Step-by-Step Guide to Adding a Domain Controller with PowerShell

Adding a new domain controller (DC) to your existing Active Directory (AD) environment can seem daunting, but with PowerShell, the process becomes a breeze. This guide walks you through the steps to integrate a new Windows Server instance into an existing AD domain using PowerShell, ensuring that your network remains robust and secure.

Prerequisites for Adding a Domain Controller​

Before diving into the setup, it’s essential to ensure that your environment is primed for the addition of a new DC. Notably, the domain functional level must support the introduction of Windows Server 2025, which is now possible if your existing environment is running at least Windows Server 2016. To confirm the domain and forest functional levels, execute the following PowerShell commands:

 Get-ADForest | fl Name, ForestMode Get-ADDomain | fl Name, DomainMode

These commands will display your current AD configurations, confirming readiness for the new DC.

Step 1: Install and Configure Windows Server​

Start by deploying a new virtual machine (VM) and installing the desired version of Windows Server. Once the installation completes, rename the server for clarity. The following command sets the server name to WS25-DC5:

 Rename-Computer -NewName "WS25-DC5" -Restart

This renaming process is followed by a reboot to apply changes.

Step 2: Update Windows Server​

After the system boots up, you’ll want to ensure that your Windows installation is up-to-date. Use the SConfig utility to check for and install any pending updates. Since it's a fresh installation, you may find that no updates are available at this time.

Step 3: Join the Server to the Active Directory Domain​

Next, you need to connect your new server to the existing AD domain reinders.local. Use the following command to accomplish this in a single step, which also triggers a restart:

 Add-Computer -DomainName "reinders.local" -Restart

Step 4: Install the Active Directory Domain Services (AD DS) Server Role​

Once the server reboots, log in using your domain admin credentials. The subsequent step involves installing the AD DS role, which is critical for domain controller functionalities:

 Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

This command installs the necessary tools to manage the domain services.

Step 5: Promote the Server to Domain Controller​

With AD DS installed, it’s time to promote the server to a full-fledged domain controller. Use this command, substituting your domain and including the necessary credentials:

 Install-ADDSDomainController -DomainName "reinders.local" -InstallDns -Credential (Get-Credential) -Confirm:$false

Important Note: Ensure your domain admin account is temporarily added to the Enterprise Admins group; this allows the promotion without hindrance.
Once the promotion process completes, Windows will prompt for a reboot again. After the final restart, you can check the status of your DCs using:

 Get-ADDomainController -Filter * | Select-Object Name, IPv4Address, OperatingSystem

Final Thoughts​

Congratulations! You’ve successfully added a new domain controller to your existing Active Directory domain. By following this guide, leveraging PowerShell commands, and adhering to best practices, you've augmented your domain environment with a reliable DC.
Managing Active Directory is crucial in today’s IT landscape, especially regarding security and efficiency in identity management. Regular audits of your AD team and configurations will bolster your organization’s defenses against unauthorized access and potential vulnerabilities.
For further reading, consider exploring related topics such as Active Directory group management or advanced PowerShell techniques for managing AD services. Understanding these areas can enhance your security posture and operational efficiency significantly. Happy administrating!

---

Source: Petri IT Knowledgebase How to Add a Domain Controller to an Existing Domain (PowerShell)