I don't have a lot of experience creating/managing an active directory environment. This will be more of a lab environment where a solution could be tested. It will not have lots of regular users etc, just some test internal type users.
Part of that, I need to set up a domain controller quickly on Windows 2016 and Windows 2019 OS. Rather than doing all the steps manually, I try to create a script. I followed different online tutorials with a mix of luck. After a few hits and tries, the following script worked for me on a Windows 2019 machine. I haven't tested it yet on a Windows 2016 though.
Add-WindowsFeature AD-Domain-Services
Install-ADDSForest -DomainName myTestDomain -InstallDNS
Install-WindowsFeature AD-Certificate
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseRootCA
At this point, I was able to login to this machine under myTestDomain domain.
Given I don't have much experience with IT management, I am hoping to get some suggestions in case I may have missed something here. Any suggestions to improve this script will be highly appreciated.
1 Answer 1
Looking good, thankfully there aren't really any "traps" when creating a new domain via Powershell.
Couple things to note though:
You may want to install management tools for
AD-Domain-Servicesunless you plan to manage the server remotely only (as you should, but you may need them later and it doesn't really cost anything).The default functional domain level is 2008R2, if you don't have any compatibility concerns and all your DCs will be running 2016 or higher you may want to raise it to get all modern AD features (for example, the AD recycle bin):
Install-ADDSForest -DomainName myTestDomain -DomainMode 7 -ForestMode 7 -InstallDNS
- You aren't installing a DHCP server. If you plan on installing it on another machine it's perfectly fine, I'm just mentioning that as (in my experience) a majority of domains have DHCP hosted on the DC. It's a bit more verbose:
Install-WindowsFeature -Name DHCP -IncludeManagementTools
# Create security groups:
netsh dhcp add securitygroups
# Restart service so that the new security groups are used:
Restart-Service dhcpserver
# Authenticate the DHCP in AD:
Add-DhcpServerInDC -DnsName mydc.myTestDomain -IPAddress x.x.x.x
# Server manager will bother you about authenticating the DHCP in AD even though you've just done it, tell it to shut up:
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles12円 -Name ConfigurationState -Value 2
Explore related questions
See similar questions with these tags.
powershell autolab. there appear to be several AD setup routines available. [grin] \$\endgroup\$