Cyber Security

PowerShell: How to install a Domain Controller with Server Core

With the introduction of Server Core something has changed in the Windows world. The graphical interface has disappeared. Windows Server no longer has to run the full graphical user interface in order to be able to function as a Domain Controller. That’s fine.  In the first part of this article I am going to install an additional DC in an existing domain. In the second part I am going to create a new forest root domain.


After installing Server Core, ensure that the server has a valid IP-Address, Subnet Mask, Gateway, and a computer name that matches the naming conventions. The easiest way to do this is to use the sconfig command. By the way: sconfig is available on all Windows Server Editions, not just on Core. In cmd simply type sconfig. I love it.


To setup basic configuration with PowerShell see my article This is not your father´s Windows Server: Setting up Server Core with PowerShell.

Installing an additional Domain Controller

Windows Server Core starts with cmd by default. In cmd type powershell and hit enter. First we install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools


After installation new commands are available. I will use some of them to promote the server to a Domain Controller of my domain

Get-Command -Module ADDSDeployment


Now everything is ready. Here we go. We need an additional domain controller with the default settings.

Install-ADDSDomainController -InstallDns -Credential (Get-Credential DomänenName\administrator) -DomainName DomänenName -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passwort" -Force)



Installing a new Forest

The installation of a new Forest with a new Forest Root domain is called Greenfeld installation. Again, first we have to install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

101.PNGOnce the role is installed, the new forest can be created by upgrading the server to the first domain controller of the new forest.

Install-ADDSForest -DomainName DomänenName -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText "Passwort" -Force)



Further thoughts

For configuring Group Policies with PowerShell, have a look over my article Configuring Group Policies using Windows PowerShell.

6 replies »

  1. Hi,
    thank you for your comment. I cannot find any database and log path parameters in this blog post. C:\Windows\NTDS is the default location if you don’t specify any other location.
    All the best,


  2. In your Install-ADDSDomainConroller command, you have both -Database and -LogPath set to C:\Windows\NTDS. Is that intentional or an error for the -Logpath variable?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.