Creating of Windows domain has always been a rock on which admins split. There are ones who will vouch for GUI. The others are more prone to PowerShell use. What do I think? Well, PowerShell is a flexible and universal tool, unlike GUI. So, no wonder this article is dedicated to creating and configuring a domain on Windows Server 2016 via PowerShell exclusively. I want to establish whether it will be helpful in the automation of this whole process.
Preparing to Begin
Now, since creating and configuring a domain controller (DC) is not something that will pass by your infrastructure, in order to avoid disrupting the working environment I am going to use a virtual machine (VM) inside of Hyper-V host running on Windows Server 2016 [Version 10.0.14393]. In turn, I will perform a domain verification via PowerShell as well, but from a test VM.
As you’ve probably guessed by now, for this test, I am going to use two VMs with the same configurations on Windows Server 2016:
- 2 x Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz;
- 1 x 4 GB RAM;
- 1 x 100 GB HDD;
- 1 x 10 Gbps LAN.
They’ll communicate with each other via the Hyper-V Private switch. You can find out how to create the latter here.
The environment scheme of my domain under the name “Test.com”:
In correspondence to my needs, in this case, creating and configuring a domain is basically installing Active Directory (AD), DNS and DHCP. These are the three primary services necessary to create any domain controller. I will depict precisely all of the configuration stages, performed with the use of PowerShell.
I’ll do the following:
- Installing and configuring AD and DNS;
- Installing and configuring DHCP;
- Check the status of the services on a domain client;
First of all, I couldn’t do everything without using GUI, no matter how much I would want to. The first rocks on the way were logging in and starting the PowerShell. After logging in, start the Run utility. You’ll need to type Win+R, then PowerShell, and then click OK ( I marked all-important moments here and further with red):
Now, the first thing to do with a machine that has a fresh OS on it is renaming it according to this environment scheme (much like client VM). After renaming and before start configuring, restart the VM:
After restarting it, log in once again and check the host name:
Find the name of the network adapter:
At the next step, assign a new IP address for it, subnet mask, and default gateway. Since the test network is not supposed to reach the other systems, the default gateway address (172.16.0.1) is present purely nominally.
As I am working here on creating and configuring a single domain controller, enter the loopback interface address (127.0.0.1) as the primary DNS server address. Leave the secondary DNS server address empty:
Well, now it’s time for installing the services! Check the status of the services that weren’t installed yet but are available:
Create a new domain forest:
After the installation is complete, restart the VM.
Be attentive: this time, you’ll see domain entry as a default account! That means AD is already active.
Log in with a domain account, start the PowerShell, and continue. Check the status of the primary services necessary for AD.
Furthermore, check the AD Web service event log for mistakes.
Check the AD service event log for mistakes.
Make sure there no mistakes listed in the event logs and move further. Check the status of domain and forest:
The next step is the installation and configuration of the DHCP service.
Install DHCP service:.
Add the address pool for automatic allocation, at range 172.16.1.1 / 22 – 172.16.1.254 /22. Set the DHCP lease time and the gateway address. Restart the DHCP service.
Empty spaces between commands are to divide the lines for better understanding. They have no additional purpose, please, note this!
Add permission to manage DHCP.
Add DHCP record in the domain:
Stop the DHCP configuration in the server registry.
Apply the dynamic updates for clients:
Congratulations, the configuration is finished now!
Start the client VM (Test-VM), log in, and if the first thing you see is the network connection request, it means that the VM already connected to DHCP automatically.
Start the PowerShell, check the current network configuration. Make sure that the client gets the correct DHCP network settings.
Rename the VM.
Add the client to the domain. At this stage, you’ll see the GUI pop-up window.
Restart the client.
Log in, start the PowerShell, check network settings once more to make sure that the client has been added to the domain.
Check the DNS on the client.
I just tested the possibility of creating and configuring a domain on Windows Server 2016 via PowerShell. This task is generally possible. There are variations of using GUI during the configuration, but it’s a predictable issue since I didn’t use the Core version of Windows Server. However, it won’t stand in the way of partial automation of this process, something not possible with using the GUI. I hope you can make use of this material!