Installing ADDS using powershell

 

<#
.SYNOPSIS
Installs a new Active Directory forest configuration.

.DESCRIPTION
The Install-ADDS script installs a new Active Directory forest configuration.

.PARAMETER DomainName
Specifies the fully qualified domain name (FQDN) for the root (first) domain in the forest.

.PARAMETER SafeModeAdministratorPassword
Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets the password complexity rules of the domain and the password cannot be blank. If specified with a value, the value must be a standard string.

.PARAMETER DatabasePath
Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed disk of the local computer that contains the domain database, for example, C:\Databases\NTDS. The default is %SYSTEMROOT%\NTDS.

.PARAMETER DomainMode
Specifies the domain functional level of the first domain in the creation of a new forest. Supported values for this parameter can be an enumerated string value. For example, to set the domain mode level to Windows Server 2008 R2, specify a value of Win2008R2. Other supported values include those for Windows Server 2003 (Win2003), Windows Server 2008 (Win2008), and Window Server 2012 (Win2012). The domain functional level cannot be lower than the forest functional level, but it can be higher. The default is automatically computed and set.

.PARAMETER ForestMode
Specifies the forest functional level for the new forest. Supported values for this parameter can be an enumerated string value. For example, to set the forest mode level to Windows Server 2008 R2, specify a value of Win2008R2. Other supported values include those for Windows Server 2003 (Win2003), Windows Server 2008 (Win2008), and Windows Server 2012 (Win2012). The default forest functional level in Windows Server 2012 when you create a new forest is Windows Server 2012 (Win2012). The default forest functional level in Windows Server 2008 R2 when you create a new forest is Windows Server 2003 (Win2003).

.PARAMETER LogPath
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the log file for this operation will be written. For example, C:\Logs. The default log file path if no other path is specified with this parameter is %SYSTEMROOT%\NTDS.

.PARAMETER SysvolPath
Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the Sysvol file will be written. For example, C:\Logs\SYSVOL. The default path if no other path is specified with this parameter is %SYSTEMROOT%\SYSVOL.

.INPUTS
None

.OUTPUTS
None

.NOTES
By default, the DNS Server service is installed when you create a new forest. It is strongly recommended that you install and use the Windows DNS Server to support the needs for DNS name resolution in your Active Directory deployment. You do not need to specifically include the -InstallDNS to install it.

If you are using Active Directory-integrated DNS, the IP address for the preferred DNS server for the first domain controller in the forest is automatically set to the loopback address of 127.0.0.1. This helps assure that the IP address of the first domain controller will be resolved in DNS even if the address is changed.

.EXAMPLE
.\Install-ADDS.ps1 -DomainName foo.local -DatabasePath D:\NTDS -LogPath E:\Logs -SysvolPath D:\SYSVOL -Password ((Get-Credential).Password)

Installs a new forest named foo.local, installs the Active Directory database and SYSVOL on the D:\ drive, installs the log files on the E:\ drive, and prompts the user to provide the Directory Services Restore Mode (DSRM) password.
#>

#region Define script parameters
[CmdletBinding()]
param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$DomainName,

[Parameter(Mandatory=$true)]
[string]$SafeModeAdministratorPassword,

[Parameter()]
[string]$DatabasePath = “$Env:SystemRoot\NTDS”,

[Parameter()]
[ValidateSet(“Win2003″,”Win2008″,”Win2008R2″,”Win2012”)]
[string]$DomainMode = “Win2012”,

[Parameter()]
[ValidateSet(“Win2003″,”Win2008″,”Win2008R2″,”Win2012”)]
[string]$ForestMode = “Win2012”,

[Parameter()]
[string]$LogPath = “$Env:SystemRoot\NTDS”,

[Parameter()]
[string]$SysvolPath = “$Env:SystemRoot\SYSVOL”
)
#endregion Define script parameters

begin
{
#region Setup Event Log logging
$ScriptName = $MyInvocation.MyCommand.Name;

$eventLog = New-Object System.Diagnostics.EventLog(‘Application’);
$eventLog.MachineName = “.”;
$eventLog.Source = “$ScriptName”;
#endregion Setup Event Log logging
}

process
{
#region function Test-ADDrive
function Test-ADDrive
{
[CmdletBinding()]
param
(
[Parameter(Mandatory=$true)]
[string]$Path
)

[UInt32]$minimumFreeSpace = 1073741824;
if (-not(Get-PSDrive |
Where-Object { ($_.Root -eq [System.IO.Directory]::GetDirectoryRoot($Path)) -and `
(($_.Free -ge $minimumFreeSpace) -or ($_.Free -ne “”)) }))
{
return $false;
}

return $true;
}
#endregion function Test-ADDrive

try
{
#region Validate Database drive
if (-not(Test-ADDrive -Path $DatabasePath))
{
throw “The drive specified for the Active Directory database files is not valid.”;
}
else
{
$eventLog.WriteEntry(“Database path validated: $DatabasePath”, “Information”, 1001);
}
#endregion Validate Database drive

#region Validate Log drive
if (-not(Test-ADDrive -Path $LogPath))
{
throw “The drive specified for the Active Directory log files is not valid.”;
}
else
{
$eventLog.WriteEntry(“Log file path validated: $LogPath”, “Information”, 1001);
}
#endregion Validate Log drive

#region Validate SYSVOL drive
if (-not(Test-ADDrive -Path $SysvolPath))
{
throw “The drive specified for the Active Directory SYSVOL files is not valid.”;
}
else
{
$eventLog.WriteEntry(“SYSVOL path validated: $SysvolPath”, “Information”, 1001);
}
#endregion Validate SYSVOL drive

#region Install Active Directory
Import-Module ADDSDeployment;
$result = Install-ADDSForest -DomainName $DomainName -SafeModeAdministratorPassword (ConvertTo-SecureString -String $SafeModeAdministratorPassword -AsPlainText -Force) -CreateDNSDelegation:$false -DatabasePath $DatabasePath -DomainMode $DomainMode -ForestMode $ForestMode -InstallDNS -LogPath $DatabasePath -NoDnsOnNetwork -NoRebootOnCompletion:$false -SYSVOLPath $SysvolPath -Force;

# Write installation result to the event log.
$eventLog.WriteEntry(“$result”, “Information”, 1000);
#endregion Install Active Directory
}
catch [Exception]
{
$eventLog.WriteEntry(“Script failed. Error message: $($_.Exception)”, “Error”, 1010);
throw “$ScriptName failed to complete: $($_.Exception)”;
}
}

end
{
# Clean up.
$eventLog.Dispose();
Remove-Variable eventLog;
}