Create Active Directory Forest

These commands will create a forest and show how to populate it with users and groups.

The first cmdlet establishes the server as a domain controller and installs the AD domain service tools.

Install-WindowsFeature AD-Domain-Services

 

 Next, setup and configure the AD forest.

Install-ADDSForest -DomainName powershellengineering.com

 

You can now begin using AD functions like creating users.

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -asecurestring) -name "User1" -enabled $true -ChangePasswordAtLogon $true

This simple cmdlet will create a user named “User1” and ask for a password. The user will then be prompted to change password when they login for the first time. In a previous post I cover other methods to add users.

 

Lastly we can run a cmdlet that will establish group membership for the new user.

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=powershell,DC=engineering,DC=com", -MemberOf"CN=Enterprise Admins,CN=Users=DC=powershell,DC=engineering,DC=com",

 

And lastly we can run the Get-ADPrincipalGroupMembership cmdlet to confirm that the membership was granted.

Get-ADPrincipalGroupMembership User1

 

Useful parameters:

-Parameter

 

-Parameter

  

Reference: