Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
The other week I talked about the love that dares to speak its name (and building AD Forests). This week is about AD Domains and, er, well, creating children with PowerShell...
(Note to self: must reword last sentence)
-----------------------------------------------------------------------------------------------
Enough balderdash... let's look at creating a child domain with PowerShell.
Step 1 - Install Binaries on Server
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
This primes our server for promotion...
Step 2 - Promote Server to DC in New Forest
$AdminPassword = "Ijcppjc12o5mK10uuA2N"
$DomainCredential = Get-Credential
Install-ADDSDomain -CreateDnsDelegation `
-DatabasePath "Z:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-NewDomainName "Child" `
-ParentDomainName "fabrikam.com" `
-InstallDns `
-LogPath "Z:\Windows\NTDS" `
-SysvolPath "Z:\Windows\SYSVOL" `
-Force `
-SafeModeAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `
-Credential $DomainCredential `
-SkipPreChecks
This promotes our server as the first Domain Controller in a new child domain of an existing forest. Let's look at those parameters:
- CreateDNSDelegation - I want a DNS delegation for the parent / child relationship
- DatabasePath - where to find NTDS.dit
- DomainMode - the domain functional level
- NewDomainName - FQDN of the new child domain
- ParentDomainName - FQDN of the existing parent domain
- InstallDns - yes, please!
- LogPath - where to find the install log
- SysvolPath - where to find our friendly, neighbourhood SYSVOL
- Force - use the... yes, really!
- SafeModeAdministratorPassword - how we boot into DSRM
- Credential - the Enterprise Admin credential supplied using Get-Credential...
- SkipPreChecks - see below...
I include SkipPreChecks because I've usually run the Test-ADDSDomainInstallation cmdlet to check I'm good to go.
One loves one's children.
Comments
- Anonymous
March 20, 2015
This domain & PowerShell stuff keeps coming...