0

I'm having an issue with a PowerShell script I am writing to automate Domain Controller promotions in AD.

I get the following error when run:

Install-ADDSDomainController : Object reference not set to an instance of an object.
+ Install-ADDSDomainController -InstallDns -DomainName "$localdomain" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Install-ADDSDomainController], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSDomainControllerCommand

This is the PowerShell script I wrote:

$Network = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE
$defaultgateway = ($Network.DefaultIPGateway -like "*.*.*.*")
$localsitedc = switch ($defaultgateway)
{
 "192.168.40.1" {"DC0.east.contestco.local"}
 "192.168.41.1" {"DC0.west.contestco.local"}
 "192.168.42.1" {"DC0.north.contestco.local"}
 "192.168.43.1" {"DC0.south.contestco.local"}
 "192.168.48.1" {"DC0.mobile.contestco.local"}
}
$localdomain = "{1}" -f ($localsitedc.Split(".",2))
$seclocalpasswd = ConvertTo-SecureString "MySecretLocalPassword" -AsPlainText -Force
$secadmpasswd = ConvertTo-SecureString "MySecretADPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("CONTESTCO\Administrator", $secadmpasswd)
Install-ADDSDomainController -InstallDns -DomainName $localdomain -ReplicationSourceDC $localsitedc -SafeModeAdministratorPassword $seclocalpasswd -Credential $mycreds

Any help would be appreciated.

Thanks

asked Mar 25, 2024 at 19:40

2 Answers 2

0

Please check that

The machine you are installing as a DC has the has a gateway set and DNS Server points to a working DC/DNS server as listed in the post.

The machine you are installing as a DC has the necessary ports open to other sites as well (AD, LDAP, DNS ports), in the initial communication it may have to communicate with DNS servers for forest-wide queries. You may verify this with netstat -bn on the machine and check for a Sync_Sent status of an outgoing connection. You may refer to https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts.

From the post, I understand that there are regional Active Directory domains in a single AD Forest. Pls ensure that AD replication between sites/domains are successful and also FSMO roles are in place and active. For the AD replication check repadmin /replsummary may be used. For the FSMO roles netdom query fsmo command may be used. Every domain should have three FSMO roles of its own domain + should be able to communicate with the two FSMO roles for the forest which are located in the root domain of the forest.

answered Mar 27, 2024 at 7:35
Sign up to request clarification or add additional context in comments.

Comments

0

I found that "-Force" was needed at the end of the Install-ADDSDomainController command. I forgot this command asked questions that the user needed to answer.

answered Apr 2, 2024 at 23:10

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.