Cyber Security

PowerShell: How to install a Domain Controller with Server Core

By on ( 6 Comments )

With the introduction of Server Core something has changed in the Windows world. The graphical interface has disappeared. Windows Server no longer has to run the full graphical user interface in order to be able to function as a Domain Controller. That’s fine.  In the first part of this article I am going to install an additional DC in an existing domain. In the second part I am going to create a new forest root domain.

Preparation

After installing Server Core, ensure that the server has a valid IP-Address, Subnet Mask, Gateway, and a computer name that matches the naming conventions. The easiest way to do this is to use the sconfig command. By the way: sconfig is available on all Windows Server Editions, not just on Core. In cmd simply type sconfig. I love it.

3.PNG

To setup basic configuration with PowerShell see my article This is not your father´s Windows Server: Setting up Server Core with PowerShell.

Installing an additional Domain Controller

Windows Server Core starts with cmd by default. In cmd type powershell and hit enter. First we install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

101.PNG

After installation new commands are available. I will use some of them to promote the server to a Domain Controller of my domain pagr.com.

Get-Command -Module ADDSDeployment

Unbenannt.PNG

Now everything is ready. Here we go. We need an additional domain controller with the default settings.

Install-ADDSDomainController -InstallDns -Credential (Get-Credential DomänenName\administrator) -DomainName DomänenName -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passwort" -Force)

102.PNG

Finished.

Installing a new Forest

The installation of a new Forest with a new Forest Root domain is called Greenfeld installation. Again, first we have to install the Active Directory Services Role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

101.PNGOnce the role is installed, the new forest can be created by upgrading the server to the first domain controller of the new forest.

Install-ADDSForest -DomainName DomänenName -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText "Passwort" -Force)

100.PNG

Finished.

Further thoughts

For configuring Group Policies with PowerShell, have a look over my article Configuring Group Policies using Windows PowerShell.

Categories: Cyber Security, PowerShell, Windows Server

Tagged as: , , , , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2024], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

6 replies »

  1. Pingback: Windows Server Core: Start with PowerShell by default – SID-500.COM

  2. Hi,
    thank you for your comment. I cannot find any database and log path parameters in this blog post. C:\Windows\NTDS is the default location if you don’t specify any other location.
    All the best,
    P

    Like

    Reply

  3. In your Install-ADDSDomainConroller command, you have both -Database and -LogPath set to C:\Windows\NTDS. Is that intentional or an error for the -Logpath variable?

    Like

    Reply
  4. Pingback: Setting up Windows Server 2012/2016 with sconfig « SID-500
  5. Pingback: This is not your father´s Windows Server: Setting up Server Core with PowerShell « SID-500
  6. Pingback: PowerShell: My top 10 commands for documenting and monitoring Active Directory « SID-500

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.