Automate set up of first Active Directory DC with powershell

In my lab, I often have the need to quickly set up various servers from scratch. One type of server is an Active Directory Domain Controller. So I slapped together a simple script to completely automate (light touch) the process of setting up a complete AD DC in a new forest. I also did the same for a second DC in an existing forest, but that’s a story for another post.

This will create the VM in Hyper-V, configure it, install all the roles, and do dcpromo. I’m sure there are better ways of doing this, but it fits my needs for now.

What you need before you start, is an ISO of Windows Server 2019 with an autounattend.xml file on it to do the OSD. I’m not going to go into how to make an autounattend XML, as there are many other resources available on that subject online.

So this script runs exclusively on your Hyper-V host, nothing runs inside the VM.

#Variables
#Credential for local Administrator before dcpromo
$c=Get-Credential Administrator

#Credential for domain Administrator after dcpromo
$dc=Get-Credential somedomain\Administrator

# Name
# Name of VM excluding domain name (name inside OS)
$vmShortName = "dc1"

# Path to VM
$vmfolder = "D:\Hyper-V\" + $vmname

# Path to VHDX file
$vhdpath = $vmfolder + '\' + $vmname + '.vhdx'

$vhdsize = 80GB

# Path to ISO for OSD
$isopath = "\\server\Images\en_windows_server_2019-autounattend.iso"

$switchname = "Vswitch"

# IP of VM
$IPAddress = "192.168.0.2"

# Gateway IP
$DefaultGateway = "192.168.0.1"

# name for the NIC - Default is Ethernet, should not have to be changed
$InterfaceAlias = "Ethernet"

#DNS
# Which IP to put as DNS in IPconfig - Should be same as DC IP
$ServerAddresses = ("192.168.0.2")

# External forwarder in DNS settings
$DNSForwarders = ("192.168.0.99")

# Create a DNS Reverse lookup zone:
$DNSNetworkID = "192.168.0.0/24"

# AD installation vars
$CreateDnsDelegation = $false
$DatabasePath = "C:\Windows\NTDS"
$DomainMode = "Win2012R2"
$DomainName = "somedomain.lan"
$DomainNetbiosName = "somedomain" 
$ForestMode = "Win2012R2" 
$InstallDns = $true
$LogPath = "C:\Windows\NTDS" 
$NoRebootOnCompletion = $false
$SysvolPath = "C:\Windows\SYSVOL" 
$SafeModeAdministratorPassword = (Read-Host -Prompt "Enter SafeMode Administrator Password" -AsSecureString)
$Force = $true

## Name of actual VM on the host
$vmname = $vmShortName + '.' + $DomainName


#####################################################################################################################################################
# create-Windows-VM-from-template
Write-Host $vmname
Write-host ""

New-VM -Name $vmname -path $vmfolder -MemoryStartupBytes 2048MB -Generation 1 -SwitchName $switchname

New-VHD -Path $vhdpath -Dynamic -SizeBytes $vhdsize

Add-VMHardDiskDrive -VMName $vmname -path $vhdpath

#add dvd iso
Add-VMDvdDrive -VMName $vmname -Path $isopath

Set-VMProcessor $vmname -Count 2 -CompatibilityForMigrationEnabled $true

Set-VMMemory $vmname -DynamicMemoryEnabled $true -MinimumBytes 2048MB -StartupBytes 2048MB -MaximumBytes 4096MB

#set vlan
Set-VMNetworkAdapterVlan -VMName $vmname -Access -VlanId 12

Set-VM $vmname -Notes "AD DC"

Start-VM -Name $vmname

#Wait for install to finish:
Read-Host -Prompt "Press Enter when the OS is installed"

#Fun time
#
Write-Host "Enable-VMIntegrationService"
Get-VM $VMName | Get-VMIntegrationService -Name "Guest Service Interface" | Select-Object VMName, Enabled

Get-VM $VMName | Get-VMIntegrationService -Name "Guest Service Interface" | Enable-VMIntegrationService -Passthru

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { Get-Service vmicguestinterface }

Write-Host "Creating folders"
Invoke-Command -VMName $vmname -Credential $c -ScriptBlock {New-Item -ItemType Directory -Path "C:\Temp" }

Write-Host "Set IP"
#set IP on first DC in forrest
Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { 
    New-NetIPAddress -InterfaceAlias $Using:InterfaceAlias -IPAddress $Using:IPAddress -PrefixLength 24 -DefaultGateway $Using:DefaultGateway
    Set-DnsClientServerAddress -InterfaceAlias $Using:InterfaceAlias -ServerAddresses $Using:ServerAddresses 
}
Write-Host "Done with Set IP"

