0
\$\begingroup\$

I don't have a lot of experience creating/managing an active directory environment. This will be more of a lab environment where a solution could be tested. It will not have lots of regular users etc, just some test internal type users.

Part of that, I need to set up a domain controller quickly on Windows 2016 and Windows 2019 OS. Rather than doing all the steps manually, I try to create a script. I followed different online tutorials with a mix of luck. After a few hits and tries, the following script worked for me on a Windows 2019 machine. I haven't tested it yet on a Windows 2016 though.

Add-WindowsFeature AD-Domain-Services 

Install-ADDSForest -DomainName myTestDomain -InstallDNS

Install-WindowsFeature AD-Certificate

Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools

Install-AdcsCertificationAuthority -CAType EnterpriseRootCA

At this point, I was able to login to this machine under myTestDomain domain.

Given I don't have much experience with IT management, I am hoping to get some suggestions in case I may have missed something here. Any suggestions to improve this script will be highly appreciated.

\$\endgroup\$
1
  • 2
    \$\begingroup\$ you may want to look at some of the results from a net search for powershell autolab. there appear to be several AD setup routines available. [grin] \$\endgroup\$ Commented Aug 6, 2021 at 17:27

1 Answer 1

1
\$\begingroup\$

Looking good, thankfully there aren't really any "traps" when creating a new domain via Powershell.

Couple things to note though:

  • You may want to install management tools for AD-Domain-Services unless you plan to manage the server remotely only (as you should, but you may need them later and it doesn't really cost anything).

  • The default functional domain level is 2008R2, if you don't have any compatibility concerns and all your DCs will be running 2016 or higher you may want to raise it to get all modern AD features (for example, the AD recycle bin):

Install-ADDSForest -DomainName myTestDomain -DomainMode 7 -ForestMode 7 -InstallDNS
  • You aren't installing a DHCP server. If you plan on installing it on another machine it's perfectly fine, I'm just mentioning that as (in my experience) a majority of domains have DHCP hosted on the DC. It's a bit more verbose:
    Install-WindowsFeature -Name DHCP -IncludeManagementTools
    # Create security groups:
    netsh dhcp add securitygroups
    # Restart service so that the new security groups are used:
    Restart-Service dhcpserver
    # Authenticate the DHCP in AD:
    Add-DhcpServerInDC -DnsName mydc.myTestDomain -IPAddress x.x.x.x
    # Server manager will bother you about authenticating the DHCP in AD even though you've just done it, tell it to shut up:
    Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 -Name ConfigurationState -Value 2
\$\endgroup\$

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.