Mike F. Robbins

Scripting | Automation | Efficiency

Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI)

Posted on
#Active Directory #PowerShell #Windows Server 2019

You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller:

  • Install all the available Windows Updates
  • Set the time zone
  • Set the computer name
  • Set a static IP address

Log into the server and launch PowerShell by typing powershell.exe. You’ll need to first add the AD-Domain-Services role to the server:

Install-WindowsFeature -Name AD-Domain-Services

newaddomain1a.jpg

Store the SafeMode admin password in a variable. Per the documentation, this “Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.

$Password = Read-Host -Prompt   'Enter SafeMode Admin Password' -AsSecureString

newaddomain2a.jpg

Now to make this server the first domain controller in a new forest:

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode WinThreshold -DomainName mikefrobbins.com -DomainNetbiosName MIKEFROBBINS -ForestMode WinThreshold -InstallDns:$true -LogPath C:\Windows\NTDS -NoRebootOnCompletion:$true -SafeModeAdministratorPassword $Password -SysvolPath C:\Windows\SYSVOL -Force:$true

newaddomain3a.jpg

You could also use the previous command with splatting to make it a little easier on the eyes instead of a long one-liner.

$Params = @{
CreateDnsDelegation = $false
DatabasePath = 'C:\Windows\NTDS'
DomainMode = 'WinThreshold'
DomainName = 'mikefrobbins.com'
DomainNetbiosName = 'MIKEFROBBINS'
ForestMode = 'WinThreshold'
InstallDns = $true
LogPath = 'C:\Windows\NTDS'
NoRebootOnCompletion = $true
SafeModeAdministratorPassword = $Password
SysvolPath = 'C:\Windows\SYSVOL'
Force = $true
}

Install-ADDSForest @Params

There’s not a new domain or forest functional level for Windows Server 2019 so a value of “WinThreshold” or 7 puts it in Windows Server 2016 mode. The valid values are:

  • Default
  • Windows Server 2003: “Win2003” or “2”
  • Windows Server 2008: “Win2008” or “3”
  • Windows Server 2008 R2: Win2008R2 or “4”
  • Windows Server 2012: “Win2012” or “5”
  • Windows Server 2012 R2: “Win2012R2” or “6”
  • Windows Server 2016: “WinThreshold” or “7”

Per the documentation. “The domain functional level cannot be lower than the forest functional level, but it can be higher."

µ