<\/a><\/figure><\/div>\n\n\nNote:<\/strong> The following section(s) assume that you have a working Windows Server virtual machine as creating a Windows Server VM is out-of-scope for this post, so I will not cover that.<\/p>\n\n\n\nAs mentioned, since I typically use Core versions of Windows Server, thus it is managed via PowerShell commands so to set up my server as a Domain Controller, I’ll run the following from an elevate PowerShell session.<\/p>\n\n\n\n
<\/path><\/path><\/svg><\/span>###1st DC###<\/span><\/span>\nImport-Module<\/span> ServerManager<\/span><\/span>\nAdd-WindowsFeature<\/span> -Name RSAT-AD-Tools<\/span><\/span>\n<\/span>\nInstall-WindowsFeature<\/span> -Name AD-Domain-Services, DNS -IncludeManagementTools -Verbose<\/span><\/span>\n<\/span>\nImport-Module<\/span> ADDSDeployment -Verbose<\/span><\/span>\n<\/span>\n# Create password<\/span><\/span>\n$Password<\/span> = <\/span>Read-Host<\/span> -Prompt <\/span>'Enter SafeMode Admin Password'<\/span> -AsSecureString <\/span><\/span>\n<\/span>\nInstall-ADDSForest<\/span> -CreateDnsDelegation:<\/span>$false<\/span> -DatabasePath <\/span>"C:\\Windows\\NTDS"<\/span> -DomainMode <\/span>"WinThreshold"<\/span> -DomainName <\/span>"demo.lab"<\/span> -DomainNetbiosName <\/span>"DEMO"<\/span> -ForestMode <\/span>"WinThreshold"<\/span> -InstallDns:<\/span>$true<\/span> -LogPath <\/span>"C:\\Windows\\NTDS"<\/span> -NoRebootOnCompletion:<\/span>$true<\/span> -SysvolPath <\/span>"C:\\Windows\\SYSVOL"<\/span> -SafeModeAdministratorPassword <\/span>$Password<\/span> -Force:<\/span>$true<\/span> -Verbose<\/span><\/span>\n<\/span>\n# Install DHCP<\/span><\/span>\nInstall-WindowsFeature<\/span> DHCP -IncludeManagementTools -Verbose<\/span><\/span>\nnetsh dhcp add securitygroups<\/span><\/span>\nRestart-Service<\/span> dhcpserver -Verbose<\/span><\/span>\n<\/span>\nAdd-DhcpServerInDC<\/span> -DnsName <\/span>"dc1.demo.lab"<\/span> -Verbose<\/span><\/span>\nGet-DhcpServerInDC<\/span><\/span>\n<\/span>\nSet-ItemProperty<\/span> -Path registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\ServerManager\\Roles\\<\/span>12<\/span> -Name ConfigurationState -Value <\/span>2<\/span><\/span>\n<\/span>\nSet-DhcpServerv4DnsSetting<\/span> -ComputerName <\/span>"dc1.demo.lab"<\/span> -DynamicUpdates <\/span>"Always"<\/span> -DeleteDnsRRonLeaseExpiry <\/span>$True<\/span><\/span>\n<\/span>\n$Credential<\/span> = <\/span>Get-Credential<\/span><\/span>\nSet-DhcpServerDnsCredential<\/span> -Credential <\/span>$Credential<\/span> -ComputerName <\/span>"dc1.demo.lab"<\/span><\/span>\n<\/span>\n# Enable Sysvol for GPO shared store<\/span><\/span>\nGet-Itemproperty<\/span> -path <\/span>'HKLM:SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters'<\/span> -Name <\/span>'SysVolReady'<\/span> -Verbose<\/span><\/span>\nSet-Itemproperty<\/span> -path <\/span>'HKLM:SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters'<\/span> -Name <\/span>'SysVolReady'<\/span> -Value <\/span>'1'<\/span> -Verbose<\/span><\/span>\n<\/span>\n# Enable Recycle Bin<\/span><\/span>\n$Params<\/span> = <\/span>@<\/span>{<\/span><\/span>\n <\/span>"Identity"<\/span> = <\/span>'Recycle Bin Feature'<\/span><\/span>\n <\/span>"Scope"<\/span> = <\/span>'ForestOrConfigurationSet'<\/span><\/span>\n <\/span>"Target"<\/span> = <\/span>'demo.lab'<\/span><\/span>\n }<\/span><\/span>\n <\/span><\/span>\nEnable-ADOptionalFeature<\/span> <\/span>@Params<\/span> -Verbose<\/span><\/span><\/code><\/pre>PowerShell<\/span><\/div>\n\n\n\nAs I mentioned previously, this lab will use a single server for all Active Directory services but in my physical lab, I tend to run (2) Domain Controllers so if you’d like to configure a second server for the nested lab, you can do so by standing up a 2nd Windows Server OS and running the following on the 2nd server (DC2):<\/p>\n\n\n\n
Note<\/strong>: Be sure to modify the IP’s and Domain Name.<\/em><\/p>\n\n\n\n<\/path><\/path><\/svg><\/span>###2nd DC###<\/span><\/span>\nImport-Module<\/span> ServerManager<\/span><\/span>\nAdd-WindowsFeature<\/span> -Name RSAT-AD-Tools<\/span><\/span>\n<\/span>\nInstall-WindowsFeature<\/span> -Name AD-Domain-Services, DNS -IncludeManagementTools -Verbose<\/span><\/span>\n<\/span>\nImport-Module<\/span> ADDSDeployment -Verbose<\/span><\/span>\n<\/span>\n# Create password<\/span><\/span>\n$Password<\/span> = <\/span>Read-Host<\/span> -Prompt <\/span>'Enter SafeMode Admin Password'<\/span> -AsSecureString<\/span><\/span>\n<\/span>\nGet-DnsClientServerAddress<\/span> <\/span><\/span>\n<\/span>\n#Set the correct InterfaceIndex from previous command<\/span><\/span>\nSet-DnsClientServerAddress<\/span> -InterfaceIndex <\/span>5<\/span> -ServerAddresses (<\/span>"10.100.1.10"<\/span>,<\/span>"127.0.0.1"<\/span>) -Verbose <\/span><\/span>\n<\/span>\nInstall-ADDSDomainController<\/span> -NoGlobalCatalog:<\/span>$false<\/span> -CreateDnsDelegation:<\/span>$false<\/span> -Credential (<\/span>Get-Credential<\/span> <\/span>"LAB\\Administrator"<\/span>) -CriticalReplicationOnly:<\/span>$false<\/span> -DatabasePath <\/span>"C:\\Windows\\NTDS"<\/span> -DomainName <\/span>"demo.lab"<\/span> -InstallDns:<\/span>$true<\/span> -LogPath <\/span>"C:\\Windows\\NTDS"<\/span> -NoRebootOnCompletion:<\/span>$true<\/span> -SiteName <\/span>"Default-First-Site-Name"<\/span> -ReplicationSourceDC <\/span>"dc1.demo.lab"<\/span> -SysvolPath <\/span>"C:\\Windows\\SYSVOL"<\/span> -SafeModeAdministratorPassword <\/span>$Password<\/span> -Force:<\/span>$true<\/span> -Verbose<\/span><\/span>\n<\/span>\n