Have I mentioned that I love PowerShell? Yes? Thought so…
Here's YET ANOTHER reason why I love PowerShell. Take a look at how easy it is to create an Active Directory forest:
Step 1 – Install Binaries on Server
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
This primes our server for promotion…
Step 2 – Promote Server to DC in New Forest
$AdminPassword = "6T7Ge9p15TiBiGtEah54mK"
Install-ADDSForest -CreateDnsDelegation:$False `
-DatabasePath "Z:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "fabrikam.com" `
-DomainNetbiosName "fabrikam" `
-ForestMode "Win2012R2" `
-LogPath "Z:\Windows\NTDS" `
-SysvolPath "Z:\Windows\SYSVOL" `
-SafeModeAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `
This promotes our server as the first Domain Controller in a new forest. Let's look at those parameters:
- CreateDNSDelegation – not necessary as we're spinning up a new forest
- DatabasePath – where to find NTDS.dit
- DomainMode – the domain functional level
- DomainName – FQDN of the top-level domain
- DomainNetbiosName – FQDN of the domain
- ForestMode – the forest functional level
- InstallDns – yes, please!
- LogPath – where to find the install log
- NoRebootOnCompletion – we need to reboot, otherwise no forest
- SysvolPath – where to find our friendly, neighbourhood SYSVOL
- Force – use the… yes, really!
- SafeModeAdministratorPassword – how we boot into DSRM
- SkipPreChecks – see below…
I include SkipPreChecks because I've usually run the Test-ADDSForestInstallation cmdlet to check I'm good to go.
Isn't it Valentine's Day soon?
What's that? I've missed it?!
Ah, that explains the recent frosty atmosphere in the PoSh abode…