Deploy ADDS on Windows Server 2016 using Powershell

Introduction

In a previous post we deployed ADDS using Server Manager. In this article we will be deploying Active Directory Domain Services using Windows PowerShell.

For that, there are a few prerequisites that must be met, namely:

  1. Ensure the server has a correct name.
  2. Set a static IP address.
  3. Ensure DNS is deployed and configured. (we will add this while setting up the Forest)

 

Let’s Start!

Setting the Powershell Execution Policy

Ok, but before starting the server must allow us to run powershell scripts, so, for that we should set the execution policy by running the Set-ExecutionPolicy cmdlet. It allows us to change the user preference for the execution policy of the shell. To verify the current status of the execution policy run the Get-ExecutionPolicy cmdlet, as shown below.

If the current status is “Restricted”, set it to allow scripts. As shown below, run the following:

Set-ExecutionPolicy RemoteSigned -Force

Run the Get-ExecutionPolicy cmdlet again, it will now show as RemoteSigned. Learn more about execution policies here: https://technet.microsoft.com/en-us/library/ee176961.aspx

 

Configuring the server

Renaming the Server

Now we can start configuring our server. The first step is ensure it has a correct name.

Run the following and change SRVAD01 to match the name you’d like your server to have.

Rename-Computer -NewName SRVAD01 -Force

The output should be as below. Restart the computer using Restart-Computer or the GUI.

Deploy ADDS on Windows Server 2016 using Powershell

 

Setting the Server’s IP Address

After rebooting set the IP address. Open the Powershell ISE, open a new script and paste the following code. Change the script to match your lan settings and press the “Run Script” button or F5. Note that I’m not setting a gateway just yet because I don’t have one.

#set static IP address
$ipaddress = “10.0.0.1”
$ipprefix = “8”
#$ipgw = “”
$ipdns = “127.0.0.1”
$ipif = (Get-NetAdapter).ifIndex
New-NetIPAddress -IPAddress $ipaddress -PrefixLength $ipprefix -InterfaceIndex $ipif #-DefaultGateway $ipgw

The output should be as shown below:

Deploy ADDS on Windows Server 2016 using Powershell

I also renamed my lan interface to LAN using the Rename-NetAdapter cmdlet, as shown below.

Rename-NetAdapter -Name Ethernet -NewName LAN

Add the ADDS Role

After these first initial steps of setting a computer name and a static IP address, it’s now time to add the Active Directory Domain Services role.

Just before doing that, and in addition to previous prerequisites, there are some role-based prerequisites that need to be deployed. These role-based prerequisites are:

  1. Active Directory module for Windows PowerShell
  2. Active Directory Administrative Center tools
  3. AD DS snap-ins and command-line tools

For the prerequisites installation we’ll be using a script and the first thing the script does is creating a log file called ADDS.txt in C:\Logs\ADDS. This log will hold the details from adding the features. After the configuration completes, it will run a Get-WindowsFeature command to gather the installed features to the log file described before.

Let’s add the RSAT-AD-Tools using the script below.

#install features
$featureLogPath = “c:\Logs\ADDS\ADDS.txt”
New-Item $featureLogPath -ItemType file -Force
$addsTools = “RSAT-AD-Tools”
Add-WindowsFeature $addsTools -LogPath $featureLogPath
Get-WindowsFeature | Where installed >> $featureLogPath

Wait for the installation to finish. You should get a progress bar as shown below:

Deploy ADDS on Windows Server 2016 using Powershell

After installing the features install the ADDS role by running the following script (due to the use of the start-job feature, no progress bars will be shown):

#Install AD DS, DNS and GPMC
$featureLogPath = “c:\Logs\ADDS\ADDS.txt”
start-job -Name addFeature -ScriptBlock {
Add-WindowsFeature -Name “ad-domain-services” -IncludeAllSubFeature -IncludeManagementTools
Add-WindowsFeature -Name “dns” -IncludeAllSubFeature -IncludeManagementTools
Add-WindowsFeature -Name “gpmc” -IncludeAllSubFeature -IncludeManagementTools }
Wait-Job -Name addFeature
Get-WindowsFeature | Where installed >>$featureLogPath

This is something similar to this:

Deploy ADDS on Windows Server 2016 using Powershell

Now that the ADDS role has been added, it is time to create the new forest. For it run the script below, adjusting it to your needs. If you get an error, like this one:

Deploy ADDS on Windows Server 2016 using Powershell

set the execution policy to unrestricted with the

Set-ExecutionPolicy Unrestricted -Force 

and try again.

Press “Run Once”

Deploy ADDS on Windows Server 2016 using Powershell

The script will ask you the SAfeModeAdministratorPassword.

# Create New Forest, add Domain Controller
$domainname = “experiencingit.net”
$netbiosName = “EXPERIENCINGIT”
$params = @{
'-DatabasePath'= 'C:\Windows\NTDS';
'-DomainMode' = 'Default';
'-DomainName' = $domainname;
'-DomainNetbiosName' = $netbiosName;
'-ForestMode' = 'Default';
'-InstallDns' = $true;
'-LogPath' = 'C:\Windows\NTDS';
'-NoRebootOnCompletion' = $false;
'-SysvolPath' = 'C:\Windows\SYSVOL';
'-Force' = $true;}
Import-Module ADDSDeployment
Install-ADDSForest @params -CreateDnsDelegation:$false

Wait for the deployment to finish. The server will reboot.

Deploy ADDS on Windows Server 2016 using Powershell

After reboot, open a Powershell window and run Get-ADForest and Get-ADDomain. The forest mode and domain mode should be set to Windows 2016, as shown below:

Deploy ADDS on Windows Server 2016 using Powershell

Open the DNS Manager console and it is possible to observe that a new zone has been created:

Deploy ADDS on Windows Server 2016 using Powershell

 

And that’s it. The ADDS role is installed and ready to be used!

 

Getting your MCSA on Windows Server? Consider reading these exam study guides:  

References: https://blogs.technet.microsoft.com/heyscriptingguy/2013/01/03/use-powershell-to-deploy-a-new-active-directory-forest/

As always, if you found this article useful, share it with your friends.

If you have any question or suggestion, leave your comment.

Thank you for reading!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" then you are consenting to this. To know more please read here our Privacy Policy

Close