Active Directory Setup Notes

Last Updated: September 25, 2019

AD Installation

The Powershell commands are examples for the domain for techstormpc.net.

Install-WindowsFeature AD-Domain-Services

Joining to Domain

Import-Module ADDSDeployment
Install-ADDSDomainController `
-DomainName "techstormpc.net" `
-InstallDns:$true `

Optional:

-DatabasePath "C:\Windows\NTDS" `
-LogPath "C:\Windows\NTDS" `
-SiteName "BLAINE-DC" `
-SysvolPath "C:\Windows\SYSVOL" `
-NoRebootOnCompletion:$false `
-Force:$true

Demoting

Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-RemoveDnsDelegation:$true `
-Force:$true

Read-only Domain Controller

Import-Module ADDSDeployment
Install-ADDSDomainController `
-AllowPasswordReplicationAccountName @("TECHSTORMPC\Allowed RODC Password Replication Group") `
-NoGlobalCatalog:$false `
-Credential (Get-Credential) `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DenyPasswordReplicationAccountName @("BUILTIN\Administrators", "BUILTIN\Server Operators", "BUILTIN\Backup Operators", "BUILTIN\Account Operators", "TECHSTORMPC\Denied RODC Password Replication Group") `
-DomainName "techstormpc.net" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-ReadOnlyReplica:$true `
-SiteName "BLAINE-DC" `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

AD Installation

Joining to Domain​

Demoting​

Read-only Domain Controller​

Joining to Domain

Demoting

Read-only Domain Controller