More Musings

AD04 AD Script

Anthony
  • FQDN: server.local
  • NetBIOS domain name: SERVER

This script creates a new AD forest with those values and sets the DSRM password non-interactively.

βœ… Final AD Promotion Script (Anonymised)

# Install Active Directory Domain Services role
Install-WindowsFeature AD-Domain-Services

# Promote to new AD forest (FQDN: server.local, NetBIOS: SERVER)
Install-ADDSForest `
  -DomainName "server.local" `
  -DomainNetbiosName "SERVER" `
  -InstallDNS `
  -SafeModeAdministratorPassword (ConvertTo-SecureString "OurSecurePasswordHere" -AsPlainText -Force)

🧾 Notes to Customise Before Running

  • Replace "OurSecurePasswordHere" with your desired Directory Services Restore Mode (DSRM) password
  • Run the script from an elevated PowerShell prompt (Run as Administrator)
  • Ensure the server has:
  • Static IP or DHCP reservation (LATTER IS MY PREFERRED TO AVOID CONFLICTS)
  • Correct system time
  • Tailscale running
  • Suitable hostname

πŸ” Post-Promotion Validation (after reboot)

After the server reboots, run:

Get-ADDomain
Get-ADForest
dcdiag
Get-DnsServerZone

follow-ups:

  • Create the shared folder
  • Add the SMB share
  • Configure folder redirection via GPO