PowerShell is an extremely powerful set of command line tools you can use to manage different aspects of a Windows environment. Most of the roles and features ship with the required PowerShell cmdlets to perform management tasks. For example, complete Windows Failover cluster operation can be managed using the Failover PowerShell cmdlets. Similarly, Active Directory instances can be managed using the Active Directory PowerShell cmdlets. This article focuses on setting up Active Directory domain controllers using the PowerShell commands that ship with Active Directory PowerShell Modules.

Requirements for setting up Active Directory using PowerShell

Before you start to execute any PowerShell commands explained in this article, install Active Directory PowerShell modules on a Windows Server 2012 or later or Windows 10 operating systems. Also, make sure you have administrator privileges to perform the required operation. For example, when installing a domain controller in an Active Directory domain, you would be required to have domain admin credentials. Once you have met these requirements, proceed with the next sections of this article, which explains the necessary steps before implementing a domain controller such as running a health check and how to use PowerShell commands to perform a prerequisite check before installing the domain controller.

Running an Active Directory health check

Before you proceed to install a domain controller in the Active Directory domain or forest, make sure to check the health of Active Directory. While it is not a necessary step that you should also perform before installing a new domain controller, it is recommended to perform a new installation of domain controllers in a healthy Active Directory environment. For example, if you install a new domain controller when there lingering objects are present, those lingering objects will be replicated to the new domain controller. Similarly, if the replication of a domain controller is broken in an Active Directory site and if the new domain controller is being installed in the same Active Directory site, the new domain controller will not receive the changes that were made prior to installing the new domain controller. You can check Active Directory replication health by executing this PowerShell command:

Get-ADReplicationPartnerMetadata -Target * -Partition * | Select-Object LastReplicationAttempt, LastReplicationResult

In the output of the above command, make sure the value of “LastReplicationResult” attribute reported is “0” for all entries. If the “LastReplicationResult” value is other than “0”, resolve replication errors before proceeding.

Active Directory PowerShell cmdlets to use

There are two Active Directory PowerShell cmdlets that you must be using: Test-ADDSDomainControllerInstallation and Install-ADDSDomainController. Test-ADDSDomainControllerInstallation PowerShell cmdlet is used to perform checks to ensure the domain controller can be installed successfully and Install-ADDSDomainController PowerShell cmdlet is used to initiate the domain controller installation process. We will take a look at both these PowerShell cmdlets in the next sections.

Running a prerequisites check before installing new domain controllers

If you are installing a new domain controller in a domain, it is recommended that you perform a check to ensure the new Active Directory domain controller can be installed successfully. To run a prerequisite check, use the PowerShell cmdlet below:

Test-ADDSDomainControllerInstallation -InstallDns -Credential (Get-Credential TechGenix\AdminUser) -DomainName "TechGenix.com"

This command executes prerequisite checks and then summarizes the changes that will occur during the installation process of the new domain controller. It checks the current environment and provides a report on screen.

Installing an Active Directory domain controller

Once you have verified the installation can proceed successfully and without any errors, execute the command below to actually start the domain controller promotion process.

Install-ADDSDomainController -InstallDns -DomainName "TechGenix.com"

This command installs a new domain controller in TechGenix.com Active Directory domain under the currently logged-on credentials. The PowerShell command below provides more control over the promotion process and helps you select the domain under which you would like to install the new domain controller. The command also prompts for the credentials.

Install-ADDSDomainController -InstallDns -Credential (Get-Credential) -DomainName (Read-Host "Enter Domain Name")

Both commands will prompt you before the promotion operation is carried out. In case you wish to execute the promotion process without any confirmation prompt, add the “-Confirm” switch as shown in the command below:

Install-ADDSDomainController -InstallDns -DomainName "TechGenix.com" –Confirm:$False

As explained in this article, setting up Active Directory domain controllers using PowerShell is an easy task. But it is recommended that you test the new domain controller installation process using the Test-ADDSDomainControllerInstallation PowerShell cmdlet to ensure the new domain controller can be installed successfully in the current Active Directory environment. If the Test-ADDSDomainControllerInstallation process finds any configuration issues, they are reported on the screen, giving you a chance for you to fix any configuration issues. Then you are free to begin setting up Active Directory domain controllers using PowerShell.

Nirmal Sharma

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Published by
Nirmal Sharma

Recent Posts

Using PowerShell to assess Active Directory health

When using PowerShell as a tool for monitoring Active Directory health, you are limited only by your imagination. Here’s some…

2 hours ago

Microsoft Authentication Libraries now generally available

Microsoft Authentication Libraries, available for Android, iOS, and macOS, help developers integrate authentication into a diverse set of applications.

7 hours ago

Checkrain fake iOS jailbreak site a menace to iPhone users

iPhone users looking for help in jailbreaking their devices will find trouble if they head to a website named checkrain,…

10 hours ago

Key to success: Tracking down and unlocking locked files in Windows

Locked files in Windows can be a maddening experience. Thankfully, it is usually relatively easy to get a locked file…

1 day ago

‘Made By Google’ 2019: Pixel 4 and Pixel 4 XL are finally official

The release of Google’s much-awaited new smartphones is official. The tech giant has unveiled the Pixel 4 and Pixel 4…

1 day ago

COBIT 2019: An effective governance framework for IT pros

Every business with IT as part of its foundation needs a comprehensive governance strategy. This is where COBIT 2019 comes…

1 day ago