Friday, 12 April 2013

Automating Active Directory Setup - Installing the First Domain Controller in a Forest

I'm building a new Active Directory environment based on Windows Server 2012. This is a green-fields site, and the builds are automated using the OSD task sequences available in System Center Configuration Manager 2012. The first server I build in the domain is a domain controller in a place-holder root domain. The following script promotes a server to this be a domain controller and creates the new forest and domain. A previous post explains how I install the Active Directory Domain Services role.


The script below:

  • Installs a new domain controller in a forest root domain, creating that domain.
  • Gets the variables you will see in the script from Configuration Manager.


I will explain how to populate variables in Configuration Manager in a separate post in due course.

#------------------------------------------------------------------------------------
# | File : NewForest.ps1                                           
# |                                            
# | Purpose : Installs the first Domain Controller in a forest, thus creating 
# |           a new forest
# |           - Designed to be run from a Configuration Manager OSD task sequence
# |           - Designed for Windows Server 2012 environments
# |           - Reboot handled by task sequence
# |
# | Usage : PowerShell.exe -FILE .\NewForest.ps1 
#------------------------------------------------------------------------------------
# |                                         
# | Author:          JustAnotherTechnicalBlog
# | Creation Date:   11 April 2013
# |
# |
# | Maintenance History                                            
# | ------------------- 
# | 
# | Version: 1.00 2013-04-12      Initial Version      JustAnotherTechnicalBlog
# |
# |
#------------------------------------------------------------------------------------


# Clear the error variable
#------------------------------------------------------------------------------------

$error.clear()



# Import the ActiveDirectory PowerShell Module if required
#------------------------------------------------------------------------------------

if (-not (Get-Module ActiveDirectory))
  {
   Import-Module ActiveDirectory
  }



# Here we get access to the Task Sequence variables
#------------------------------------------------------------------------------------

$objTSenv = New-Object -COMObject Microsoft.SMS.TSEnvironment



# Grab the data we need from the task sequence variables
#------------------------------------------------------------------------------------

$strTSNetBIOSName         = $objTSenv.Value("RoleVariable1")
$strTSDomainName          = $objTSenv.Value("RoleVariable2")



# Convert our password to the data type required
# by Install-ADDSForest
#------------------------------------------------------------------------------------

$secstrSafeModePassword = $objTSenv.Value("RolePassword1") | `
   ConvertTo-SecureString -asPlainText -Force



# Install our first forest Domain Controller, creating a new forest
#------------------------------------------------------------------------------------

Install-ADDSForest `
  -Force `
  -NoRebootOnCompletion `
  -DomainNetBIOSName "$strTSNetBIOSName" `
  -DomainName "$strTSDomainName" `
  -ForestMode Win2012 `
  -DomainMode Win2012 `
  -SafeModeAdministratorPassword `
        $secstrSafeModePassword



# Very basic error handling ...
#------------------------------------------------------------------------------------

If ($error)
  {
   Write-Host "Forest creation failed"
   Exit 1000
  }
Else
  {
   Write-Host "Forest created successfully"
  }

Task Sequence Snippet:  Active Directory Installation


Installing a new forest with a PowerShell script

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)