Skip to main content Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed

Active Directory and Exchange Command Line Powershell

Published: 27-02-2016 | Author: Remy van Elst | Text only version of this article

❗ This post is over eight years old. It may no longer be up to date. Opinions may have changed.

This is a collection of Powershell snippets to install Active Directory, create a new Active Directory Domain, join an existing Active Directory domain, create an Active Directory user and to install Microsoft Exchange 2013. The snippets were tested on Windows Server 2012 R2.

I'm quite suprised with how easy it is to do the above tasks with Powershell. Much faster than the GUI wizards.

As a Linux admin, I do also like that these tasks can be automated via the command line. Also, my Windows knowledge is very limited. There are probably better ways to do the below things, if you know how, please shoot me an email via the contact page.

Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

Start with a freshly installed Server 2012 R2 machine (or VM). Fire up a Powershell session.

Install Active Directory

The following command installs the Active Directory Domain Services role:

Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools

Create a new Active Directory Domain:

First import the module in the PowerShell session:

Import-Module ADDSDeployment

Initiate the new Active Directory:

-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "" `
-DomainNetbiosName "RAYMII" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `

Replace the DomainName and DomainNetbiosName with your chosen domain name. PowerShell will then ask you for the AD Recovery Password, make it a strong one.

Add a server to a domain

This adds a server to an existing domain, as a backup domain controller. First install the AD Domain Services as described above and import it in your powershell session.

First test the existing domain to make sure you can join:

Test-ADDSForestInstallation -DomainName

Add the server to the domain as a backup domain controller:

Install-ADDSDomainController -InstallDns -Credential `
  (Get-Credential RAYMII\Administrator) -DomainName

It'll prompt you for the user password.

Create an Active Directory user account

To create a new Active Directory user account, use the below command. It's enabled and has a password:

New-ADUser -Name "John Doe" -GivenName John -Surname Doe `
  -SamAccountName jdoe -UserPrincipalName `
  -AccountPassword (Read-Host -AsSecureString "hunter2") `
  -PassThru | Enable-ADAccount

The user is able to login right away after this. The user is created in the default Users OU.

Create an Active Directory group

Use the below command to create a new global group in the default Users folder of Active Directory called "Managers":

New-ADGroup -name "Managers" -groupscope Global

If it needs to exist in different path in Active Directory, specify the path by its distinguished name:

New-ADGroup -name "Managers" -groupscope Global -path "OU=OtherOU,DC=Raymii,DC=nl"

Add user to a group

The below command adds the user jdoe to the Managers group:

Add-ADGroupMember -Identity "Managers" -Member "jdoe"

To add a user in a different OU to a group in a different OU, you can specify the full DN:

Add-ADGroupMember -Identity "CN=SupportSlavesGroup,OU=SupportSlaves,DC=raymii,DC=nl" -Members "CN=jdoe,OU=OtherUserOU,DC=raymii,DC=nl" 

Install Microsoft Exchange 2013

Install the RSAT-DSS role via Powershell:

Install-WindowsFeature RSAT-ADDS

We prepare the forest for the instalation of Exchange. First the Schema:

setup /ps /IAcceptExchangeServerLicenseTerms

The Active Directory:

setup /PrepareAD /OrganizationName:"Raymii" /IAcceptExchangeServerLicenseTerms

The Domain itself:

setup /pd /IAcceptExchangeServerLicenseTerms

Install other required components and features for Exchange:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

You need to download and install the following setups manually from the Microsoft website and install them in the order listed below:

  • Unified Communications Managed API 4.0 Runtime
  • Microsoft Office 2010 Filter Pack 64 bit
  • Microsoft Office 2010 Filter Pack SP1 64 bit

Start the actual Exchange installation:

setup /m:Install /Roles:ca,mb,mt /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /DBFilePath:"E:\EXCHANGE\MDB001.edb" /LogFolderPath:"E:\EXCHANGE" /MdbName:"MDB001"

When it's finished, the ECP web admin is available.

Tags: active-directory , articles , domain , exchange , ldap , microsoft , owa , powershell , windows-server