Installing A DC on Server Core uses less resources:
Create new VM named DC01
Go through the install
Set 30GB disk size
Choose Non Gui install
once installed type sconfig
enable rdp
configure name DC01, restart
connect to host using rdp
type powershell
get-windowsfeature
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
The below script installs first DC in new AD Forest:
Import-Module ADDSDeployment
Paste the following into console:
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath “C:\Windows\NTDS” -DomainMode "WinThreshold" -DomainName “hplab.local” -DomainNetbiosName "HPLAB" -ForestMode “WinThreshold” -InstallDns:$true -LogPath “C:\Windows\NTDS” -NoRebootOnCompletion:$false -SysvolPath “C:\Windows\SYSVOL” -Force:$true
After restart login with hplab\administrator 'yourpassword'
type:
powershell
Get-ADForest
Get-ADDomain
<strong>View AD Users/Computers in PS:</strong>
Get-ChildItem 'AD:'
Get-ChildItem 'AD:\DC=hplab,DC=local'
gci ad:\"cn=users,dc=hplab,dc=local" | ? {$._objectClass -eq "user"}
<strong>Add New AD User Account:</strong>
New-ADUser -Name "iq" -SamAccountName "iq"
-GivenName “i” -Surname “q” -DisplayName “iq”
-UserPrincipalName "iq@hplab.local" -Path "cn=users,dc=hplab,dc=local"
Get-ADUser iq
Account will be disabled so need to enable and set password:
Set-ADAccountPassword -Identity iq -Reset -NewPassword
(ConvertTo-SecureString -AsPlainText “Password” -Force)
Enable-ADAccount -Identity iq
Copy groups from administrator account:
$CopyFromUser = Get-ADUser Administrator -prop MemberOf
$CopyToUser = Get-ADUser iq -prop MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Members $CopyToUser
Get-ADGroupMember administrators | more
Get-ADPrincipalGroupMembership iq | more
DL and Inst latest RSAT tools on Win10 Client host to manage the domain.
Links:
https://blogs.technet.microsoft.com/uktechnet/2016/06/08/setting-up-active-directory-via-powershell/
http://techgenix.com/using-powershell-manage-ad-and-ad-users/