//
you're reading...
Active Directory, PowerShell-Install, Windows Server 2012 R2

PowerShell – Deploying Active Directory

Posted by 1 Comment
Filed Under  

Notes from the field:

In our projects, as much as I want to automate the deployment my domain controllers from scratch, our team doesn’t own the hosted platform, we come with the VMs already pre-created for us. In this scenario we are deploying a new Domain with the following configurations:

Domain name: Jdeployment

  • Single-Forest, Single Domain
  • 4 Domain Controllers across 2 sites
  • Active Directory will be installed in Drive D:
  • Install Remote Server Administration Tools (RSAT)
  • Create 2 new Active Directory Sites (Site 1 and Site 2)
  • Assign Site1 Subnets to the Site1 Active Directory Site
  • Create a new replication site link between Site1 and Site2 and set the replication frequency to every 15 minutes
  • Move DC01 to Site1
  • Delete the Default Site Link
  • Delete the Default IP Site Link
  • Configure Windows Time Source (Point to Time Source IP)
  • Configure DNS Reverse Lookup
  • Enable Active Directory Recycle Bin

DC-On-Host.png

Installing the 1st Domain Controller

Add-WindowsFeature AD-Domain-Services, DNS

# Promote DC01 to a Domain Controller #

Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath “D:\Windows\NTDS” `
-DomainMode “Win2012R2” `
-DomainName “jdeployment.com” `
-DomainNetbiosName “JDEPLOYMENT” `
-ForestMode “Win2012R2” `
-InstallDns:$true `
-LogPath “D:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SysvolPath “D:\Windows\SYSVOL” `
-Force:$true

Logging after the reboot and run the post DC Promo script

# Install Remote Server Administration Tools (RSAT) for managing the domain #
Add-WindowsFeature RSAT-AD-PowerShell, RSAT-ADDS-Tools, RSAT-AD-AdminCenter, RSAT-DNS-Server, RSAT-File-Services, RSAT-DFS-Mgmt-Con
# Create a new Active Directory Site – Site1 #
New-ADReplicationSite -Name “Site1” -Description “Site1”

# Create a new Active Directory Site – Site2 #
New-ADReplicationSite -Name “Site2” -Description “Site2”

# Assign GDC2 Subnets to the GDC2 Active Directory Site #
New-ADReplicationSubnet -Name “10.100.0.0/24” -Site “Site1”

# Create a new replication site link between Site1 and Site2 and set the replication frequency to every 15 minutes #
New-ADReplicationSiteLink -Name “SL-Site1-Site2” -SitesIncluded Site1,Site2 -Cost 100 -ReplicationFrequencyInMinutes 15 -InterSiteTransportProtocol IP

# Move DC01 to Site1 #
Move-ADDirectoryServer -Identity DC01 -Site Site1

#Delete the Default Site Link:
Remove-ADReplicationSite -Identity “Default-First-Site-Name” -confirm:$false

# Delete the Default IP Site Link:
Remove-ADReplicationSiteLink “DEFAULTIPSITELINK” -confirm:$false

# Create the OU Structure — Option, Add as required #
New-ADOrganizationalUnit -Name “JDEPLOYMENT”-Path “DC=JDEPLOYMENT, DC=COM” -ProtectedFromAccidentalDeletion $true
#Configure Windows Time Source:
W32tm.exe /config /manualpeerlist:”10.10.0.10” /syncfromflags:manual /reliable:YES /update
W32tm.exe /config /update
Restart-Service w32time

# Configure DNS Reverse Lookup #
Add-DnsServerPrimaryZone -DynamicUpdate Secure -NetworkId ‘10.100.0.0/24’ -ReplicationScope Domain

# Enable Active Directory Recycle Bin #
Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,dc=jdeployment,dc=com’ -Scope ForestOrConfigurationSet -Target ‘jdeployment.com’

 

Installing the 2nd Domain Controller

# Install AD DS and AD DNS #
Add-WindowsFeature AD-Domain-Services, DNS

# Promote DC02 to a Domain Controller #
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-Credential (Get-Credential) `
-CriticalReplicationOnly:$false `
-DatabasePath “D:\Windows\NTDS” `
-DomainName “jdeployment.com” `
-InstallDns:$true `
-LogPath “D:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC “DC01.jdeployment.com” `
-SiteName “Site1” `
-SysvolPath “D:\Windows\SYSVOL” `
-Force:$true

Login after the reboot and run the post DC Promo script

# Install Remote Server Administration Tools (RSAT) for managing the domain #
Add-WindowsFeature RSAT-AD-PowerShell, RSAT-ADDS-Tools, RSAT-AD-AdminCenter, RSAT-DNS-Server, RSAT-File-Services, RSAT-DFS-Mgmt-Con

Installing the 3rd & 4th Domain Controller

# Install AD DS and AD DNS #
Add-WindowsFeature AD-Domain-Services, DNS

# Promote DC02 to a Domain Controller #
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-Credential (Get-Credential) `
-CriticalReplicationOnly:$false `
-DatabasePath “D:\Windows\NTDS” `
-DomainName “jdeployment.com” `
-InstallDns:$true `
-LogPath “D:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC “DC01.jdeployment.com” `
-SiteName “Site2” `
-SysvolPath “D:\Windows\SYSVOL” `
-Force:$true

Login after the reboot and run the post DC Promo script

# Install Remote Server Administration Tools (RSAT) for managing the domain #
Add-WindowsFeature RSAT-AD-PowerShell, RSAT-ADDS-Tools, RSAT-AD-AdminCenter, RSAT-DNS-Server, RSAT-File-Services, RSAT-DFS-Mgmt-Con

Unknown's avatar

About Jay-R Barrios

EUC Consultant | Modern Endpoint Management | Intune | SCCM | Windows | Community Leader | Microsoft MVP Alumnai

Discussion

Trackbacks/Pingbacks

  1. Pingback: Infrastructure as Code – Deploy Active Directory in Azure – IT Labs & Documentations - December 23, 2020

Leave a comment

Microsoft Most Valuable Professional (MVP) Alumni

Philippine Windows Users Group

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 40 other subscribers