With the introduction of Server Core something has changed in the Windows world. The graphical interface has disappeared. Windows Server no longer has to run the full graphical user interface in order to be able to function as a Domain Controller. That’s fine. In the first part of this article I am going to install an additional DC in an existing domain. In the second part I am going to create a new forest root domain.
Preparation
After installing Server Core, ensure that the server has a valid IP-Address, Subnet Mask, Gateway, and a computer name that matches the naming conventions. The easiest way to do this is to use the sconfig command. By the way: sconfig is available on all Windows Server Editions, not just on Core. In cmd simply type sconfig. I love it.
To setup basic configuration with PowerShell see my article This is not your father´s Windows Server: Setting up Server Core with PowerShell.
Installing an additional Domain Controller
Windows Server Core starts with cmd by default. In cmd type powershell and hit enter. First we install the Active Directory Services Role.
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
After installation new commands are available. I will use some of them to promote the server to a Domain Controller of my domain pagr.com.
Get-Command -Module ADDSDeployment
Now everything is ready. Here we go. We need an additional domain controller with the default settings.
Install-ADDSDomainController -InstallDns -Credential (Get-Credential DomänenName\administrator) -DomainName DomänenName -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passwort" -Force)
Finished.
Installing a new Forest
The installation of a new Forest with a new Forest Root domain is called Greenfeld installation. Again, first we have to install the Active Directory Services Role.
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Once the role is installed, the new forest can be created by upgrading the server to the first domain controller of the new forest.
Install-ADDSForest -DomainName DomänenName -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText "Passwort" -Force)
Finished.
Further thoughts
For configuring Group Policies with PowerShell, have a look over my article Configuring Group Policies using Windows PowerShell.
Categories: Cyber Security, PowerShell, Windows Server
Hi,
thank you for your comment. I cannot find any database and log path parameters in this blog post. C:\Windows\NTDS is the default location if you don’t specify any other location.
All the best,
P
LikeLike
In your Install-ADDSDomainConroller command, you have both -Database and -LogPath set to C:\Windows\NTDS. Is that intentional or an error for the -Logpath variable?
LikeLike