Install and Configure Active Directory using PowerShell

- 3 mins read

*Note : This is part of a series for how I build Windows Enterprise Test environment. *

In this installment of the series, we will delve into the process of installing and configuring a Windows Active Directory using PowerShell. The goal is to simplify the installation procedure by compiling a set of PowerShell scripts, enabling the creation of a test environment with ease and convenience whenever an application needs to be tested.

Our focus will be on utilizing a fresh install of Windows Server 2019 and creating PowerShell scripts that perform all necessary configurations for a successful installation and configuration of Windows Active Directory. Get ready to explore the power of automation and simplify the setup of your test environment!


Table of Contents


Local machine settings

  • Change computer name

    Rename-Computer -NewName DC1

  • Network configuation. Use static IP(!).

    New-NetIPAddress -IPAddress 192.168.1.10 -DefaultGateway 192.168.1.1 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex

## or

New-NetIPAddress -IPAddress 192.168.1.10 -DefaultGateway 192.168.1.1 -PrefixLength 24 -InterfaceIndex 4

    If you have more than 1 network adapter, get the value of your InterfaceIndex by running this command and take note of the value for your network interface at the appropriate network.

    (Get-NetAdapter).InterfaceIndex

  • Set DNS

    Set-DnsClientServerAddress -InterfaceIndex (Get-NetAdapter).InterfaceIndex -ServerAddresses ("192.168.1.10","8.8.4.4")
    • 192.168.1.10 - sett he DNS to its local DNS service
    • 8.8.4.4 - if you have other DNS server

  • Restart the server

    Restart-Computer -Force

Install Configure Active Directory

  • Install domain role/features 
    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
  • Confgiure Active Directory 
    $Password = (ConvertTo-SecureString -String "P@55w0rd" -AsPlainText -Force)
Install-ADDSForest -DomainName ronwork.com -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode Win2008R2 -ForestMode Win2008R2 -DomainNetbiosName "dc1" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -sysvolPath "C:\windows\SYSVOL" -Force:$true -SafeModeAdministratorPassword $Password
    • Assumptions:
      • Domain : ronwork.com
      • Password : P@55w0rd
      • Forest Mode : Win2008R2

Create Domain User/s

  • This will create domain users user1 and user2 with P@55w0rd as password. 
    $Password = (ConvertTo-SecureString -String "P@55w0rd" -AsPlainText -Force)
New-ADUser -Name user1 -Accountpassword $Password -Passwordneverexpires $true -Enabled $true 
New-ADUser -Name user2 -Accountpassword $Password -Passwordneverexpires $true -Enabled $true
  • Make user1 part of Administrator group 
    Add-ADGroupMember -Identity "Domain Admins" -Members user1

Final Script

  • Filename : localSettings.ps1

    Rename-Computer -NewName DC1
New-NetIPAddress -IPAddress 192.168.1.10 -DefaultGateway 192.168.1.1 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex
Set-DnsClientServerAddress -InterfaceIndex (Get-NetAdapter).InterfaceIndex -ServerAddresses ("192.168.1.10","8.8.4.4")
Restart-Computer -Force

  • Filename : configAD.ps1

    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
$Password = (ConvertTo-SecureString -String "P@55w0rd" -AsPlainText -Force)
Install-ADDSForest -DomainName ronwork.com -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode Win2008R2 -ForestMode Win2008R2 -DomainNetbiosName "dc1" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -sysvolPath "C:\windows\SYSVOL" -Force:$true -SafeModeAdministratorPassword $Password

  • Filename : addUser.ps1

    $Password = (ConvertTo-SecureString -String "P@55w0rd" -AsPlainText -Force)
New-ADUser -Name user1 -Accountpassword $Password -Passwordneverexpires $true -Enabled $true 
New-ADUser -Name user2 -Accountpassword $Password -Passwordneverexpires $true -Enabled $true 
Add-ADGroupMember -Identity "Domain Admins" -Members user1

Testing and conclusion

Between the execution of these scripts, the machine will require a restart. Upon successful restart, if the Active Directory is properly configured, you shoul be able to join a client machine to the Active Directory without any issues.

To verify the setup, you can attempt to use a Windows 10/11 to join this domain. You can use Join Windows 10 to Aactive Directory using PowerShell to create PowerShell scripts to do this activity.