Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

POWERSHELL: INSTALLING AND CONFIGURING ACTIVE DIRECTORY

I have already written few articles on PART 1 : INSTALL ACTIVE DIRECTORY DOMAIN CONTROLLER ON VMWARE WORKSTATION, That was completely GUI (Graphical User Interface) based installation and configuration using server manager, I used it to add AD role and promote it. This article is written for windows 2012 r2 core, also I frequently install these services in my lab because I break them a lot while POC, some times they cannot be recovered, I use snapshot feature in VMWare and revert to the roles pre-installation stage and start over. Command line is a faster and unattended way for me to install it without any intervention, and it takes less time, Whenever I want to create a new lab environment I use scripts and commands mentioned in these articles only.

POWERSHELL: INSTALLING AND CONFIGURING ACTIVE DIRECTORY
DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY

In PART 1 I have shown how to rename computer name using Powershell, if you haven't rename computer name use the command rename-computer, Open powershell as an administrator, Currently I have only have one network adapter in the server and I will be requiring InterfaceIndex number of Net adapter for next command. Type Get-NetAdapter and hit enter it will list all the Network interfaces, I received ifIndex 18, also I can confirm detected all network adapters by command.         control panel, network connection

Once I collected required interface index information, I just ran ipconfig to check and it doesn't have any valid IP (APIPA address ). Command to configure new ipaddress is New-NetIPAddress, below is the use with parameters.

New-NetIPAddress -InterfaceIndex -IPAddress 192.168.33.11 -DefaultGateway 192.168.33.1 -PrefixLength 24

-InterfaceIndex : This NIC card logical number
-IPAddress : IPv4 Address
-DefaultGateway : Default Gateway
-PrefixLength : This is subnet Mask (24 -- 255.255.255.0)

Once IP address configured you can run ipconfig to check and confirm the settings that IP configured on network interface.Powershell Get-Netadapter, New-NetIPaddress, assign IP address

Now I will be configuring DNS server addresses and the command is Set-DNSClientServerAddress. Parameter  -InterfaceIndex  is the same value I received from Get-NetAdapter, In the -ServerAddresses it will have DNS IP in this case self IP and loopback as second IP for this first AD. As there are multiple DNS IPs I will need to add them in Powershell array using single quotation mark separated by comma. Now check IP address configuration with ipconfig /all command.
Set-DNSClientServerAddress -InterfaceIndex 18 -ServerAddresses ('192.168.33.11','127.0.0.1') set-dnsclientserveraddress powershell dns ip configuration

Next command is not necessary but I always use it and disable or uncheck Internet Protocol Version 6 (TCP/IPv6) on the Ethernet card properties. Disable-NetAdapterBinding -Name 'Ethernet0' -ComponentID 'ms_tcpip6'. My Virtual Machine is ready to install, deploy and promote Active Directory. In windows 2012 R2 (Powershell Version 4), Installation is very easy. You just need to know correct name of Role or feature you can get it from command Get-WindowsFeature, It is AD-Domain-Services highlighted with yellow in below screenshot, To use command It requires ServerManager powershell module which is automatically loaded in the background and already present on windows 2012 R2.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
-IncludeManagementTools is to install all required management features along with. Once the command is executed you can see animated progress bar. in the last there are success success messages and code in the output. We can ignore Windows update message and can do it later. 

Trick for remote installation and configuration, Once i configure IP addresses and server is on network, I remotely install and configure role adding parameters -ComputerName 192.168.33.11 and -Credential (Get-Credential), replace IP with your environment IP and popup box will appear for username and password. Or use Invoke-Command for remote execution of all the commands. 

Get-WindowsFeature, Install-WindowsFeature Ad-DOmain-services

Next Item is deploying or promoting server to active directory domain controller. I will be using another powershell cmdlet Install-ADDSForest, For this command to work ADDSDeployment module is necessary and it is loaded automatically in PowerShell on Windows 2012 r2 while execution. 

Install-ADDSForest -CreateDNSDelegation:$false -DatabasePath 'C:\Windows\NTDS' -DomainMode 'Win2012R2' -DomainName 'vcloud-lab.com' -ForestMode 'Win2012R2' -InstallDns:$true -LogPath 'C:\Windows\NTDS' -NoRebootOnCompletion:$false -SysvolPath 'C:\Windows\SYSVOL' -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString -String 'P@ssw0rd' -Force -AsPlainText)

Install-ADDSForest install active directory using powershell

Below are the definitions of parameters
Install-ADDSForest `
-CreateDNSDelegation:$false `
 
-DatabasePath 'C:\Windows\NTDS' ` #Active Directory domain controller database location
-DomainMode 'Win2012R2' ` # Domain functional level
-DomainName 'vcloud-lab.com' ` 
-ForestMode 'Win2012R2' ` #Forest functional level
-InstallDns:$true ` #Install DNS server role
-LogPath 'C:\Windows\NTDS' ` #Active Directory domain controller database log location
-NoRebootOnCompletion:$false ` #reboot
-SysvolPath 'C:\Windows\SYSVOL' ` #Group Policy database, scripts and objects location
-Force:$true ` #Force for installing AD
-SafeModeAdministratorPassword (ConvertTo-SecureString -String 'P@ssw0rd' -Force -AsPlainText) #DSRM password

You can grab same script from GUI while installation, under view script you can download the file for later use. Active directory Prerequisite

All the above scripts in this article I have consolidated and kept under this link, This is a normal text file and you can execute command one at a time by copy paste into powershell.

Powershell logo

Useful articles
POWERSHELL: INSTALLING AND CONFIGURING ACTIVE DIRECTORY 
POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE (CHANGE) MANAGER NAME IN ORGANIZATION TAB OF USER
POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE PROXYADDRESSES IN USER PROPERTIES ATTRIBUTE EDITOR
Powershell one liner: Create multiple user accounts
Active Directory Powershell: Create bulk users from CSV file

Go Back



Comment

Blog Search

Page Views

11954834

Follow me on Blogarama