Setting up Active Directory using PowerShell

PowerShell is an extremely powerful set of command line tools you can use to manage different aspects of a Windows environment. Most of the roles and features ship with the required PowerShell cmdlets to perform management tasks. For example, complete Windows Failover cluster operation can be managed using the Failover PowerShell cmdlets. Similarly, Active Directory instances can be managed using the Active Directory PowerShell cmdlets. This article focuses on setting up Active Directory domain controllers using the PowerShell commands that ship with Active Directory PowerShell Modules.

Requirements for setting up Active Directory using PowerShell

Before you start to execute any PowerShell commands explained in this article, install Active Directory PowerShell modules on a Windows Server 2012 or later or Windows 10 operating systems. Also, make sure you have administrator privileges to perform the required operation. For example, when installing a domain controller in an Active Directory domain, you would be required to have domain admin credentials. Once you have met these requirements, proceed with the next sections of this article, which explains the necessary steps before implementing a domain controller such as running a health check and how to use PowerShell commands to perform a prerequisite check before installing the domain controller.

Running an Active Directory health check

Setting Up Active Directory

Before you proceed to install a domain controller in the Active Directory domain or forest, make sure to check the health of Active Directory. While it is not a necessary step that you should also perform before installing a new domain controller, it is recommended to perform a new installation of domain controllers in a healthy Active Directory environment. For example, if you install a new domain controller when there lingering objects are present, those lingering objects will be replicated to the new domain controller. Similarly, if the replication of a domain controller is broken in an Active Directory site and if the new domain controller is being installed in the same Active Directory site, the new domain controller will not receive the changes that were made prior to installing the new domain controller. You can check Active Directory replication health by executing this PowerShell command:

Get-ADReplicationPartnerMetadata -Target * -Partition * | Select-Object LastReplicationAttempt, LastReplicationResult

In the output of the above command, make sure the value of “LastReplicationResult” attribute reported is “0” for all entries. If the “LastReplicationResult” value is other than “0”, resolve replication errors before proceeding.

Active Directory PowerShell cmdlets to use

There are two Active Directory PowerShell cmdlets that you must be using: Test-ADDSDomainControllerInstallation and Install-ADDSDomainController. Test-ADDSDomainControllerInstallation PowerShell cmdlet is used to perform checks to ensure the domain controller can be installed successfully and Install-ADDSDomainController PowerShell cmdlet is used to initiate the domain controller installation process. We will take a look at both these PowerShell cmdlets in the next sections.

Running a prerequisites check before installing new domain controllers

If you are installing a new domain controller in a domain, it is recommended that you perform a check to ensure the new Active Directory domain controller can be installed successfully. To run a prerequisite check, use the PowerShell cmdlet below:

Test-ADDSDomainControllerInstallation -InstallDns -Credential (Get-Credential TechGenix\AdminUser) -DomainName "TechGenix.com"

This command executes prerequisite checks and then summarizes the changes that will occur during the installation process of the new domain controller. It checks the current environment and provides a report on screen.

Installing an Active Directory domain controller

Once you have verified the installation can proceed successfully and without any errors, execute the command below to actually start the domain controller promotion process.

Install-ADDSDomainController -InstallDns -DomainName "TechGenix.com"

This command installs a new domain controller in TechGenix.com Active Directory domain under the currently logged-on credentials. The PowerShell command below provides more control over the promotion process and helps you select the domain under which you would like to install the new domain controller. The command also prompts for the credentials.

Install-ADDSDomainController -InstallDns -Credential (Get-Credential) -DomainName (Read-Host "Enter Domain Name")

Both commands will prompt you before the promotion operation is carried out. In case you wish to execute the promotion process without any confirmation prompt, add the “-Confirm” switch as shown in the command below:

Install-ADDSDomainController -InstallDns -DomainName "TechGenix.com" –Confirm:$False

As explained in this article, setting up Active Directory domain controllers using PowerShell is an easy task. But it is recommended that you test the new domain controller installation process using the Test-ADDSDomainControllerInstallation PowerShell cmdlet to ensure the new domain controller can be installed successfully in the current Active Directory environment. If the Test-ADDSDomainControllerInstallation process finds any configuration issues, they are reported on the screen, giving you a chance for you to fix any configuration issues. Then you are free to begin setting up Active Directory domain controllers using PowerShell.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top