Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Install AD Role:

Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools

Create AD:

Set-Variable -Name "domain" -Value "domainvar"
Set-Variable -Name "tld" -Value "tldvar"
Set-Variable -Name "DomainName" -Value "$domain%.%tld"
Set-Variable -Name "DomainNetbiosName" -Value "MAXFIFTEENCHAR"
Install-ADDSForest -DomainName "$DomainName" -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "7" -DomainNetbiosName "$DomainNetbiosName" -ForestMode "7" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$True -SysvolPath "C:\Windows\SYSVOL" -Force:$true

Reboot:

shutdown /r /t 5

Confirm:

Set-Variable -Name "domain" -Value "domainvar"
Set-Variable -Name "tld" -Value "tldvar"
Set-Variable -Name "DomainName" -Value "$domain.$tld"
Get-Service adws,kdc,netlogon,dns
Get-ADDomainController
Get-ADDomain $DomainName

Create DC Admin User:

Set-Variable -Name "Name" -Value "FNameLName"
Set-Variable -Name "GivenName" -Value "FName"
Set-Variable -Name "Surname" -Value "LName"
Set-Variable -Name "SamAccountName" -Value "MAXTWENTYCHAR"
Set-Variable -Name "UserPrincipalName" -Value "user@domain.tld"
New-ADUser -Name "$Name" -GivenName "$GivenName" -Surname "$Surname" -SamAccountName "$SamAccountName" -UserPrincipalName "$UserPrincipalName"

Note:

samAccountName

  • It was used with an earlier version of windows (pre-windows 2000).
  • User login name is in the format of DomainName\testUser.
  • It should be less than 20 characters.
  • It should be unique among all security principal objects within the domain.

userPrincipalName

  • User login name is in format of testUser@DomainName.com
  • It is an internet-style login name for the user based on Internet standard RFC 822
  • It should be unique among all security principal objects within the directory forest

Confirm User:

Get-ADUser -Filter * -SearchBase "DC=$domain,DC=$tld"
Set-Variable -Name "NewPassword" -Value "PassWord"
Set-ADAccountPassword "CN=$Name,CN=users,DC=$domain,DC=$tld" -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$NewPassword" -Force)
Enable-ADAccount -Identity $Name

Add to Domain Admin Group:

Add-ADGroupMember ‘Domain Admins’ $Name

Sources:

https://medium.com/@rootsecdev/how-to-build-a-server-2016-domain-controller-non-gui-and-make-it-secure-4e784b393bac

https://social.technet.microsoft.com/wiki/contents/articles/52765.windows-server-2019-step-by-step-setup-active-directory-environment-using-powershell.aspx

http://www.rebeladmin.com/2018/10/step-step-guide-install-active-directory-windows-server-2019-powershell-guide/

  • No labels