#################################
#Rename OS
Write-Host "Rename OS"
Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { Rename-Computer -NewName $Using:vmShortName -Force -Restart }
Write-Host "Done with Rename OS"

#Wait for reboot to finish:
Write-Host "Wait for reboot to finish"
Start-sleep 120

# Install AD binaries
Write-Host "Install AD binaries"
Invoke-Command -VMName $VMName -Credential $c -ScriptBlock { Install-WindowsFeature AD-Domain-Services -IncludeManagementTools }
Write-Host "Done with Install AD binaries"

# Here is the actual dcpromo of the first DC in the forest
Write-Host "Install-ADDSForest"

Invoke-Command -VMName $VMName -Credential $c -ScriptBlock { 

    Install-ADDSForest -CreateDnsDelegation:$Using:CreateDnsDelegation `
    -DatabasePath $Using:DatabasePath `
    -DomainMode $Using:DomainMode `
    -DomainName $Using:DomainName `
    -DomainNetbiosName $Using:DomainNetbiosName `
    -ForestMode $Using:ForestMode `
    -InstallDns:$Using:InstallDns `
    -LogPath $Using:LogPath `
    -NoRebootOnCompletion:$Using:NoRebootOnCompletion `
    -SysvolPath $Using:SysvolPath `
    -SafeModeAdministratorPassword $Using:SafeModeAdministratorPassword `
    -Force:$Using:Force

}

Write-Host "Wait for install to finish"
#Wait for install to finish:
Start-sleep 600

#set DNS IP again, because dcpromo sets it to 127.0.0.1
Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { 
    Set-DnsClientServerAddress -InterfaceAlias $Using:InterfaceAlias -ServerAddresses $Using:ServerAddresses 
}

Write-Host "Done with Install-ADDSForest"

Write-Host "Set DNS forwarders"
# Set DNS forwarders
Invoke-Command -VMName $VMName -Credential $dc -ScriptBlock { 
    Set-DnsServerForwarder -IPAddress $Using:DNSForwarders -PassThru
}

Write-Host "Done setting DNS forwarders"

#Add reverse DNS zone
Invoke-Command -VMName $VMName -Credential $dc -ScriptBlock { 
    Add-DnsServerPrimaryZone -NetworkID $Using:DNSNetworkID -ReplicationScope "Forest"
}

Write-Host "Please wait"
# Now we wait for the new forrest DC to get good and ready (if we need to install another one).
Start-sleep 10000

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

#Variables

#Credential for local Administrator before dcpromo

$c=Get-Credential Administrator

#Credential for domain Administrator after dcpromo

$dc=Get-Credential somedomain\Administrator

# Name

# Name of VM excluding domain name (name inside OS)

$vmShortName = "dc1"

# Path to VM

$vmfolder = "D:\Hyper-V\" + $vmname

# Path to VHDX file

$vhdpath = $vmfolder + '\' + $vmname + '.vhdx'

$vhdsize = 80GB

# Path to ISO for OSD

$isopath = "\\server\Images\en_windows_server_2019-autounattend.iso"

$switchname = "Vswitch"

# IP of VM

$IPAddress = "192.168.0.2"

# Gateway IP

$DefaultGateway = "192.168.0.1"

# name for the NIC - Default is Ethernet, should not have to be changed

$InterfaceAlias = "Ethernet"

#DNS

# Which IP to put as DNS in IPconfig - Should be same as DC IP

$ServerAddresses = ("192.168.0.2")

# External forwarder in DNS settings

$DNSForwarders = ("192.168.0.99")

# Create a DNS Reverse lookup zone:

$DNSNetworkID = "192.168.0.0/24"

# AD installation vars

$CreateDnsDelegation = $false

$DatabasePath = "C:\Windows\NTDS"

$DomainMode = "Win2012R2"

$DomainName = "somedomain.lan"

$DomainNetbiosName = "somedomain"

$ForestMode = "Win2012R2"

$InstallDns = $true

$LogPath = "C:\Windows\NTDS"

$NoRebootOnCompletion = $false

$SysvolPath = "C:\Windows\SYSVOL"

$SafeModeAdministratorPassword = (Read-Host -Prompt "Enter SafeMode Administrator Password" -AsSecureString)

$Force = $true

## Name of actual VM on the host

$vmname = $vmShortName + '.' + $DomainName

#####################################################################################################################################################

