Create AD Forest with PowerShell

Have I mentioned that I love PowerShell? Yes? Thought so...

Here's YET ANOTHER reason why I love PowerShell. Take a look at how easy it is to create an Active Directory forest:

Step 1 - Install Binaries on Server

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

  

This primes our server for promotion...

Step 2 - Promote Server to DC in New Forest

$AdminPassword = "6T7Ge9p15TiBiGtEah54mK"

Install-ADDSForest -CreateDnsDelegation:$False `

-DatabasePath "Z:\Windows\NTDS" `

-DomainMode "Win2012R2" `

-DomainName "fabrikam.com" `

-DomainNetbiosName "fabrikam" `

-ForestMode "Win2012R2" `

-InstallDns:$True `

-LogPath "Z:\Windows\NTDS" `

-NoRebootOnCompletion:$False `

-SysvolPath "Z:\Windows\SYSVOL" `

-Force:$True `

-SafeModeAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `

-SkipPreChecks

 

This promotes our server as the first Domain Controller in a new forest. Let's look at those parameters:

  • CreateDNSDelegation - not necessary as we're spinning up a new forest
  • DatabasePath - where to find NTDS.dit
  • DomainMode - the domain functional level
  • DomainName - FQDN of the top-level domain
  • DomainNetbiosName - FQDN of the domain
  • ForestMode - the forest functional level
  • InstallDns - yes, please!
  • LogPath - where to find the install log
  • NoRebootOnCompletion - we need to reboot, otherwise no forest
  • SysvolPath - where to find our friendly, neighbourhood SYSVOL
  • Force - use the... yes, really!
  • SafeModeAdministratorPassword - how we boot into DSRM
  • SkipPreChecks - see below...

 

I include SkipPreChecks because I've usually run the Test-ADDSForestInstallation cmdlet to check I'm good to go. 

Isn't it Valentine's Day soon?

What's that? I've missed it?!

Ah, that explains the recent frosty atmosphere in the PoSh abode...