Install and configure AD in Powershell easily

Fed up with clicks on Windows? Try some PowerShell scripts instead. With fewer clicks and more settings, you can create and manage stronger your infrastructure.

Let’s start. This post will help you to create an Active Directory forest with the following components:

A domain named HOMELAB.LOCAL
A domain controller named brouette
Five organizational units (OUs): INTERNAL, groupes, projets, utilisateurs, and serveurs
A global group named admins_lab

The script first creates the necessary folders and installs the Active Directory Domain Services role on the server. Next, it tests if the role “ADDS” is installed - if not, it installs the ADDSDeployment module and uses the Install-ADDSForest cmdlet to create the forest. Finally, it creates OUs and the global group.

To run the script, save the content to a “.ps1” file and then run it from an elevated PowerShell prompt.

Here are some additional tips for creating and managing Active Directory with PowerShell:

The New-ADOrganizationalUnit cmdlet can be used to create OUs. The -Name parameter specifies the name of the OU, and the -Path parameter specifies the parent OU of the new OU.
The New-ADGroup cmdlet can be used to create groups. The -Name parameter specifies the name of the group, the -Description parameter specifies a description of the group, and the -GroupScope parameter specifies the scope of the group.

For more information on Active Directory and PowerShell, please see the following resources:

Active Directory PowerShell documentation: https://learn.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps
Microsoft Tech Net Active Directory: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-domain-services

Here is the script:

<#
.SYNOPSIS
This PowerShell script installs the Active Directory Domain Services role and configures certain organizational units and groups.

.DESCRIPTION
This script performs the following steps:
1. Checks if the Active Directory Domain Services role is already installed.
2. Installs the Active Directory Domain Services role if necessary.
3. Configure the required organizational units and groups.

.NOTES
Author: Julien HOMMET
Date of creation: 08/2023
Version: 1.0

.EXAMPLE
.\Install-ADRole.ps1
Run the script to install Active Directory and configure the necessary elements.
#>

# Variables
$ComputerName = "brouette"
$DomainNetbiosName = "HOMELAB"
$DomainFQDN = "$DomainNetbiosName.local"
$LogPath = "C:\Logs\Install-ADDS.log"

mkdir C:\Logs

$ADInstalled = Get-WindowsFeature -Name AD-Domain-Services -ErrorAction SilentlyContinue

if ($ADInstalled.Installed) {
    Write-Host "Active Directory Domain Services is already installed."
} else {
    # Install Active Directory
    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -LogPath $LogPath

    # Check if the installation was successful
    if ($?) {
        Write-Host "Active Directory Domain Services has been installed successfully."

        # Configure Active Directory
        Import-Module ADDSDeployment
        Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "WinThreshold" `
        -DomainName $DomainFQDN -DomainNetbiosName $DomainNetbiosName -ForestMode "WinThreshold" -InstallDns:$true `
        -LogPath $LogPath -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true

        # Create organizational units
        $InternalOUPath = "OU=INTERNAL,DC=HOMELAB,DC=LAB,DC=LOCAL"
        New-ADOrganizationalUnit -Name "INTERNAL" -Path $InternalOUPath
        New-ADOrganizationalUnit -Name "groupes" -Path $InternalOUPath
        New-ADOrganizationalUnit -Name "projets" -Path $InternalOUPath
        New-ADOrganizationalUnit -Name "utilisateurs" -Path $InternalOUPath
        New-ADOrganizationalUnit -Name "serveurs" -Path $InternalOUPath

        # Create a group
        $GroupsOUPath = "OU=groupes,$InternalOUPath"
        New-ADGroup -Name "admins_lab" -Description "Administrateurs du lab" -GroupScope Global -Path $GroupsOUPath

        Write-Host "The script has been executed successfully."
    } else {
        Write-Host "Active Directory installation failed."
    }
}

Feel free to use and modify it! Don’t forget to reboot the server afterward…

Install and configure AD in Powershell easily

Related articles

Minikube, a light Kubernetes cluster locally

Share this article

J.HOMMET.NET