Building a First Active Directory Domain Controller on Windows 2012 R2 Core
-
Assuming that we have just installed, manually, a Windows Server 2012 R2 machine and have configured it with networking we are ready to begin building a working Active Directory Domain Controller from the command line. There is no need to have any GUI access, or even a GUI installed, in order to run a Domain Controller.
First we need to rename our machine, or ensure that it has a good, usable name already.
Rename-Computer prd-win-ad1 Restart-Computer -ForceI like the naming convention style here. We have "prd" to denote production, "win" to denote a Windows server and "ad1" to tell us that this is our first Active Directory Domain Controller. You can use any convention that you like, of course. As always, reboot after a rename.
Now that our machine is renamed (and we assume that you have a static IP assigned to it, AD DCs need static IP addresses to work properly) and rebooted, we can simply run a few PS commands to promote our machine to be an Active Directory Domain Controller.
We should note here that the dcpromo command still exists for the moment, but has been deprecated in Server 2012 R2 and will not be available in future Windows Server releases, so we want to discontinue using it.
First we just install the proper components:
Install-WindowsFeature -Name AD-Domain-Services
Now we will create a password variable to use in our domain creation command, replace mypassword with a securepassword of your own...
$Password = ConvertTo-SecureString -AsPlainText -String mypassword -ForceAnd now we can do the actual promotion process.
Install-ADDSForest -DomainName ad.mydomain.com -SafeModeAdministratorPassword $Password -DomainNetbiosName mydomain -DomainMode Win2012R2 -ForestMode Win2012R2 -DatabasePath "%SYSTEMROOT%\NTDS" -LogPath "%SYSTEMROOT%\NTDS" -SysvolPath "%SYSTEMROOT%\SYSVOL" -NoRebootOnCompletion -InstallDns -ForceIf this completes successfully you should get a message like this one:
Once this has completed, we simply need to reboot, again.
Restart-Computer -ForceReferences:
A legacy dcpromo approach would be: dcpromo.exe /unattend /NewDomain:forest /ReplicaOrNewDomain:Domain /NewDomainDNSName:domain.tld /DomainLevel:4 /ForestLevel:4 /SafeModeAdminPassword:"mypassword"
-
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
-
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
-
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
-
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
-
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
Agreed, it will do most of the basic user management and configuration stuff. But anything LDAP related is better done with other tools.
-
Strangely MS hasn't come up with a single tool set yet for remote management. But they are improving with every release. And PowerShell still does an awful lot without any GUI tools at all, even remote ones.
-
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
huh?
-
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
huh?
That's RSAT
-
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
huh?
That's RSAT
I updgraded from Windows 8 so I assumed this was just Server Manager in Windows 10, but yes you are right.
-
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@coliver said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@thwr said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
@IRJ said in Building a First Active Directory Domain Controller on Windows 2012 R2 Core:
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
huh?
Those options are generally only there is RSAT is installed.