# create-Windows-VM-from-template

Write-Host $vmname

Write-host ""

New-VM -Name $vmname -path $vmfolder -MemoryStartupBytes 2048MB -Generation 1 -SwitchName $switchname

New-VHD -Path $vhdpath -Dynamic -SizeBytes $vhdsize

Add-VMHardDiskDrive -VMName $vmname -path $vhdpath

#add dvd iso

Add-VMDvdDrive -VMName $vmname -Path $isopath

Set-VMProcessor $vmname -Count 2 -CompatibilityForMigrationEnabled $true

Set-VMMemory $vmname -DynamicMemoryEnabled $true -MinimumBytes 2048MB -StartupBytes 2048MB -MaximumBytes 4096MB

#set vlan

Set-VMNetworkAdapterVlan -VMName $vmname -Access -VlanId 12

Set-VM $vmname -Notes "AD DC"

Start-VM -Name $vmname

#Wait for install to finish:

Read-Host -Prompt "Press Enter when the OS is installed"

#Fun time

Write-Host "Enable-VMIntegrationService"

Get-VM $VMName | Get-VMIntegrationService -Name "Guest Service Interface" | Select-Object VMName, Enabled

Get-VM $VMName | Get-VMIntegrationService -Name "Guest Service Interface" | Enable-VMIntegrationService -Passthru

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { Get-Service vmicguestinterface }

Write-Host "Creating folders"

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock {New-Item -ItemType Directory -Path "C:\Temp" }

Write-Host "Set IP"

#set IP on first DC in forrest

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock {

New-NetIPAddress -InterfaceAlias $Using:InterfaceAlias -IPAddress $Using:IPAddress -PrefixLength 24 -DefaultGateway $Using:DefaultGateway

Set-DnsClientServerAddress -InterfaceAlias $Using:InterfaceAlias -ServerAddresses $Using:ServerAddresses

}

Write-Host "Done with Set IP"

#################################

#Rename OS

Write-Host "Rename OS"

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock { Rename-Computer -NewName $Using:vmShortName -Force -Restart }

Write-Host "Done with Rename OS"

#Wait for reboot to finish:

Write-Host "Wait for reboot to finish"

Start-sleep 120

# Install AD binaries

Write-Host "Install AD binaries"

Invoke-Command -VMName $VMName -Credential $c -ScriptBlock { Install-WindowsFeature AD-Domain-Services -IncludeManagementTools }

Write-Host "Done with Install AD binaries"

# Here is the actual dcpromo of the first DC in the forest

Write-Host "Install-ADDSForest"

Invoke-Command -VMName $VMName -Credential $c -ScriptBlock {

Install-ADDSForest -CreateDnsDelegation:$Using:CreateDnsDelegation `

-DatabasePath $Using:DatabasePath `

-DomainMode $Using:DomainMode `

-DomainName $Using:DomainName `

-DomainNetbiosName $Using:DomainNetbiosName `

-ForestMode $Using:ForestMode `

-InstallDns:$Using:InstallDns `

-LogPath $Using:LogPath `

-NoRebootOnCompletion:$Using:NoRebootOnCompletion `

-SysvolPath $Using:SysvolPath `

-SafeModeAdministratorPassword $Using:SafeModeAdministratorPassword `

-Force:$Using:Force

}

Write-Host "Wait for install to finish"

#Wait for install to finish:

Start-sleep 600

#set DNS IP again, because dcpromo sets it to 127.0.0.1

Invoke-Command -VMName $vmname -Credential $c -ScriptBlock {

Set-DnsClientServerAddress -InterfaceAlias $Using:InterfaceAlias -ServerAddresses $Using:ServerAddresses

}

Write-Host "Done with Install-ADDSForest"

Write-Host "Set DNS forwarders"

# Set DNS forwarders

Invoke-Command -VMName $VMName -Credential $dc -ScriptBlock {

Set-DnsServerForwarder -IPAddress $Using:DNSForwarders -PassThru

}

Write-Host "Done setting DNS forwarders"

#Add reverse DNS zone

Invoke-Command -VMName $VMName -Credential $dc -ScriptBlock {

Add-DnsServerPrimaryZone -NetworkID $Using:DNSNetworkID -ReplicationScope "Forest"

}

Write-Host "Please wait"

# Now we wait for the new forrest DC to get good and ready (if we need to install another one).

Start-sleep 10000

Jan Ryen

Jan Ryen

Automate set up of first Active Directory DC with powershell