- December 29, 2016
- Posted by: Syed Shujaat
- Category: Uncategorized
Windows Server 2012 AD + Power Shell commands
This is just a guide line to install a typical server with Role/Services required to setup your network infrastructure.
Forest Root : First Domain Controller in your forest Root and also a Global Catalog (GC).
Power Shell commands can be useful to install AD services in CORE Server.
CMD >> Power shell !! this should bring prompt with PS … invoking PS interface.
Install AD Domain Services (PS)
Install-WindowsFeautre AD-Domain-Services -includeManagementTools
OR
Install-WindowsFeautre -name AD-Domain-Services (Core Installation to install all binaries AD DS)
OR
Get-WindowsFeature AD-Doamin-Services
Install AD Forest
Install-ADDSForest -domainname “Virtualremote.com” (This will ask for Safe Admin password/confirm it) Follow the prompts
This will install DNS and GPManagement Console. Once finished it will reboot.
Add Secondary DC to provide redundancy
AD DS Deployment Cmdlets (in verb order)
The following table contains the names and a brief description of each ADDSDeployment cmdlet.
| Cmdlet | Description |
|---|---|
| Add-ADDSReadOnlyDomainControllerAccount | Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory. |
| Install-ADDSDomain | Installs a new Active Directory domain configuration. |
| Install-ADDSDomainController | Installs a domain controller in Active Directory. |
| Install-ADDSForest | Installs a new Active Directory forest configuration. |
| Test-ADDSDomainControllerInstallation | Runs the prerequisites (only) for installing a domain controller in Active Directory. |
| Test-ADDSDomainControllerUninstallation | Runs the prerequisites (only) for uninstalling a domain controller in Active Directory. |
| Test-ADDSDomainInstallation | Runs the prerequisites (only) for installing a new Active Directory domain configuration. |
| Test-ADDSForestInstallation | Runs the prerequisites (only) for installing a new forest in Active Directory. |
| Test-ADDSReadOnlyDomainControllerAccountCreation | Runs the prerequisites (only) for adding a read-only domain controller (RODC) account. |
| Uninstall-ADDSDomainController | Uninstalls a domain controller in Active Directory. |
Install DC2 From Media Option.
This is the option you will choose when you don’t want to involve network to do initial AD sync from PDC to SDC.
* You Avoid Large Data Transfer
* Only Differential data is updated.
In order to copy PDC on to the Media you use NTDS Util and here are few of the options. You can only do this for same Windows OS versions , can’t be done to mismatched OS versions.
* Create Full / RODC / Create SYSVOL Full/ Create SYSVOL RODC
Here are the commands to backup data to media.
CMD >> ntdsutil , it will take you into NTS utility zone
ntdsutil : activate instace ntds
ntdsutil: ifm (this is to tell that you want to create media)
ifm: create sysvol full c:\yourdesiredfolder (here you can choose either Full/RODC and so on) ! this will copy the data on desired folder.
Copy it to Flash drive and take it to other DC2 and have it installed from the media.
AD DS can be installed can used via Script.
You can copy PS script from DC setup just before you finalize the configuration of a Domain controller.
The script is fairly simple. Just fill in and configure your settings. You will also need to set the execution policy on the server before you can run any scripts on it. I’m going to use “Remote Signed”.
Set-ExecutionPolicy RemoteSigned
######################################## # PowerShell Script to Install Domain Controllers # ######################################## Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -InstallDns:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -LogPath "C:\Windows\NTDS" ` -SysvolPath "C:\Windows\SYSVOL" ` -DomainName "contoso.local" ` -NoRebootOnCompletion:$false ` -SiteName "SiteName" ` -Force:$true
As you see from the script above, I will be configuring the server with these settings.
- Read-only Domain Controller: No
- Global Catalog: No
- DNS Server: No
- Create Dns Delegation: No
- Database Folder: C:\Windows\NTDS
- Log File Folder: C:\Windows\NTDS
- SYSVOL Folder: C:\Windows\SYSVOL
- No Reboot On Completion: No
- Site Name: Name of site
Now that we have the script configured, save it as a “.ps1” file and run it. Since we didn’t specify the “Safe Mode Administrator Password”, you will have to enter it in manually. To fully automate this process just add the following argument “-safemodeadministratorpassword”, and password.
Type: PS C:\ *.\yourScriptfilename.PSI
Windows DC or server upgrade from Server 2008R2 to Server2012.
You will have to do AD DomainPrep and ForestPrp before running Windows server 2012 from Cd.Within CD , nevegate to Support\ADprep and you will find ADPrep executable.
Go to CMD>> paste the path to ADPrep tool >> type the following
* adprp /forestprep
*adprep /domainprep
This will update the information to be prepared for upgrade, do to DVD for sever 2012 and install. You can install Full GUI and can’t be Core unless you are doing upgrade from Core to Core.
Global Catalog : its a full copy of your domain objects which it keeps as reference directory to all AD objects in your domain.
Trusts and Federations. There are 4 types of trusts.
1- External
2- Shortcut
3- Realm
4-Forest
Leave a Reply
You must be logged in to post a comment.