As a Microsoft consultant there is always a need to quickly spin up VMs in a lab environment, and an Active Directory Domain Controller almost always underpins everything you do in the lab. The following are the PowerShell commands I use to get a DC up and running as quickly as possible without using a script.
Computer Name, Ethernet Interface, and a Restart
This section configures the IP info on the Ethernet interface, sets the new computer name, and restarts the machine. Just change the variables to suite your environment before you paste the commands into a PowerShell window.
$computerName
= "dc01"
$ipAddress
= "192.168.199.25"
$ipPrefix
= "24"
$ipGW
= "192.168.199.1"
$ipDNS
= "8.8.8.8"
$ipIF
= (Get-NetAdapter).ifIndex
New-NetIPAddress
-InterfaceIndex $ipIF
-IPAddress $ipAddress
-PrefixLength $ipPrefix
-DefaultGateway $ipGW
Set-DNSClientServerAddress
–interfaceIndex $ipIF
–ServerAddresses $ipDNS
Rename-Computer
-NewName $computerName
-force
Restart-Computer
Install the ADDS Bits & Promote to a Domain Controller
Now we install the ADDS bits, and then promote the machine to a DC in a new ADDS forest. Again, just change the variables to suite your needs.
$domainName = "contoso.com"
$netBIOSname
= "CONTOSO"
$forestMode = "Win2012R2"
$domainMode = "Win2012R2"
Install-WindowsFeature
AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
Import-Module
ADDSDeployment
Install-ADDSForest
`
-DomainName
$domainName `
-DomainNetbiosName
$netBIOSname `
-ForestMode
$forestMode `
-DomainMode
$domainMode `
-CreateDnsDelegation:$false `
-InstallDns:$true `
-LogPath
"C:\Windows\NTDS" `
-SysvolPath
"C:\Windows\SYSVOL" `
-DatabasePath
"C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-Force:$true
Note: You will be prompted to enter a Safe Mode Administrator Password
DNS Reverse Lookup Zones, Sites & Services, and Time
Next up is creating an active directory integrated reverse lookup zone in DNS, adding our subnet to AD Sites and Services, changing the name of the default site, and configuring the DC to use an external time source.
$netID
= "192.168.199.0/24"
$siteName
= "LAB"
$location
= "New Lab
City"
$timePeerList
= "0.us.pool.ntp.org
1.us.pool.ntp.org"
Add-DNSServerPrimaryZone
-NetworkID $netID
-ReplicationScope 'Forest'
-DynamicUpdate 'Secure'
Import-Module
ActiveDirectory
$defaultSite
= Get-ADReplicationSite
| Select DistinguishedName
Rename-ADObject
$defaultSite.DistinguishedName
-NewName $siteName
New-ADReplicationSubnet
-Name $netID
-site $siteName
-Location $location
w32tm
/config /manualpeerlist:$timePeerList /syncfromflags:manual
/reliable:yes /update
Create an OU Structure
Finally we create a simple OU structure.
$baseDN
= "DC=contoso,DC=com"
$resourcesDN
= "OU=Resources,"
+ $baseDN
New-ADOrganizationalUnit
"Resources" -path $baseDN
New-ADOrganizationalUnit
"Admin Users" -path $resourcesDN
New-ADOrganizationalUnit
"Groups Security" -path $resourcesDN
New-ADOrganizationalUnit
"Service Accounts" -path $resourcesDN
New-ADOrganizationalUnit
"Workstations" -path $resourcesDN
New-ADOrganizationalUnit
"Servers" -path
$resourcesDN
New-ADOrganizationalUnit
"Users" -path
$resourcesDN
Conclusion
There's a lot more to do when building out a new Active Directory forest in production, but for a simple lab environment with a single DC, the preceding PowerShell commands come in handy. Got any commands you use to build a new AD forest? Feel free to share them in the comments.
Labels: Active Directory Domain Services, AD DS, powershell, Windows Server 2012 R2
