The other week I talked about the love that dares to speak its name (and building AD Forests). This week is about AD Domains and, er, well, creating children with PowerShell...
(Note to self: must reword last sentence)
-----------------------------------------------------------------------------------------------
Enough balderdash... let's look at creating a child domain with PowerShell.
Step 1 - Install Binaries on Server
Install-WindowsFeature-NameAD-Domain-Services-IncludeManagementTools
This primes our server for promotion...
Step 2 - Promote Server to DC in New Forest
$AdminPassword="Ijcppjc12o5mK10uuA2N"
$DomainCredential=Get-Credential
Install-ADDSDomain-CreateDnsDelegation `
-DatabasePath"Z:\Windows\NTDS" `
-DomainMode"Win2012R2" `
-NewDomainName"Child" `
-ParentDomainName"fabrikam.com" `
-InstallDns `
-LogPath"Z:\Windows\NTDS" `
-SysvolPath"Z:\Windows\SYSVOL" `
-Force `
-SafeModeAdministratorPassword ($AdminPassword|ConvertTo-SecureString-AsPlainText-Force) `
-Credential$DomainCredential `
-SkipPreChecks
This promotes our server as the first Domain Controller in a new child domain of an existing forest. Let's look at those parameters:
- CreateDNSDelegation - I want a DNS delegation for the parent / child relationship
- DatabasePath - where to find NTDS.dit
- DomainMode - the domain functional level
- NewDomainName - FQDN of the new child domain
- ParentDomainName - FQDN of the existing parent domain
- InstallDns - yes, please!
- LogPath - where to find the install log
- SysvolPath - where to find our friendly, neighbourhood SYSVOL
- Force - use the... yes, really!
- SafeModeAdministratorPassword - how we boot into DSRM
- Credential - the Enterprise Admin credential supplied using Get-Credential...
- SkipPreChecks - see below...
I include SkipPreChecks because I've usually run the Test-ADDSDomainInstallation cmdlet to check I'm good to go.
One loves one's children.