Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI)

You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller:

Install all the available Windows Updates
Set the time zone
Set the computer name
Set a static IP address

Log into the server and launch PowerShell by typing “powershell.exe”. You’ll need to first add the AD-Domain-Services role to the server:

Install-WindowsFeature -Name AD-Domain-Services

1	Install-WindowsFeature -Name AD-Domain-Services

Store the SafeMode admin password in a variable. Per the documentation, this “Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.”

$Password = Read-Host -Prompt   'Enter SafeMode Admin Password' -AsSecureString

1	$Password = Read-Host -Prompt 'Enter SafeMode Admin Password' -AsSecureString

Now to make this server the first domain controller in a new forest:

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode WinThreshold -DomainName mikefrobbins.com -DomainNetbiosName MIKEFROBBINS -ForestMode WinThreshold -InstallDns:$true -LogPath C:\Windows\NTDS -NoRebootOnCompletion:$true -SafeModeAdministratorPassword $Password -SysvolPath C:\Windows\SYSVOL -Force:$true

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode WinThreshold -DomainName mikefrobbins.com -DomainNetbiosName MIKEFROBBINS -ForestMode WinThreshold -InstallDns:$true -LogPath C:\Windows\NTDS -NoRebootOnCompletion:$true -SafeModeAdministratorPassword $Password -SysvolPath C:\Windows\SYSVOL -Force:$true

You could also use the previous command with splatting to make it a little easier on the eyes instead of a long one-liner.

$Params = @{
    CreateDnsDelegation = $false
    DatabasePath = 'C:\Windows\NTDS'
    DomainMode = 'WinThreshold'
    DomainName = 'mikefrobbins.com'
    DomainNetbiosName = 'MIKEFROBBINS'
    ForestMode = 'WinThreshold'
    InstallDns = $true
    LogPath = 'C:\Windows\NTDS'
    NoRebootOnCompletion = $true
    SafeModeAdministratorPassword = $Password
    SysvolPath = 'C:\Windows\SYSVOL'
    Force = $true
}
Install-ADDSForest @Params

$Params = @{

CreateDnsDelegation = $false

DatabasePath = 'C:\Windows\NTDS'

DomainMode = 'WinThreshold'

DomainName = 'mikefrobbins.com'

DomainNetbiosName = 'MIKEFROBBINS'

ForestMode = 'WinThreshold'

InstallDns = $true

LogPath = 'C:\Windows\NTDS'

NoRebootOnCompletion = $true

SafeModeAdministratorPassword = $Password

SysvolPath = 'C:\Windows\SYSVOL'

Force = $true

}

Install-ADDSForest @Params

There’s not a new domain or forest functional level for Windows Server 2019 so a value of “WinThreshold” or 7 puts it in Windows Server 2016 mode. The valid values are:

Default
Windows Server 2003: “Win2003” or “2”
Windows Server 2008: “Win2008” or “3”
Windows Server 2008 R2: Win2008R2 or “4”
Windows Server 2012: “Win2012” or “5”
Windows Server 2012 R2: “Win2012R2” or “6”
Windows Server 2016: “WinThreshold” or “7”

Per the documentation. “The domain functional level cannot be lower than the forest functional level, but it can be higher.”