Active Directory and Exchange Command Line Powershell

27-02-2016 | Remy van Elst


Table of Contents


This is a collection of Powershell snippets to install Active Directory, create a new Active Directory Domain, join an existing Active Directory domain, create an Active Directory user and to install Microsoft Exchange 2013. The snippets were tested on Windows Server 2012 R2.

I'm quite suprised with how easy it is to do the above tasks with Powershell. Much faster than the GUI wizards.

As a Linux admin, I do also like that these tasks can be automated via the command line. Also, my Windows knowledge is very limited. There are probably better ways to do the below things, if you know how, please shoot me an email via the contact page.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get a $5 VPS for 2 months free (as in, you get $10 credit). (referral link)

Start with a freshly installed Server 2012 R2 machine (or VM). Fire up a Powershell session.

Install Active Directory

The following command installs the Active Directory Domain Services role:

Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools

Create a new Active Directory Domain:

First import the module in the PowerShell session:

Import-Module ADDSDeployment

Initiate the new Active Directory:

Install-ADDSForest
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "raymii.nl" `
-DomainNetbiosName "RAYMII" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

Replace the DomainName and DomainNetbiosName with your chosen domain name. PowerShell will then ask you for the AD Recovery Password, make it a strong one.

Add a server to a domain

This adds a server to an existing domain, as a backup domain controller. First install the AD Domain Services as described above and import it in your powershell session.

First test the existing domain to make sure you can join:

Test-ADDSForestInstallation -DomainName raymii.nl

Add the server to the domain as a backup domain controller:

Install-ADDSDomainController -InstallDns -Credential `
  (Get-Credential RAYMII\Administrator) -DomainName raymii.nl

It'll prompt you for the user password.

Create an Active Directory user account

To create a new Active Directory user account, use the below command. It's enabled and has a password:

New-ADUser -Name "John Doe" -GivenName John -Surname Doe `
  -SamAccountName jdoe -UserPrincipalName jdoe@craymii.nl `
  -AccountPassword (Read-Host -AsSecureString "hunter2") `
  -PassThru | Enable-ADAccount

The user is able to login right away after this. The user is created in the default Users OU.

Create an Active Directory group

Use the below command to create a new global group in the default Users folder of Active Directory called "Managers":

New-ADGroup -name "Managers" -groupscope Global

If it needs to exist in different path in Active Directory, specify the path by its distinguished name:

New-ADGroup -name "Managers" -groupscope Global -path "OU=OtherOU,DC=Raymii,DC=nl"

Add user to a group

The below command adds the user jdoe to the Managers group:

Add-ADGroupMember -Identity "Managers" -Member "jdoe"

To add a user in a different OU to a group in a different OU, you can specify the full DN:

Add-ADGroupMember -Identity "CN=SupportSlavesGroup,OU=SupportSlaves,DC=raymii,DC=nl" -Members "CN=jdoe,OU=OtherUserOU,DC=raymii,DC=nl" 

Install Microsoft Exchange 2013

Install the RSAT-DSS role via Powershell:

Install-WindowsFeature RSAT-ADDS

We prepare the forest for the instalation of Exchange. First the Schema:

setup /ps /IAcceptExchangeServerLicenseTerms

The Active Directory:

setup /PrepareAD /OrganizationName:"Raymii" /IAcceptExchangeServerLicenseTerms

The Domain itself:

setup /pd /IAcceptExchangeServerLicenseTerms

Install other required components and features for Exchange:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

You need to download and install the following setups manually from the Microsoft website and install them in the order listed below:

  • Unified Communications Managed API 4.0 Runtime
  • Microsoft Office 2010 Filter Pack 64 bit
  • Microsoft Office 2010 Filter Pack SP1 64 bit

Start the actual Exchange installation:

setup /m:Install /Roles:ca,mb,mt /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /DBFilePath:"E:\EXCHANGE\MDB001.edb" /LogFolderPath:"E:\EXCHANGE" /MdbName:"MDB001"

When it's finished, the ECP web admin is available.


Tags: active-directory, domain, exchange, ldap, microsoft, owa, powershell, windows-server,