Install Active Directory from PowerShell
This post will detail how to install AD from PowerShell. This can be especially helpful for those wanting to use Server Core on the domain controllers instead of a server with a GUI. There are some basic commands that you will run to get it up running, and from there, you can use remote tools to manage your AD. I did all of this using Windows Server 2012 R2 Core.
Why use Core?
There are many reasons to use Server Core instead of server with a GUI. I prefer to use Core on anything that can handle it. Core is lighter, has less of an attack surface, and requires fewer updates and reboots. Usually, you can use Core if the server is hosting basic Windows features, such as IIS, file services, domain controllers, etc. SQL servers are also another good use of Core. Core might take some getting used to, but it’s worth it.
Installing a Domain
This how to install a fresh Active Directory Forest and Domain. First, we need to enable the role. To do that, type “powershell” at the command prompt. This will launch PowerShell. Next, type “get-windowsfeature”. This will show you which features you have installed, as well as the necessary information to install more.
In this case, we need to install domain services, which has a feature name of “AD-Domain-Services”. We can install it by running “install-windowsfeature -name AD-Domain-Services”. After the bits are installed, we can run additional commands to install our domain.
Because this is a new forest and domain, we will use the forest command. Here is what you need:
Install-ADDSForest –DomainName <domain_name> -InstallDNS -DomainMode win2012r2 –forestmode win2012r2 –DomainNetBIOSName <netbios name>
You need to fill in the appropriate values for domain_name and netbios name. There are also parameters for moving the database, sysvol, and logs. They are:
-DatabasePath
-SysvolPath
-LogPath
I also prefer to use the “-NoRebootOnCompletion” parameter so that I can read the output before the server restarts. Once you have your PowerShell line typed out, I encourage you to test it. Take your parameters and feed them to “Test-ADDSForestInstallation”. This will ensure that you have all of the right prerequisites, as well as parameters.
Build Account
After the domain is installed, I would suggest going ahead and building a domain admin account. This can be done with these commands:
New-ADUser <username> -enabled $true -AccountPassword (read-host -AsSecureString “AccountPassword”)
Add-ADGroupMember -identity “Domain Admins” -members “<username>”
Be sure to feed these commands a username. The important part is the accountpassword parameter. Because you have a fresh domain, the default password policy is in place. You cannot create an account with a blank password and then set it from the GUI later. Also, the command will not accept passwords in plain text, hence the read-host with the secure string setting.
Add a Second Controller
Once the domain is installed, we can add a second domain controller fairly easily. Join the server that will act as your second controller to your domain. Add the AD-Domain-Services role, just as we did earlier. Run this PowerShell command, filling in the appropriate information:
Install-ADDSDomainController -DomainName <domain_name> -InstallDNS -NoRebootOnCompletion -ReplicationSourceDC “<FQDN of first controller>”
You can also add the additional database, log, and sysvol parameters to this command. I would also recommend testing your command first using “Test-ADDSDomainControllerInstallation”.
Now you have a functioning domain installed on Server Core using PowerShell.
