Thursday, August 6, 2015

Script for Installing AD Forest In Windows 2012 R2

Hi Folks,

As you know DCPROMO is gone in Windows 2012 and later as the main DC promotion tool. Now Server Manager or PowerShell should be used to promoted Windows 2012 servers into domain controllers. You can read more about them here.

The appropriate PowerShell cmdlets are executed whether DC is being promoted from Server Manager tool or when Powershell script is executed directly from prompt. The good thing is that you no more need to create answer file for silent installation as it was with DCPROMO command tool.

In the example below you can see how you can create a new forest without a single mouse click. All you need is to save this code as PS1, replase with your values and execute. As the result you will get brand new forest

Import-module ServerManager
Add-windowsfeature -name AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-PowerShell,RSAT-AD-AdminCenter,RSAT-ADDS-Tools
Import-module addsdeployment
Install-ADDSForest –SafeModeAdministratorPassword (read-host "DSRM Password" -assecurestring) –DomainName contoso.com –DomainNetBIOSName CONTOSO –DomainMode Win2012 –ForestMode Win2012 –DatabasePath "C:\Windows\NTDS" –SYSVOLPath "C:\Windows\SYSVOL" –LogPath "c:\Windows\NTDS" -InstallDNS –NoRebootOnCompletion

As you can see from screenshots below script will add all the necessary role and feature components after which it will promote a server to a brand new DC for the brand new AD forest (this will include DNS and Global Catalog roles as well).








If you need to promote additional DC in your forest/domain then the following script should be for your help.

Import-module ServerManager
Add-windowsfeature -name AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-PowerShell,RSAT-AD-AdminCenter,RSAT-ADDS-Tools
Import-module addsdeployment
Install-ADDSDomainController -SafeModeAdministratorPassword (read-host "DSRM Password" -assecurestring) -credential (get-credential) -InstallDNS -domainname contoso.com –DatabasePath "C:\Windows\NTDS" –SYSVOLPath "C:\Windows\SYSVOL" –LogPath "c:\Windows\NTDS" –NoRebootOnCompletion

Please note that  –NoRebootOnCompletion is not necessary and by default when not specified server bounces automatically after DC promotion. I  used it to make my process more controllable and for better visibility in this post. If this parameter is not used server will restart automatically. Otherwise you will get a message as below:



And of course before using these script make sure you adjust them for your particular needs.

I hope this will make AD forest promotion much easier and more enjoyable.

Enjoy.