These commands will create a forest and show how to populate it with users and groups.
The first cmdlet establishes the server as a domain controller and installs the AD domain service tools.
Next, setup and configure the AD forest.
Install-ADDSForest -DomainName powershellengineering.com
You can now begin using AD functions like creating users.
New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -asecurestring) -name "User1" -enabled $true -ChangePasswordAtLogon $true
This simple cmdlet will create a user named “User1” and ask for a password. The user will then be prompted to change password when they login for the first time. In a previous post I cover other methods to add users.
Lastly we can run a cmdlet that will establish group membership for the new user.
Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=powershell,DC=engineering,DC=com", -MemberOf"CN=Enterprise Admins,CN=Users=DC=powershell,DC=engineering,DC=com",
And lastly we can run the Get-ADPrincipalGroupMembership cmdlet to confirm that the membership was granted.