Create Active Directory Forest via PowerShell

calendar Aug 29, 2018 · 2 min read · Active Directory Microsoft Microsoft Powershell Windows  ·
Share on: linkedin copy

This blog covers creating a new Active Directory forest and adding a secondary domain controller to the domain via PowerShell.

Create Active Directory Forest

To create a new Active Directory (AD) forest, the below PowerShell commands can be run to simplify the process. To start off, run the below command to install the appropriate Windows Feature.

1Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Run the below command to add the AD module into PowerShell now that it has been installed.

1Import-Module ADDSDeployment

Once this has completed, it is time to create the AD forest. Adjust the below command to suit your own environment.

1Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "Win2012R2" -DomainName "homelab.local" -DomainNetbiosName "homelab" -ForestMode "Win2012R2" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true

You will then be prompted to enter the SafeModeAdministratorPassword and again to verify it. Once this is entered you will see the console performing the operations and the server will eventually restart.

And that is pretty much it. Once the restart is finished you will be able to log in with your old local administrator (it is now the domain administrator) and configure your AD & DNS domain as you need.

Add Secondary Domain Controller

To create a secondary domain controller, ensure that your server has already joined the domain and you have completed all other post-provisioning tasks. To start off, run the below command to install the appropriate Windows Feature.

1Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Run the below command to add the AD module into PowerShell now that it has been installed.

1Import-Module ADDSDeployment

Once this has completed, it is time to join the server to the domain as a domain controller.

1$cred = Get-Credential
2Install-ADDSDomainController -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainName "homelab.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoGlobalCatalog:$false -SysvolPath "C:\Windows\SYSVOL" -NoRebootOnCompletion:$false -Credential $cred -Force:$true

Once the server has restarted, you will be able to log into the domain controller as a domain administrator.

comments powered by Disqus