How to create a new Active Directory Domain in a new Forest using PowerShell

This Wiki article provides the details about how you can create your new Active Directory Domain in a new Forest using PowerShell.

AD Domain Services Windows Feature Installation

You should start by installing AD Domain Services Windows Feature by running install-windowsfeature AD-Domain-Services. This should done in Windows PowerShell by using an elevated prompt.

Create of a new Active Directory Domain in a new Forest

You should proceed as the following in PowerShell using an elevated prompt:

1. Import addsdeployment PowerShell module by running import-module addsdeployment
2. Run the installation command to create your new Active Domain in a new Forest through Install-ADDSForest cmdlet

Install-ADDSForest cmdlet installs an Active Directory Forest Configuration and uses the following parameters:

Parameter	Required/Optional	Description	Value
DomainName	Required	Specifies the fully qualified domain name (FQDN) for the root domain in the forest	Example: contoso.com
DomainNetbiosName	Optional	Specifies the NetBIOS name for the root domain in the new Forest. For NetBIOS names to be valid for use with this parameter they must be single labeled names of 15 characters or less. I f this parameter is not set, then the default is automatically computed from the value of the DomainName parameter.	Example: CONTOSO
DatabasePath	Optional	Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed disk of the local computer that contains the domain database, for instance, C:\Databases\NTDS. The default is %SYSTEMROOT%\NTDS.	Example: D:\Databases\NTDS
InstallDns	Optional	Indicates that this cmdlet installs and configures the DNS Server service for the new forest. For forest installation, the default is $True.	$True or $False
LogPath	Optional	Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the log file for this operation is written. For instance, C:\Logs. The default log file path if no other path is specified with this parameter is %SYSTEMROOT%\NTDS.	Example: D:\Logs
NoRebootOnCompletion	Optional	Indicates that the cmdlet does not reboot the computer upon completion of this command. It is advised to set this parameter to $true for testing and troubleshooting purposes only.	$True or $False
SysvolPath	Optional	Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the Sysvol file is written. The default path if no other path is specified with this parameter is %SYSTEMROOT%\SYSVOL.	Example: D:\Logs\SYSVOL
Force	Optional	Forces the command to run without asking for user confirmation.	$True or $False
DomainMode	Optional	Specifies the domain functional level of the first domain in the creation of a new forest. The DomainMode value cannot be lower than the ForestMode value.	Windows Server 2003: 2 or Win2003 Windows Server 2008: 3 or Win2008 Windows Server 2008 R2: 4 or Win2008R2 Windows Server 2012: 5 or Win2012 Windows Server 2012 R2: 6 or Win2012R2 Windows Server 2016: 7 or WinThreshold
ForestMode	Optional	Specifies the forest functional level for the new forest. Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. The ForestMode value cannot be higher than the DomainMode value.	Windows Server 2003: 2 or Win2003 Windows Server 2008: 3 or Win2008 Windows Server 2008 R2: 4 or Win2008R2 Windows Server 2012: 5 or Win2012 Windows Server 2012 R2: 6 or Win2012R2 Windows Server 2016: 7 or WinThreshold

The following command, as an example, will perform created a new Active Directory Forest Configuration with the following settings:

• Domain name: contoso.com
• NetBIOS name: CONTOSO
• Database Path: D:\Windows\NTDS
• DNS Installation: Yes
• Log Path: D:\Windows\NTDS
• No reboot on completion: False
• SYSVOL Path: D:\Windows\SYSVOL
• Forces the command to run without asking for user validation: Yes
• Domain Functional Level: Windows Server 2016
• Forest Functional Level: Windows Server 2016

Install-ADDSForest -CreateDnsDelegation:$false -DomainName "contoso.com" -DomainNetbiosName "CONTOSO" -DatabasePath "D:\Windows\NTDS" -InstallDns:$true -LogPath "D:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "D:\Windows\SYSVOL" -Force:$true  -DomainMode "WinThreshold" -ForestMode "WinThreshold"

You will be prompted to provide and confirm the Directory Services Restore Mode (DSRM) password.

For more details about the Install-ADDSForest cmdlet, you can check on the following link: /en-us/powershell/module/addsdeployment/install-addsforest?view=win10-ps

Installation of RSAT ADDS Tools

To administer your new ADDS Forest and Domain from your new domain controller, you should install RSAT ADDS tools by proceeding as the following in PowerShell using an elevated prompt:

1. Import **AD-Domain-Services **PowerShell module by import-module servermanager
2. Run the installation command Add-WindowsFeature RSAT-ADDS-Tools

 

---

See Also

•  Active Directory Replication Issues – Basic Troubleshooting Steps (Single AD Domain in a Single AD Forest)