In today’s article, we are going to discuss setting up Active Directory via PowerShell. For the purposes of this article I will be using Microsoft Windows Server 2016 Technical Preview 5, but there is no reason this should not work on previous versions of Server. If you run into problems, let me know in the comments below.
The first question to be asked: why would you want to? A lot of Windows Server installs do not have the GUI included, to reduce overheads, which means you don’t have access to the wizard – the primary reason for this tutorial.
Entering PowerShell Mode
The first thing you will need to do is open PowerShell. Once you have logged into the system and are faced with the command line, simply type PowerShell. This will boot up PowerShell. Your command line interface should start off as the top image, and end up as the bottom:
Before PowerShell
After PowerShell
Get The AD Service Name
In order to install Active Directory from PowerShell, we will need to know the exact module name to look for. In order to do this, we first have to execute:
get-windowsfeature
This command may take some time to execute, as the server collects the data. It depends on the specifications you are running with.
Once the command has completed successfully, you will be presented with all the uninstalled, but available, modules. Your window should now look something like this:
After running the command
The next thing you will want to do is locate the Active Directory Domain Services:
What you need is highlighted in pink
Installing the Active Directory Domain Service
Once we have figured out the service name and the module name, we now have to go ahead and install it. You simply have to execute the following command:
install-windowsfeature AD-Domain-Services
This command will extract all required binary files and start the installation procedure:
Installing the AD Domain Services
If everything goes well and according to plan, you should end up with the following screen:
Successful installation
If you happen to come across any errors, then let me know in the comments below and I will do my best to try and help you resolve them.
Importing the Required Modules
Now – the installation is technically complete, however, this article is not going to end there. We are now going to install some additional modules to make the server run smoother, and also walk you through the process of setting up a new forest to make your active directory work.
The module that we are going to import here is the ADDSDeployment module. You can import this via the following command:
Import-Module ADDSDeployment
I will not provide a screenshot, because there is no visible feedback from this command. If the command completed successfully then you will be faced with a blank prompt. Again, if you receive any errors, let me know.
Commands to Promote Server as Domain Controller
Now, you will need to need to promote your server to a domain controller as per your requirements – there are several commands that you can use to do this. I will provide a list and description so that you can figure out which one best suits your needs. However, for this article, we are going to use the Install-ADDSForest command.
| Command | Description |
| Add-ADDSReadOnlyDomainControllerAccount | Install read only domain controller |
| Install-ADDSDomain | Install first domain controller in a child or tree domain |
| Install-ADDSDomainController | Install additional domain controller in domain |
| Install-ADDSForest | Install first domain controller in new forest |
| Test-ADDSDomainControllerInstallation | Verify prerequisites to install additional domain controller in domain |
| Test-ADDSDomainControllerUninstallation | Uninstall AD services from server |
| Test-ADDSDomainInstallation | Verify prerequisites to install first domain controller in a child or tree domain |
| Test-ADDSForestInstallation | Install first domain controller in new forest |
| Test-ADDSReadOnlyDomainControllAccountCreation | Verify prerequisites to install read only domain controller |
| Uninstall-ADDSDomainController | Uninstall the domain controller from server |
Installing the First Domain Controller in Forest
So, as stated above, we are installing the first domain in Forest.
To install the Active Directory with the default configuration, execute the following command:
Install-ADDSForest
This will install the basic features and functions, however, if you want to install a customised setup – which I assume you would want to do – in a proper business environment, I will provide a sample setup for you to follow. I will lay this out line per line, to make for easy reading, but when you are passing the parameters, please be sure not to break lines anywhere. The line breaks in my example are purely for readability:
Install-ADDSForest
-CreateDnsDelegation:$false
-DatabasePath “C:WindowsNTDS”
-DomainMode “Win2012R2”
-DomainName “yourdomain.com”
-DomainNetbiosName “YOURDOMAIN”
-ForestMode “Win2012R2”
-InstallDns:$true
-LogPath “C:WindowsNTDS”
-NoRebootOnCompletion:$false
-SysvolPath “C:WindowsSYSVOL”
-Force:$true
If you are using a different version of Windows Server, be sure to change your modes from Win2012R2 to something such as Win2008. Once you execute this, you will be asked to enter SafeModeAdministratorPassword – this is for the Directory Services Restore Mode (DSRM). Once you set this password here Windows will finish the AD installation and configuration on your Windows Server based on the input provided.
Setting up the Active Directory
The Active Directory will now setup. You may receive various warnings, dependant on whether you have static IPs or not. You can see the progress of the installation in the teal-coloured status bar covering the top half of the screen in the screenshot below.
Some error messages – I have not fully setup the server
As the system is being setup you may get some error messages. Mine are because I have not setup the static IPs for networks – I assume you will have already done this as this guide does not cover that. Your server may automatically restart during this process as well.
If everything has gone to plan, then your next login prompt will look slightly different. It should look something similar to this:
Logging in after setting up Active Directory
And that is all there is to it. You have successfully set up Active Directory via PowerShell and without the GUI. I hoped this helped! Should you have any comments, problems or queries, let me know in the comments below and I will try and get back to you as soon as I can.
Resources
- Azure AD Core Skills Jump Start – Microsoft Virtual Academy
- Using PowerShell for Active Directory – Microsoft Virtual Academy
- Understanding Active Directory – Microsoft Virtual Academy