Cyber Security

PowerShell: How to install a Domain Controller with Server Core

With the introduction of Server Core something has changed in the Windows world. The graphical interface has disappeared. Windows Server no longer has to run the full graphical user interface in order to be able to function as a Domain Controller. That’s fine.  In the first part of this article I am going to install an additional DC in an existing domain. In the second part I am going to create a new forest root domain.

Preparation

After installing Server Core, ensure that the server has a valid IP-Address, Subnet Mask, Gateway, and a computer name that matches the naming conventions. The easiest way to do this is to use the sconfig command. By the way: sconfig is available on all Windows Server Editions, not just on Core. In cmd simply type sconfig. I love it.

3.PNG

To setup basic configuration with PowerShell see my article This is not your father´s Windows Server: Setting up Server Core with PowerShell.

Installing an additional Domain Controller

Windows Server Core starts with cmd by default. In cmd type powershell and hit enter. First we install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

101.PNG

After installation new commands are available. I will use some of them to promote the server to a Domain Controller of my domain pagr.com.

Get-Command -Module ADDSDeployment

Unbenannt.PNG

Now everything is ready. Here we go. We need an additional domain controller with the default settings.

Install-ADDSDomainController -InstallDns -Credential (Get-Credential DomänenName\administrator) - DomainName DomänenName -SafeModeAdministratorPassword (ConvertTo-SecureString - AsPlainText "Passwort" -Force)

102.PNG

Finished.

Installing a new Forest

The installation of a new Forest with a new Forest Root domain is called Greenfeld installation. Again, first we have to install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

101.PNGOnce the role is installed, the new forest can be created by upgrading the server to the first domain controller of the new forest.

Install-ADDSForest -DomainName DomänenName -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText "Passwort" -Force)

100.PNG

Finished.

Further thoughts

For configuring Group Policies with PowerShell, have a look over my article Configuring Group Policies using Windows PowerShell.

5 replies »

  1. Hi,
    thank you for your comment. I cannot find any database and log path parameters in this blog post. C:\Windows\NTDS is the default location if you don’t specify any other location.
    All the best,
    P

    Like

  2. In your Install-ADDSDomainConroller command, you have both -Database and -LogPath set to C:\Windows\NTDS. Is that intentional or an error for the -Logpath variable?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.