Provision Windows 2016 First AD Forest with PowerShell

Steps to provision Windows 2016 First AD Forest with PowerShell

  1. Provisioning of First AD Forest with
    • FQDN = mylab.local
    • NetBIOS Domain = MYLAB
    • Forest & Domain Mode = WinThreshold (Windows 2016)
#Install AD Domain Services 
install-windowsfeature AD-Domain-Services -IncludeManagementTools

#Promote First AD Forest & Domain  
Import-Module ADDSDeployment
$Password = "P@ssw0rd!@#$" | ConvertTo-SecureString -AsPlainText -Force

$FQDN = "mylab.local"
$DomainName = "MYLAB"
#WinTresthold = Windows 2016 Forest
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainMode WinThreshold `
-DomainName $FQDN `
-DomainNetbiosName $DomainName `
-ForestMode WinThreshold `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SysvolPath “C:\Windows\SYSVOL” `
-SafeModeAdministratorPassword $Password `
-Force:$true

#Server will be rebooted automatically
  1. Setup Microsoft Certificate Server
  • Certificate Authority
  • Certificate Authority Web Enrollment
#Certificate Authority 
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools

Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -CACommonName "ADRoot" -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA256 

#Certificate Authority Web Enrollment
Add-WindowsFeature ADCS-Web-Enrollment -IncludeAllSubFeature
Install-AdcsWebEnrollment  
  1. Secure LDAP (Port 636) is enabled automatically with Microsoft CA installed in Step 2.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top