HOME BLOGS ABOUT CONTACT
Login Register

How to Deploy Your First Active Directory Domain Controller on Windows Server Using PowerShell

tania andrew Suresh Thapa
| 25 Aug, 2025 | 1060 views
0
0
How to Deploy Your First Active Directory Domain Controller on Windows Server Using PowerShell

Learn how to set up a brand‑new Active Directory forest and DNS on Windows Server using PowerShell only. Rename the server and NICs, assign static IP/DNS, install AD DS, and promote to a domain controller—plus verification, post‑install tasks, and a ready‑to‑run script.

 

Prerequisites

  • A fresh Windows Server VM/host with local admin rights.
  • Static IP plan for your Production/LAN NIC.
  • Internet or upstream DNS access (optional but helpful for name resolution/updates).
  • Correct regional settings (we’ll set Time Zone to India Standard Time below).
  • Run PowerShell as Administrator.

 

Step 1 — Rename the server and set time zone.

Rename-Computer -NewName "DC1"
Restart-Computer
# After reboot, set the time zone
Get-timeZone -ListAvailable
Set-TimeZone -Id "India Standard Time"

Why: Consistent naming and correct time are critical for Kerberos and general domain health.

 

Step 2 — Tidy up NIC names  if you have multiple interface (Optional).

Rename-NetAdapter -Name "Ethernet1" -NewName "Production"

Why: Clear adapter names prevent mistakes later, especially on multi‑NIC servers.

Adjust the original names (e.g., Ethernet0, Ethernet1) if your server uses different labels. Use Get-NetAdapter to confirm.

 

Step 3 — Set a static IP and DNS on the LAN NIC.

New-NetIPAddress -IPAddress "192.168.10.254" -PrefixLength 24 -DefaultGateway "192.168.10.1" -InterfaceAlias "Production"
Set-DnsClientServerAddress -InterfaceAlias "Production" -ServerAddresses 192.168.10.254, 8.8.8.8

Why: Domain controllers should have static addressing. Point primary DNS to itself once it becomes a DNS server. Keeping a public resolver as secondary is fine for labs (use with caution in production—prefer internal DNS forwarders there).

 

Step 4 — Install AD DS role (+ management tools).

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Why: Adds Active Directory Domain Services binaries and RSAT tools required for promotion.

 

Step 5 — Create a new forest and promote to DC.

Install-ADDSForest -DomainName "mypracticelab.com" `
	-CreateDnsDelegation:$false `
	-DatabasePath "C:\Windows\NTDS" `
	-LogPath "C:\Windows\NTDS" `
	-SysvolPath "C:\Windows\SYSVOL" `
	-ForestMode Win2012R2 `
	-DomainMode Win2012R2 `
	-InstallDns:$true `
	-DomainNetbiosName "mypracticelab" `
	-NoRebootOnCompletion:$false

During this step you’ll be prompted to set the DSRM (Directory Services Restore Mode) password. Store it safely.

Notes:

  • -InstallDns:$true installs and integrates Microsoft DNS with AD.
  • Functional levels (Win2012R2) are broadly compatible. You can raise them later if your environment supports newer levels.
  • -NoRebootOnCompletion:$false allows the automatic reboot at the end of promotion.

 

Verify the deployment

Run these after the reboot finishes and you log in as the domain admin.

# Confirm AD and DNS services
Get-Service adws, ntds, dns | Select-Object Name, Status

# Domain and forest info
Get-ADDomain | Format-List *
Get-ADForest | Format-List *

 

 

 

Tags:

ActiveDirectory Powershell Windows

Comments

Please login to leave a comment.

No comments yet. Be the first to comment!

Follow