. It uniquely identifies the network adapter even when that adapter shares the same host portion of the IPv6
  address space (i.e. essentially, has the same IP, which in IPv4 is invalid.) I'll give some examples at the end of the post.
  Following the recommendation to deprecate the fec0 prefix while maintaining a link-local addressing scheme is possible through the prefix length at the beginning of the IPv6 address. As
  this reference at IBM explains, fe80:: maps to a link-local prefix length of 64 equivalent to the IPv4 version of 24, and anything else before the double-colon refers to the network portion of the IPv6 address.
  The host portion of the IP address then _could_ be ::20, ::21, etc., as you said, but to follow
  this MSDN recommendation, it would be more appropriate to use the same host portion and add a suffix for the scope ID documented on that page. The suffix may be specific to Windows
  and may not work in an equivalent way in heterogeneous platform deployments. But since the effect is limited to the local machine it should help anything past XP differentiate NICs when assigned the same host portion.
  The approach taken in the random IPv6 generator linked elsewhere on this page leaves open the possibility, however unlikely, that the generated IP can route to some other host on an open network that happens to have generated the same network portion of
  the address (the other host would be sharing the same network.) If any part should be random, it's the host portion after the double-colon, not the network portion at the beginning, so that the possibility does not exist.
  Additionally, the host portion doesn't have to be random, it's just done that way because it's usually automatically generated; a random number is safer for a computer than relying on a sequence that may not fully cover all the numbers used so far. If you're
  doing a manual deployment you can combine the above information with the inline 0-supression in IPv6 to assign numbers in the following way:
  fe80::1:1%1 (first computer is 1:1, first interface is %1)
  fe80::1:1%2 (second interface)
  fe80::1:2%1 (second computer, first interface)
  Effectively here we're swapping "192.168.1" for "fe80::1" which is roughly the same length (taking into account variations like 10.0.0). The only gotcha is that _either_ the string after the double-colon can't be 1 by itself since that's
  reserved for local machine loopback, _or_ that the second-to-last number after the double-colons can't be 0, since that's equivalent due to inline supression.
  Other combinations are fine, like fe80::2%1 and fe80::2%2 for the first computer, then ::3 for the second, etc. I thought having a 2-index for the first machine is too uncommon to look familiar so I chose the alternative, but even something like fe80::fe%80
  is perfectly fine.
  If you don't need to identify individual NICs then omitting the part after the percent sign makes fe80::10, fe80::11 a valid sequence for 2 computers. For over 255 computers just add another number before the last, so that it looks like fe80::1:10, fe80::1:11,
  etc. That should be easier to remember than the randomly generated numbers.
  There is also another way if the preference is to use IPv4-lookalike addresses. The mapped address spec is defined in RFC 4291 and it goes along the lines of "::ffff:192.168.1.1" for a valid IPv6 address to the gateway, for example. That is a newer
  recommendation than the RFC which the random-number generated linked elsewhere on this page relies on.