Use PowerShell to Determine What Roles are Added When Turning a Windows 2012 Server into a Domain Controller

Goal: Determine what roles are installed when turning a Windows Server 2012 machine into a domain controller.

I started out by using PowerShell to save a list of what roles are installed on a plain vanilla 2012 server that has the full GUI installation. The following one liner would be used in PowerShell version 2 to accomplish this task and the syntax is compatible with version 3:

Get-WindowsFeature | Where-Object {$_.Installed} | Select-Object Name | Out-File c:\tmp\pre-ad-install.txt

PowerShell version 3 has simplified syntax when using the Where-Object cmdlet with a single condition. Here’s the one liner I used to save this information:

Get-WindowsFeature | Where-Object Installed | Select-Object Name | Out-File c:\tmp\pre-ad-install.txt

2012dc-1.jpg

Now to install the Active Directory domain services role from Server Manager. Click on “Add roles and features”:

2012dc-2.jpg

Select the “Active Directory Domain Services” role:

2012dc-3.jpg

This message about dependencies is displayed:

2012dc-4.jpg

A few features are automatically selected such as “Group Policy Management” which was also listed on the dependencies popup screen as shown in the previous image.

2012dc-5.jpg

If you wait long enough on the installation screen, you can promote the server to a domain controller by clicking on the link shown in the image below:

2012dc-55.jpg

It’s possible to close the installation window shown in the previous image before the install is complete and it will finish in the background. It’s also easy to miss the link to turn it into a domain controller. If either one happens, you’ll end up back on the Server Manager screen:

2012dc-6.jpg

I didn’t click on the link to promote the server to a domain controller because at this point I wanted to know what roles had been added since we started:

Compare-Object -ReferenceObject (Get-Content c:\tmp\gui-pre-ad-install.txt) -DifferenceObject (Get-Content c:\tmp\gui-post-addsrole-pre-dc.txt)

2012dc-71.jpg

Since the server isn’t a domain controller yet, clicking on AD DS on the left side of the screen shows that additional configuration is necessary:

2012dc-8.jpg

Click on the “Promote this server to a domain controller” link:

2012dc-9.jpg

I’m creating a new Active Directory forest named mikefrobbins.com:

2012dc-10.jpg

If the “Domain Name System (DNS) server” capability option is unselected on this screen, the DNS Server role will not be installed on the server:

2012dc-11.jpg

The cool new feature of this entire process is the “View Script” button in the bottom right hand corner of this screen:

2012dc-12.jpg

Clicking on this button displays the PowerShell script that would complete this portion of the installation process:

2012dc-13.jpg

At the end of the installation, the following message is displayed briefly and then the server is automatically restarted:

2012dc-16.jpg

After the restart, the server is now a domain controller and the following roles have been added since the last time we checked what roles had been installed:

2012dc-141.jpg

The following roles have been installed during this entire process:

2012dc-151.jpg

Beginning with Windows Server 2012, the recommended and default installation type is server core (no-GUI) so I decided to copy the PowerShell script that was created during the previous process to a server core machine. A line to add the Active Directory Domain services role has been added to the following script because it would fail otherwise:

#
# Windows PowerShell script for AD DS Deployment
#
Add-WindowsFeature AD-Domain-Services
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012" `
-DomainName "mikefrobbins.com" `
-DomainNetbiosName "MIKEFROBBINS" `
-ForestMode "Win2012" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$true `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

This script was saved as “create-domain.ps1” and was run on the server core machine:

2012dc-17.jpg

The restart option was also changed in the script so the server doesn’t automatically restart upon installation completion.

2012dc-18.jpg

The following roles were added using this script. The File-Services and FS-FileServer roles don’t show up until after a restart:

2012dc-192.jpg

Here’s a list of what roles were installed while turning a GUI 2012 server into a domain controller that were not automatically installed on the server core machine:

2012dc-202.jpg

Those missing roles are available to install on server core:

2012dc-21.jpg

I installed them just to confirm this, although I wouldn’t recommend installing them on your production servers because you won’t need them anyway if you’re following the best practice of not managing this sort of stuff directly on your servers.

2012dc-22.jpg

Additional Information: If I unselected the “Include management tools (if applicable)” option on the screen shown in the following image during the GUI installation, the only role that would have been installed on the GUI server that’s not installed on the Server Core machine is the “GPMC” role.

2012dc-23.jpg

Unchecking this management tools option as referenced above makes the Group Policy Management option unselected on the screen shown below during the installation, but the GPMC role is still installed on the server whether it is selected or not.

2012dc-5.jpg

This blog is based off of the release candidate version of Windows Server 2012 and things could change between this version and RTM.

µ