Setting up Active Directory via PowerShell


By Michael Sammels

In today’s article, we are going to discuss setting up Active Directory via PowerShell. For the purposes of this article I will be using Microsoft Windows Server 2016 Technical Preview 5, but there is no reason this should not work on previous versions of Server. If you run into problems, let me know in the comments below.

The first question to be asked: why would you want to? A lot of Windows Server installs do not have the GUI included, to reduce overheads, which means you don’t have access to the wizard – the primary reason for this tutorial.

Entering PowerShell Mode

The first thing you will need to do is open PowerShell. Once you have logged into the system and are faced with the command line, simply type PowerShell. This will boot up PowerShell. Your command line interface should start off as the top image, and end up as the bottom:

1Before PowerShell

2After PowerShell

Get The AD Service Name

In order to install Active Directory from PowerShell, we will need to know the exact module name to look for. In order to do this, we first have to execute:

get-windowsfeature

This command may take some time to execute, as the server collects the data. It depends on the specifications you are running with.

Once the command has completed successfully, you will be presented with all the uninstalled, but available, modules. Your window should now look something like this:

3After running the command

The next thing you will want to do is locate the Active Directory Domain Services:

4

What you need is highlighted in pink

Installing the Active Directory Domain Service

Once we have figured out the service name and the module name, we now have to go ahead and install it. You simply have to execute the following command:

install-windowsfeature AD-Domain-Services

This command will extract all required binary files and start the installation procedure:

5Installing the AD Domain Services

If everything goes well and according to plan, you should end up with the following screen:

6Successful installation

If you happen to come across any errors, then let me know in the comments below and I will do my best to try and help you resolve them.

Importing the Required Modules

Now – the installation is technically complete, however, this article is not going to end there. We are now going to install some additional modules to make the server run smoother, and also walk you through the process of setting up a new forest to make your active directory work.

The module that we are going to import here is the ADDSDeployment module. You can import this via the following command:

Import-Module ADDSDeployment

I will not provide a screenshot, because there is no visible feedback from this command. If the command completed successfully then you will be faced with a blank prompt. Again, if you receive any errors, let me know.

Commands to Promote Server as Domain Controller

Now, you will need to need to promote your server to a domain controller as per your requirements – there are several commands that you can use to do this. I will provide a list and description so that you can figure out which one best suits your needs. However, for this article, we are going to use the Install-ADDSForest command.

Command Description
Add-ADDSReadOnlyDomainControllerAccount Install read only domain controller
Install-ADDSDomain Install first domain controller in a child or tree domain
Install-ADDSDomainController Install additional domain controller in domain
Install-ADDSForest Install first domain controller in new forest
Test-ADDSDomainControllerInstallation Verify prerequisites to install additional domain controller in domain
Test-ADDSDomainControllerUninstallation Uninstall AD services from server
Test-ADDSDomainInstallation Verify prerequisites to install first domain controller in a child or tree domain
Test-ADDSForestInstallation Install first domain controller in new forest
Test-ADDSReadOnlyDomainControllAccountCreation Verify prerequisites to install read only domain controller
Uninstall-ADDSDomainController Uninstall the domain controller from server

Installing the First Domain Controller in Forest

So, as stated above, we are installing the first domain in Forest.

To install the Active Directory with the default configuration, execute the following command:

Install-ADDSForest

This will install the basic features and functions, however, if you want to install a customised setup – which I assume you would want to do – in a proper business environment, I will provide a sample setup for you to follow. I will lay this out line per line, to make for easy reading, but when you are passing the parameters, please be sure not to break lines anywhere. The line breaks in my example are just for readability:

Install-ADDSForest
-CreateDnsDelegation:$false
-DatabasePath “C:\Windows\NTDS”
-DomainMode “Win2012R2”
-DomainName “yourdomain.com”
-DomainNetbiosName “YOURDOMAIN”
-ForestMode “Win2012R2”
-InstallDns:$true
-LogPath “C:\Windows\NTDS”
-NoRebootOnCompletion:$false
-SysvolPath “C:\Windows\SYSVOL”
-Force:$true

If you are using a different version of Windows Server, be sure to change your modes from Win2012R2 to something such as Win2008. Once you execute this, you will be asked to enter SafeModeAdministratorPassword – this is for the Directory Services Restore Mode (DSRM). Once you set this password here Windows will finish the AD installation and configuration on your Windows Server based on the input provided.

7Setting up the Active Directory

The Active Directory will now setup. You may receive various warnings, dependant on whether you have static IPs or not. You can see the progress of the installation in the teal-coloured status bar covering the top half of the screen in the screenshot below.

8Some error messages – I have not fully setup the server

As the system is being setup you may get some error messages. Mine are because I have not setup the static IPs for networks – I assume you will have already done this as this guide does not cover that. Your server may automatically restart during this process as well.

If everything has gone to plan, then your next login prompt will look slightly different. It should look something similar to this:

9Logging in after setting up Active Directory

And that is all there is to it. You have successfully set up Active Directory via PowerShell and without the GUI. I hope this helped! Should you have any comments, problems or queries, let me know in the comments below and I will try and get back to you as soon as I can.

Resources

Comments (3)

  1. ldwyze says:

    I am pretty sure (need to verify again but I’ve done this in the past) you can also add “IncludeManagementTools” when installing AD-Domain-Services so that you have the AD management tools (ADUC and such). Great article though! Thank you!

  2. dante0390 says:

    pretty useful. very well organized. i am just getting used to the powershell. i like it. nice job

  3. Travis says:

    @ldwyze – that would make sense if you were scripting for a GUI based server. These days, the recommendation is to use server core so RSAT isn’t useful on a core server, but it is on a management server.

Skip to main content