Create AD Child Domain with PowerShell


The other week I talked about the love that dares to speak its name (and building AD Forests). This week is about AD Domains and, er, well, creating children with PowerShell...

(Note to self: must reword last sentence)

-----------------------------------------------------------------------------------------------

Enough balderdash... let's look at creating a child domain with PowerShell.

 

Step 1 - Install Binaries on Server

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

  

This primes our server for promotion...

 

Step 2 - Promote Server to DC in New Forest

$AdminPassword = "Ijcppjc12o5mK10uuA2N"

$DomainCredential = Get-Credential

 

Install-ADDSDomain -CreateDnsDelegation `

-DatabasePath "Z:\Windows\NTDS" `

-DomainMode "Win2012R2" `

-NewDomainName "Child" `

-ParentDomainName "fabrikam.com" `

-InstallDns `

-LogPath "Z:\Windows\NTDS" `

-SysvolPath "Z:\Windows\SYSVOL" `

-Force `

-SafeModeAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `

-Credential $DomainCredential `

-SkipPreChecks

 

This promotes our server as the first Domain Controller in a new child domain of an existing forest. Let's look at those parameters:

  • CreateDNSDelegation - I want a DNS delegation for the parent / child relationship
  • DatabasePath - where to find NTDS.dit
  • DomainMode - the domain functional level
  • NewDomainName - FQDN of the new child domain
  • ParentDomainName - FQDN of the existing parent domain
  • InstallDns - yes, please!
  • LogPath - where to find the install log
  • SysvolPath - where to find our friendly, neighbourhood SYSVOL
  • Force - use the... yes, really!
  • SafeModeAdministratorPassword - how we boot into DSRM
  • Credential - the Enterprise Admin credential supplied using Get-Credential...
  • SkipPreChecks - see below...

 

I include SkipPreChecks because I've usually run the Test-ADDSDomainInstallation cmdlet to check I'm good to go.

One loves one's children.

 

Comments (1)

  1. Anonymous says:

    This domain & PowerShell stuff keeps coming...

Skip to main content