Installing domain controllers_Windows Server 2012 Automation with PowerShell Cookbook-QQ阅读中文古言网

书名：Windows Server 2012 Automation with PowerShell Cookbook
作者名：Ed Goad
本章字数：731字
更新时间：2025-02-24 16:00:15

Installing domain controllers

Once the TCP/IP networking is set up and working, the next step to tackle is installing the domain controllers. In a Windows Active Directory domain, the domain controllers can be viewed as the core of the network. Domain controllers provide user authentication, group policy information, time synchronization, and access to Active Directory objects. Additionally, domain controllers often provide several network services such as DNS, DHCP, certificate services, and more.

This recipe will set up and install the first domain controller, creating a new domain in a new forest. Once completed, the second domain controller will be remotely installed and promoted. Additionally, we will install DNS on both domain controllers to provide name resolution services.

Getting ready

This recipe assumes a server and networking configuration setup similar to the prior recipe. We will be working with newly installed servers without any additional roles or software installed. To complete these tasks, you will need to log on to the server as the local administrator.

How to do it...

Carry out the following steps to install the domain controller:

As an administrator, open a PowerShell.

Identify the Windows Features to install:

Get-WindowsFeature | Where-Object Name -like *domain*
Get-WindowsFeature | Where-Object Name -like *dns*

Install the necessary features:

Install-WindowsFeature AD-Domain-Services, DNS –IncludeManagementTools

Configure the domain:

$SMPass = ConvertTo-SecureString 'P@$$w0rd11' –AsPlainText -Force
Install-ADDSForest -DomainName corp.contoso.com –SafeModeAdministratorPassword $SMPass –Confirm:$false

How it works...

The first step executes the Get-WindowsFeature Cmdlet to list the features necessary to install domain services and DNS. If you are unsure of the exact names of the features to install, this is a great method to search for the feature names using wildcards. The second step uses Install-WindowsFeature to install the identified features, any dependencies, and any applicable management tools.

The third step calls Install-ADDSForest to create a new domain/forest named corp.contoso.com. Before promoting the server to a domain controller, we create a variable named $SMPass, which will hold a secure string that can be used as a password when promoting the server. This secure string is then passed as -SafeModeAdministratorPassword to the server, allowing access to the server if the domain services fail to start in the future:

You will see a notice similar to the preceding screenshot when installation is finished. The system will automatically restart and the domain controller install will be complete.

There's more...

The following lists what more can be done with the domain controller:

Joining a computer to domain: Once the domain has been created, computers can be joined to the domain manually or via automation. The following example shows how to use PowerShell to join the CorpDC2 computer to the corp.contoso.com domain.
```
$secString = ConvertTo-SecureString 'P@$$w0rd11' -AsPlainText -Force
$myCred = New-Object -TypeName PSCredential -ArgumentList "corp\administrator", $secString
Add-Computer -DomainName "corp.contoso.com" -Credential $myCred –NewName "CORPDC2" –Restart
```
Similar to creating the domain, first a $secString variable is created to hold a secure copy of the password that will be used to join the computer to the domain. Then a $myCred variable is created to convert the username/password combination into a PSCrededntial object that will be used to join the computer to the domain. Lastly, the Add-Computer Cmdlet is called to join the computer to the domain and simultaneously, rename the system. When the system reboots, it will be connected to the domain.
Push install of domain controller: It is normally considered best practice to have at least two domain controllers (DCs) for each domain. By having two DCs, one can be taken offline for maintenance, patching, or as the result of an unplanned outage, without impacting the overall domain services.
Once a computer has been joined to the domain, promoting the system to a DC can be performed remotely using PowerShell:
```
Install-WindowsFeature –Name AD-Domain-Services, DNS -IncludeManagementTools –ComputerName CORPDC2
Invoke-Command –ComputerName CORPDC2 –ScriptBlock {
$secPass = ConvertTo-SecureString 'P@$$w0rd11' -AsPlainText –Force
$myCred = New-Object -TypeName PSCredential -ArgumentList "corp\administrator", $secPass
$SMPass = ConvertTo-SecureString 'P@$$w0rd11' –AsPlainText –Force
Install-ADDSDomainController -DomainName corp.contoso.com –SafeModeAdministratorPassword $SMPass -Credential $myCred –Confirm:$false
}
```
First, the Domain and DNS services and appropriate management tools are installed on the remote computer. Then, using the Invoke-Command Cmdlet, the commands are executed remotely to promote the server to a domain controller and reboot.

Tip

To create a new domain/forest, we used the Install-ADDSForest command. To promote a computer into an existing domain/forest, we use the Install-ADDSDomainController command.