Monday, July 7, 2014

Installing First Windows 2012 Domain Controller into Existing Forest/Domain via PowerShell


Task: Introducing first Windows 2012 domain controller into Existing Forest /Domain. As you already  notices with Windows 2012 , promoting server to be additional domain controller is changed a lot. There is no more DCpromo instead we use GUI or PowerShell to get the work done.

High Level Steps :

  • Install Windows 2012 Server
  • Configure , Server name, IP address
  • Add Server into existing domain as member server ( preferred )
  • Use PS to promote the server to be additional domain controller and modify the DCpromo.ps1 Script

Step# 1

First task is to add the windows 2012 server into existing domain. Adding server into existing domain  before promoting to be domain controller is a good old habit ,  which allows A record to be created  within the existing DNS Forward lookup  zone and helps also ensures correct DNS settings has been configured.

Log into Server

Open PowerShell and type following command.

Install-WindowsFeature -Name Ad-Domain-Services | Install-WindowsFeature


Step# 2

Now copy and paste the , below PowerShell command into notepad , and save it as DCpromo.ps1 ( we use this name to honor DCPromo we have used ages (-:   , you can name it anything you like.


You will need to change  “-DomainName ""  and if you like any additional customization , such as changing the defaults , SYSLOG, DatabasePath, LogPath etc.

Download the script from here

Run PS Command against pre-defied PS Script

#Installing Domain Controller

Write-Host "................................"

Write-Host "Please modify pre defined Script "

Write-Host "To Make sure it fits into your Environment"

Write-Host "................................"

Import-Module ADDSDeployment

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-CriticalReplicationOnly:$false `

# Change the DatabasePath if desired

-DatabasePath "C:\Windows\NTDS" `

# Change the Domain name if desired

-DomainName ""

-InstallDns:$true `

# Change the LogPath if desired

-LogPath "C:\Windows\NTDS" `

-NoRebootOnCompletion:$false `

# Change the AD Site Name if necessary

-SiteName "Default-First-Site-Name" `

# Change the SYSVOL if necessary.

-SysvolPath "C:\Windows\SYSVOL" `


Now after modifying the script save it onto server into temp Directory


From PowerShell Run it




After server reboot if we open Site and Services we will see the additional domain controller


Now couple additional Configuration we will perform on the new domain controller

Add-WindowsFeature RSAT-AD-PowerShell, RSAT-AD-AdminCenter


Now you can open ADAC from GUI


Or you can open it from PowerShell



You can also open Site and Services



You can open ADUC



More to read… AD Team

Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)

No comments: