27-02-2016 | Remy van Elst
This is a collection of Powershell snippets to install Active Directory, create a new Active Directory Domain, join an existing Active Directory domain, create an Active Directory user and to install Microsoft Exchange 2013. The snippets were tested on Windows Server 2012 R2.
I'm quite suprised with how easy it is to do the above tasks with Powershell. Much faster than the GUI wizards.
As a Linux admin, I do also like that these tasks can be automated via the command line. Also, my Windows knowledge is very limited. There are probably better ways to do the below things, if you know how, please shoot me an email via the contact page.
Start with a freshly installed Server 2012 R2 machine (or VM). Fire up a Powershell session.
The following command installs the Active Directory Domain Services role:
Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools
First import the module in the PowerShell session:
Initiate the new Active Directory:
Install-ADDSForest -CreateDnsDelegation:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainMode "Win2012R2" ` -DomainName "raymii.nl" ` -DomainNetbiosName "RAYMII" ` -ForestMode "Win2012R2" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true
DomainNetbiosName with your chosen domain name. PowerShell will then ask you for the AD Recovery Password, make it a strong one.
This adds a server to an existing domain, as a backup domain controller. First install the AD Domain Services as described above and import it in your powershell session.
First test the existing domain to make sure you can join:
Test-ADDSForestInstallation -DomainName raymii.nl
Add the server to the domain as a backup domain controller:
Install-ADDSDomainController -InstallDns -Credential ` (Get-Credential RAYMII\Administrator) -DomainName raymii.nl
It'll prompt you for the user password.
To create a new Active Directory user account, use the below command. It's enabled and has a password:
New-ADUser -Name "John Doe" -GivenName John -Surname Doe ` -SamAccountName jdoe -UserPrincipalName firstname.lastname@example.org ` -AccountPassword (Read-Host -AsSecureString "hunter2") ` -PassThru | Enable-ADAccount
The user is able to login right away after this. The user is created in the default
Use the below command to create a new global group in the default
Users folder of Active Directory called "Managers":
New-ADGroup -name "Managers" -groupscope Global
If it needs to exist in different path in Active Directory, specify the path by its distinguished name:
New-ADGroup -name "Managers" -groupscope Global -path "OU=OtherOU,DC=Raymii,DC=nl"
The below command adds the user
jdoe to the
Add-ADGroupMember -Identity "Managers" -Member "jdoe"
To add a user in a different OU to a group in a different OU, you can specify the full DN:
Add-ADGroupMember -Identity "CN=SupportSlavesGroup,OU=SupportSlaves,DC=raymii,DC=nl" -Members "CN=jdoe,OU=OtherUserOU,DC=raymii,DC=nl"
Install the RSAT-DSS role via Powershell:
We prepare the forest for the instalation of Exchange. First the Schema:
setup /ps /IAcceptExchangeServerLicenseTerms
The Active Directory:
setup /PrepareAD /OrganizationName:"Raymii" /IAcceptExchangeServerLicenseTerms
The Domain itself:
setup /pd /IAcceptExchangeServerLicenseTerms
Install other required components and features for Exchange:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
You need to download and install the following setups manually from the Microsoft website and install them in the order listed below:
Start the actual Exchange installation:
setup /m:Install /Roles:ca,mb,mt /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /DBFilePath:"E:\EXCHANGE\MDB001.edb" /LogFolderPath:"E:\EXCHANGE" /MdbName:"MDB001"
When it's finished, the ECP web admin is available.