We are introducing Windows Server 2012 R2 into our Production environment at work. I decided I would use PowerShell Remoting to install the ADS services and promote the server to Domain Controller.
First step is to remote to the 2012 R2 server. You can do this from any PC that has PowerShell installed. I'm doing it from my Windows 7 PC.
PS C:\>Enter-PSSession -ComputerName RemoteServer -Credential yourdomain\yourusername
If all goes well your prompt should change to the following:
[RemoteServername]: PS C:\>
This means you are now connected to the remote server and any command you run will execute on the remote server. This includes DOS commands. Now we need to run the following command to install the ADS Role:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
You will see the following message showing install progress:
When complete you should get a confirmation:
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Active Directory Domain Services, Remote ...
You can also run the following command to verify install:
[RemoteServername]: PS C:\>Get-Command -Module ADDSDeployment
CommandType Name ModuleName
----------- ---- ----------
Cmdlet Add-ADDSReadOnlyDomainControllerAccount ADDSDeployment
Cmdlet Install-ADDSDomain ADDSDeployment
Cmdlet Install-ADDSDomainController ADDSDeployment
Cmdlet Install-ADDSForest ADDSDeployment
Cmdlet Test-ADDSDomainControllerInstallation ADDSDeployment
Cmdlet Test-ADDSDomainControllerUninstallation ADDSDeployment
Cmdlet Test-ADDSDomainInstallation ADDSDeployment
Cmdlet Test-ADDSForestInstallation ADDSDeployment
Cmdlet Test-ADDSReadOnlyDomainControllerAccountCreation ADDSDeployment
Cmdlet Uninstall-ADDSDomainController ADDSDeployment
Now to join the current server to the domain as a Domain Controller use the following command:
[RemoteServername]: PS C:\> Install-ADDSDomainController -Credential (Get-Credential) -DomainName contoso.com -DatabasePath D:\Windows\NTDS -LogPath D:\Windows\NTDS -SysvolPath D:\Windows\SYSVOL -SiteName NameOfSite
There are several other options that can be used but these three are important. At first I did not pass the -Credential argument thinking it would use the credentials I used to PSRemote to the server but when I ran the Install-ADDSDomainController command I received an error "Install-ADDSDomainController : Verification of user credential permissions failed. Failed to examine the Active Directory forest. The error was: ldap_search()". When I used the -Credential (Get-Credential) the command succeeded with no problems. Also, If you don't use -DatabasePath the database will install to:
%SYSTEMROOT%\NTDS
For a full list of options go here:
http://technet.microsoft.com/en-us/library/hh974723.aspx
You will be prompted for the Safe Mode Administration Password. You will then see a message stating server will be configured as a Domain Controller and restarted. Just hit enter as the default answer is Y.
You will see the progress as it installs and you may also see some warnings about "Delegation for this DNS server cannot be created because the authoritative parent zone cannot be found..." You may ignore this warning if you are not worried about external DNS queries.
If install is successful you will see the following:
Message Context RebootRequired Status
------- ------- -------------- ------
Operation completed successfully DCPromo.General.3 False Success
That is it. You have a new DC on your domain!
To demote a Domain Controller you can use the following command:
Uninstall-ADDSDomainController -Credential (Get-Credential)
