Home Archives Search Feed
  • FQDN: server.local
  • NetBIOS domain name: SERVER

This script creates a new AD forest with those values and sets the DSRM password non-interactively.

✅ Final AD Promotion Script (Anonymised)

# Install Active Directory Domain Services role
Install-WindowsFeature AD-Domain-Services

# Promote to new AD forest (FQDN: server.local, NetBIOS: SERVER)
Install-ADDSForest `
  -DomainName "server.local" `
  -DomainNetbiosName "SERVER" `
  -InstallDNS `
  -SafeModeAdministratorPassword (ConvertTo-SecureString "OurSecurePasswordHere" -AsPlainText -Force)

🧾 Notes to Customise Before Running

  • Replace "OurSecurePasswordHere" with your desired Directory Services Restore Mode (DSRM) password

  • Run the script from an elevated PowerShell prompt (Run as Administrator)

  • Ensure the server has:

  • Static IP or DHCP reservation (LATTER IS MY PREFERRED TO AVOID CONFLICTS)

  • Correct system time

  • Tailscale running

  • Suitable hostname

🔍 Post-Promotion Validation (after reboot)

After the server reboots, run:

Get-ADDomain
Get-ADForest
dcdiag
Get-DnsServerZone

follow-ups:

  • Create the shared folder
  • Add the SMB share
  • Configure folder redirection via GPO

July 11, 2025

Previous post
AD04 Notes Server V4 Replaces each user’s individual C:\Users\username\Documents Is the same location for all users — past and future Is centrally stored, e.g. on
Next post
Grounding lightning Derived from texts I searched. Grounding is essential for protecting network infrastructure, especially PoE switches and outdoor devices, from