This tutorial shows you how to add a Child Domain to an existing Forest using Powershell. For this tutorial, Windows Server 2016 Standard Edition without Desktop Experience has been used. This edition was known as Core Edition in previous Windows Server editions.
To configure the network adapter and change the hostname using Powershell, use this tutorial:
Log in as Administrator. A Command Shell is shown. Type ‘powershell’ and hit enter.
To install the Active Directory Domain Services, use the Install-WindowsFeature cmdlet.
Install-WindowsFeature AD-Domain-ServicesIn this example a child domain will be added to the forest. If the parameter ‘-DomainType’ is not specified or set to ‘ChildDomain’, a child domain is created automatically. For a new domain tree use ‘-DomainType TreeDomain’ and, for example, use ‘-NewDomainName domain01.lab02.local’. The name of the parent domain is lab01.local. The name of the child domain is ‘domain01’. DNS will be installed and DNS delegation is created so the DNS zone for domain01.lab01.local can be managed by the domain01.lab01.local domain administrators. If there is already a separate DNS server/appliance, e.g. Infoblox, the ‘InstallDns’ parameter should be set to false (-InstallDns:$false).
The domain controller will be placed in the site named Site01. If a sitename is not specified, the default is the site that is associated with the subnet that includes the IP address of the server. If no such site exists, the default is the site of the replication source domain controller.
To add a domain to a forest, the credentials from an account that is a member of the Enterprise Admins group are required. These credentials will be asked for when the command is executed.
Example:
Install-ADDSDomain -Credential (Get-Credential LAB01\Administrator) -NewDomainName domain01 -ParentDomainName 'lab01.local' -InstallDNS -CreateDNSDelegation -SiteName 'Site01' -SafeModeAdministratorPassword (Get-Credential 'SafeModeAdministratorPassword').PasswordAfter the reboot you have a fully functional domain controller.
Because the domain controller is also a DNS server, you might want to set DNS Forwarders. Use the Set-DnsServerForwarder cmdlet to set the forwarders. For example, use the Google DNS server addresses, or any other public DNS server address.
Example:
Set-DnsServerForwarder -IPAddress 8.8.8.8,8.8.4.4You have added a domain to an existing ADDS Forest using Powershell!
If you want to install a Certificate Authority on the Domain Controller using Powershell, use this tutorial:
If you want to install DHCP on the Domain Controller using Powershell, use this tutorial:
Hello! I tried this command in order to add a domain to an existing forest. Everything works I expected but it create a Transitive relationship by default.
“Install-AddsDomain -domaintype treedomain -parentdomainname yourdomain -newdomainname ourdomain.com -NewDomainNetbiosName yournetbiosdomain -credential (Get-Credential)”
Do you know which is the option I have to add to have a NON-TRANSITIVE relationship?
Thanks in advance!
Hi Andrea. I believe a non-transitive trust is only possible when you create an external- or realm-trust. Maybe this article can help you understand all the different trusts.