You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller:
- Install all the available Windows Updates
- Set the time zone
- Set the computer name
- Set a static IP address
Log into the server and launch PowerShell by typing “powershell.exe”. You’ll need to first add the AD-Domain-Services role to the server:
1 | Install-WindowsFeature -Name AD-Domain-Services |
Store the SafeMode admin password in a variable. Per the documentation, this “Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.”
1 | $Password = Read-Host -Prompt 'Enter SafeMode Admin Password' -AsSecureString |
Now to make this server the first domain controller in a new forest:
1 | Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode WinThreshold -DomainName mikefrobbins.com -DomainNetbiosName MIKEFROBBINS -ForestMode WinThreshold -InstallDns:$true -LogPath C:\Windows\NTDS -NoRebootOnCompletion:$true -SafeModeAdministratorPassword $Password -SysvolPath C:\Windows\SYSVOL -Force:$true |
You could also use the previous command with splatting to make it a little easier on the eyes instead of a long one-liner.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | $Params = @{ CreateDnsDelegation = $false DatabasePath = 'C:\Windows\NTDS' DomainMode = 'WinThreshold' DomainName = 'mikefrobbins.com' DomainNetbiosName = 'MIKEFROBBINS' ForestMode = 'WinThreshold' InstallDns = $true LogPath = 'C:\Windows\NTDS' NoRebootOnCompletion = $true SafeModeAdministratorPassword = $Password SysvolPath = 'C:\Windows\SYSVOL' Force = $true } Install-ADDSForest @Params |
There’s not a new domain or forest functional level for Windows Server 2019 so a value of “WinThreshold” or 7 puts it in Windows Server 2016 mode. The valid values are:
- Default
- Windows Server 2003: “Win2003” or “2”
- Windows Server 2008: “Win2008” or “3”
- Windows Server 2008 R2: Win2008R2 or “4”
- Windows Server 2012: “Win2012” or “5”
- Windows Server 2012 R2: “Win2012R2” or “6”
- Windows Server 2016: “WinThreshold” or “7”
Per the documentation. “The domain functional level cannot be lower than the forest functional level, but it can be higher.”
µ
“Per the documentation”
Could you please link the documentation you are referencing here? Thank you for the article, it would be nice to know from where you get this information. I’ve tried searching at https://docs.microsoft.com/en-us/windows-server/ but I’ve had trouble finding the extensive documentation I’m used to reading for older versions of Windows Server.
Kindly let us know what links you can provide that you may have referenced in writing this guide.
Thanks again!
Made it across the finish line with my first domain using this post and powershell alone, Thanks