Added a Server 2012 Core machine as DC to my existing (virtual) domain today. Did it using PowerShell.
First up, add the AD-Domain-Services
(and DNS
if you plan on using that) features:
1 2 3 4 5 6 7 |
PS> Add-WindowsFeature AD-Domain-Services,DNS Success Restart Needed Exit Code Feature Result ------- -------------- --------- -------------- True No Success {Active Directory Domain Services, DNS Ser... WARNING: Windows automatic updating is not enabled. To ensure that your newly-installed role or feature is automatically updated, turn on Windows Update. |
Curious about what the Active Directory related cmdlets are? This will help:
1 2 3 4 5 6 7 8 9 10 11 12 |
PS> Get-Command -Noun AD* |more CommandType Name ModuleName ----------- ---- ---------- Cmdlet Add-ADCentralAccessPolicyMember ActiveDirectory Cmdlet Add-ADComputerServiceAccount ActiveDirectory Cmdlet Add-ADDomainControllerPasswordReplicationPolicy ActiveDirectory Cmdlet Add-ADDSReadOnlyDomainControllerAccount ADDSDeployment Cmdlet Add-ADFineGrainedPasswordPolicySubject ActiveDirectory Cmdlet Add-ADGroupMember ActiveDirectory Cmdlet Add-ADPrincipalGroupMembership ActiveDirectory ... |
Three commands are to do with installing domain controllers:
- The
Install-ADDSDomain
cmdlet installs a new Active Directory domain configuration. - The
Install-ADDSForest
cmdlet installs a new Active Directory forest configuration. - The
Install-ADDSDomainController
cmdlet installs a domain controller in Active Directory.
In my case the Install-ADDSDomainController
cmdlet is what’s of interest.
This cmdlet has many switches, some of the regularly used ones are:
-Credential
to specify the credentials of the account used to install the DC. Use-Credential (Get-Credential)
to be prompted for the password;-DatabasePath
(default:%SYSTEMROOT%NTDS
) and-LogPath
(default:%SYSTEMROOT%NTDS
) and-SysvolPath
(default:%SYSTEMROOT%SYSVOL
) to specify the location where you want the database and log files and SYSVOL to be (%SYSTEMROOT
isC:Windows
usually);-DomainName
to specify the name of the domain; and- optionally
-SiteName
to specify a site name and-SafeModeAdministratorPassword
to specify a safe mode administrator password (use this switch if you’d like to specify a password; if you skip you are prompted for a password anyways)
So it’s kind of straight-forward what we need to do:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
PS> Install-ADDSDomainController -InstallDns -Credential (Get-Credential) -DomainName "contoso.local" cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential SafeModeAdministratorPassword: ************ Confirm SafeModeAdministratorPassword: ************ The target server will be configured as a domain controller and restarted when this operation is complete. Do you want to continue with this operation? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): WARNING: Windows Server 2012 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions. For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751). ... |
Once the cmdlet completes it reboots the server, after which I manually created a DNS delegation to this domain controller for the domain (since I am installing a DNS server too).