IT tutorials
 
Windows
 

Windows Server 2012 : Deploying domain controllers using Windows PowerShell (part 2) - Using Windows PowerShell to deploy domain controllers - First domain controller in new forest

- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/14/2014 8:28:02 PM

2. Using Windows PowerShell to deploy domain controllers

The Windows PowerShell cmdlets for installing a forest, installing domains, deploying domain controllers, and performing similar deployment tasks are found in the ADDSDeployment module. This Windows PowerShell module is installed by default when you add the AD DS role together with its role-management tools on a server, regardless of whether the server has been promoted to a domain controller or not. To see a list of the available cmdlets in this module, use the Get-Command cmdlet as follows:

PS C:\> Get-Command -Module ADDSDeployment

CommandType Name ModuleName
----------- ---- ----------
Cmdlet Add-ADDSReadOnlyDomainControllerAccount ADDSDeployment
Cmdlet Install-ADDSDomain ADDSDeployment
Cmdlet Install-ADDSDomainController ADDSDeployment
Cmdlet Install-ADDSForest ADDSDeployment
Cmdlet Test-ADDSDomainControllerInstallation ADDSDeployment
Cmdlet Test-ADDSDomainControllerUninstallation ADDSDeployment
Cmdlet Test-ADDSDomainInstallation ADDSDeployment
Cmdlet Test-ADDSForestInstallation ADDSDeployment
Cmdlet Test-ADDSReadOnlyDomainControllerAccountCreation ADDSDeployment
Cmdlet Uninstall-ADDSDomainController ADDSDeployment

2.1 Verifying prerequisites

You can use the Test-ADDS* cmdlets to run a prerequisites check before attempting to install a new forest, install a new domain, deploy a writeable domain controller, or deploy an RODC in your environment. The output of this command will help you determine whether your environment is ready for the operation you intend to perform or whether additional configuration might be required. The example here shows some output from running the Test-ADDSForestInstallation cmdlet on a standalone Windows Server 2012 server to determine whether the server satisfies the prerequisites for becoming the first domain controller of the forest root domain of a new forest:

PS C:\> Test-ADDSForestInstallation -DomainName corp.adatum.com
SafeModeAdministratorPassword: ********
Confirm SafeModeAdministratorPassword: ********
WARNING: Windows Server 2012 Release Candidate domain controllers have a default for the
security setting named "Allow cryptography algorithms compatible with Windows NT 4.0"
that prevents weaker cryptography algorithms when establishing security channel
sessions.

For more information about this setting, see Knowledge Base article 942564
(http://go.microsoft.com/fwlink/?LinkId=104751).

WARNING: This computer has at least one physical network adapter that does not have
static IP address(es) assigned to its IP Properties. If both IPv4 and IPv6 are enabled
for a network adapter, both IPv4 and IPv6 static IP addresses should be assigned to both
IPv4 and IPv6 Properties of the physical network adapter. Such static IP address(es)
assignment should be done to all the physical network adapters for reliable Domain Name
System (DNS) operation.

WARNING: A delegation for this DNS server cannot be created because the authoritative
parent zone cannot be found or it does not run Windows DNS server. If you are
integrating
with an existing DNS infrastructure, you should manually create a delegation to this
DNS server in the parent zone to ensure reliable name resolution from outside the domain
"adatum.com". Otherwise, no action is required.


Message Context RebootRequired Status
------- ------- -------------- ------
Operation completed succes... Test.VerifyDcPromo... False Success

To determine whether a remote Windows Server 2012 server satisfies these requirements, use the Invoke-Command cmdlet to execute the Test-ADDSForestInstallation cmdlet on the remote server as follows:

Invoke-Command -ComputerName SEA-SRV-1 {Test-ADDSForestInstallation -DomainName corp.adatum.com}

2.2 First domain controller in new forest

Deploying the first Windows Server 2012 domain controller for a new forest is equivalent to installing a new forest and involves two steps:

  1. Adding the AD DS role to the server.

  2. Promoting the server as a domain controller.

Using Windows PowerShell, these actions can be combined into a single script you can execute on remote servers. The following scenario uses two standalone Windows Server 2012 servers: a local server named SEA-HOST-2 and a remote server named SEA-SRV-1. The goal is to run a script on SEA-HOST-2 that will install a new forest, with SEA-SRV-1 being the first domain controller in the forest root domain. To accomplish this, you could proceed as follows:

  1. Begin by logging on to a local server running Windows Server 2012 using your administrator credentials, and open an elevated Windows PowerShell prompt. (If you are logged on with the built-in Administrator account, any Windows PowerShell prompt you open will be elevated.)

  2. Change the script execution policy on the local server to RemoteSigned by running the following command:

    Set-ExecutionPolicy RemoteSigned
  3. This will allow you to run Windows PowerShell scripts (.ps1 files) on the local server. By using Windows PowerShell remoting, you will also be able to run scripts on the remote server.

  4. Open Notepad, and type the following two commands:

    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
    Install-ADDSForest -DomainName corp.adatum.com -InstallDNS

    The first command installs AD DS together with the role-management tools on the targeted server. The second command promotes the targeted server as the first domain controller in the forest root domain corp.adatum.com. Note that the name of the targeted server has not been specified in this script. Use Notepad to save the script with the file name script1.ps1 in the folder C:\scripts or some other suitable location on the local server.

  5. Run the following command on the local server to execute your script on the remote server SEA-SRV-1:

    Invoke-Command -ComputerName SEA-SRV-1 -FilePath C:\scripts\script1.ps1
  6. When the AD DS role has finished installing on SEA-SRV-1, you will be prompted to specify a Safe Mode Administrator Password. This password is needed so that you can log on to the new domain controller in Directory Services Recovery Mode when needed. After entering a password and confirming it, press Y and then ENTER to confirm that you want to promote the server as a domain controller. The promotion process begins, as shown in Figure 1. Note that you can eliminate the need to press Y followed by ENTER by including the –Force parameter in the second line of your script.

    Remote server SEA-SRV-1 is now being promoted to be the first domain controller in a new forest.
    Figure 1. Remote server SEA-SRV-1 is now being promoted to be the first domain controller in a new forest.
  7. Command output like the following will be displayed if the promotion process is successful:

    PSComputerName : SEA-SRV-1
    RunspaceId : dd268942-f430-43c9-9830-7c547d1a4b73
    Message : Operation completed successfully
    Context : DCPromo.General.3
    RebootRequired : False
    Status : Success

    The server will then be restarted to complete the promotion process. If the remote server is a Server With A GUI installation, logging on to the server and launching Server Manager will confirm that the AD DS and DNS Server roles have been installed and the server is now the first domain controller in the corp.adatum.com forest.

 
Others
 
- Windows Server 2012 : Deploying domain controllers using Windows PowerShell (part 1)
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 6) - Uninstalling AD DS
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 5) - Verifying the installation
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 4) - First Windows Server 2012 domain controller in an existing forest
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 3) - Additional domain controller in new domain
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 2) - First domain controller in new forest
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 1) - Preparing for domain-controller deployment, Installing the AD DS role
- Windows Server 2008 : Group Policy Command-Line Tools - Refreshing Group Policy Settings with gpupdate
- Windows Server 2008 : Group Policy Command-Line Tools - Viewing Group Policy Settings with gpresult
- Windows Server 2008 : Group Policy Overview - Using Loopback Processing, Running Scripts with Group Policy
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS