Active Directory

Install Active Directory

DCPromo is no more (Kind of).  It is deprecated.
Still used to do forceremoval, create RODC account, UninstallBinaries

Install handled by PowerShell3.  

Can be done from the command line or from server manager.

Server Manager simple to install

• Add the binaries
• Promote the server to a DC
• Have the old options--new forest, add to existing domain, create a domain

Enable AD Recycle Bin

Enable AD Recycle Bin from Active Directory Administrative Center or using PowerShell

For example, to enable Active Directory Recycle Bin for contoso.com, type the following command, and then press ENTER:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’




Remove AD

To Remove AD, Remove Roles

Will be asked to demote the server 

After the demotion and reboot remove AD with Server Manager

Can demote using powershell

Uninstall-addsdomaincontroller

PowerShell Install

Install-WindowsFeature -Name AD-Domain-Services –IncludeManagementTools
Only after this role installation is complete can you get information about the available cmdlets in the ADDSDeployment module. To do so, type the following:
Get-Command -Module ADDSDeployment
This lists available commandsCan the use then use 
install-ADDSForest
You'll be asked the domain name and the Server will be promoted to DC

Cmdlet	Description
Add-ADDSReadOnlyDomainControllerAccount	Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory
Install-ADDSDomain	Installs a new Active Directory domain configuration
Install-ADDSDomainController	Installs a domain controller in Active Directory
Install-ADDSForest	Installs a new Active Directory forest configuration
Test-ADDSDomainControllerInstallation	Runs the prerequisites (only) for installing a domain controller in Active Directory
Test-ADDSDomainControllerUninstallation	Runs the prerequisites (only) for uninstalling a domain controller in Active Directory
Test-ADDSDomainInstallation	Runs the prerequisites (only) for installing a new Active Directory domain configuration
Test-ADDSForestInstallation	Runs the prerequisites (only) for installing a new forest in Active Directory
Test-ADDSReadOnlyDomainControllerAccountCreation	Runs the prerequisites (only) for adding an RODC account
Uninstall-ADDSDomainController	Uninstalls a domain controller in Active Directory

Installing the Active Directory Domain Services role by using Windows PowerShell is no different from installing any other role. In an elevated Windows PowerShell session, use the following command:

Install-WindowsFeature –name AD-Domain-Services -IncludeManagementTools

Like other Windows PowerShell role installations, the Install-WindowsFeature cmdlet does not install the management tools for the role, such as Active Directory Administrative Center and Active Directory Users and Computers, unless you include the –IncludeManagementTools parameter in the command.

Once you have installed the role, promoting the server to a domain controller is somewhat more complicated. The ADDSDeployment Windows PowerShell module includes separate cmdlets for the three deployment configurations covered in the previous sections:

■■Install-AddsForest

■■Install-AddsDomainController

■■Install-AddsDomain

Each of these cmdlets has many possible parameters to support the many configuration options you find in the Active Directory Domain Services Configuration Wizard. In its simplest form, the following command would install a domain controller for a new forest called adatum.com:

Install-AddsForest -DomainName “adatum.com”

Script

# Windows PowerShell script for AD DS Deployment

#

Import-Module ADDSDeployment

Install-ADDSForest '

-CreateDnsDelegation:$false '

-DatabasePath "C:\Windows\NTDS" '

-DomainMode "Win2012" '

-DomainName "contoso.local" '

-DomainNetbiosName "CONTOSO" '

-ForestMode "Win2012" '

-InstallDns:$true '

-LogPath "C:\Windows\NTDS" '

-NoRebootOnCompletion:$false '

-SysvolPath "C:\Windows\SYSVOL" '

-Force:$true

List AD Modules

import-module active directory

set-location AD:

get-command -modulename activedirectory