The other week I talked about the love that dares to speak its name (and building AD Forests). This week is about AD Domains and, er, well, creating children with PowerShell…
(Note to self: must reword last sentence)
Enough balderdash… let's look at creating a child domain with PowerShell.
Step 1 – Install Binaries on Server
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
This primes our server for promotion…
Step 2 – Promote Server to DC in New Forest
$AdminPassword = "Ijcppjc12o5mK10uuA2N"
$DomainCredential = Get-Credential
Install-ADDSDomain -CreateDnsDelegation `
-DatabasePath "Z:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-NewDomainName "Child" `
-ParentDomainName "fabrikam.com" `
-LogPath "Z:\Windows\NTDS" `
-SysvolPath "Z:\Windows\SYSVOL" `
-SafeModeAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `
-Credential $DomainCredential `
This promotes our server as the first Domain Controller in a new child domain of an existing forest. Let's look at those parameters:
- CreateDNSDelegation – I want a DNS delegation for the parent / child relationship
- DatabasePath – where to find NTDS.dit
- DomainMode – the domain functional level
- NewDomainName – FQDN of the new child domain
- ParentDomainName – FQDN of the existing parent domain
- InstallDns – yes, please!
- LogPath – where to find the install log
- SysvolPath – where to find our friendly, neighbourhood SYSVOL
- Force – use the… yes, really!
- SafeModeAdministratorPassword – how we boot into DSRM
- Credential – the Enterprise Admin credential supplied using Get-Credential…
- SkipPreChecks – see below…
I include SkipPreChecks because I've usually run the Test-ADDSDomainInstallation cmdlet to check I'm good to go.
One loves one's children.