Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI)

You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller:

  • Install all the available Windows Updates
  • Set the time zone
  • Set the computer name
  • Set a static IP address

Log into the server and launch PowerShell by typing “powershell.exe”. You’ll need to first add the AD-Domain-Services role to the server:

Store the SafeMode admin password in a variable. Per the documentation, this “Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.

Now to make this server the first domain controller in a new forest:

You could also use the previous command with splatting to make it a little easier on the eyes instead of a long one-liner.

There’s not a new domain or forest functional level for Windows Server 2019 so a value of “WinThreshold” or 7 puts it in Windows Server 2016 mode. The valid values are:

  • Default
  • Windows Server 2003: “Win2003” or “2”
  • Windows Server 2008: “Win2008” or “3”
  • Windows Server 2008 R2: Win2008R2 or “4”
  • Windows Server 2012: “Win2012” or “5”
  • Windows Server 2012 R2: “Win2012R2” or “6”
  • Windows Server 2016: “WinThreshold” or “7”

Per the documentation. “The domain functional level cannot be lower than the forest functional level, but it can be higher.”


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: