Add the first Windows Server 2025 Domain Controller to an existing ADDS Domain using Powershell

This tutorial shows you how to add the first Windows Server 2025 Domain Controller to an existing ADDS Domain using Powershell. If the existing domain contains domain controllers based on Windows Server 2022 or any previous supported version, a schema update is required.

For this tutorial, a Windows Server 2025 Standard Edition without Desktop Experience has been used. This edition was known as Core Edition in previous Windows Server editions.

Schema update

Before adding the first new Windows Server 2025 domain controller to the existing domain, a schema update is required. The schema update will update the schema version to 91. To determine the current schema version of the existing domain, check this Microsoft article for more information.

Find the current Active Directory Schema version | Microsoft Learn

Make sure that the account that is used to perform the schema update, is a member of the Schema Admins group, Enterprise Admins group and Domain Admins group.

Mount the Windows Server 2025 iso file to any domain joined server. You can also use an existing domain controller to perform the schema update. If the iso is mounted to the D-drive, use the following command to perform the forestprep first.

D:\support\adprep\adprep.exe /forestprep

A screen is shown with information about the schema update. If you are sure you have fulfilled all the requirements, press ‘C’ to continue.

When the forestprep was successful, continue with the domainprep. Membership of the Domain Admins group is sufficient to perform the domainprep. Use the following command to perform the domainprep.

D:\support\adprep\adprep.exe /domainprep

Install the new domain controller

After finishing the forest and domain preps, it’s now time to add the first Windows Server 2025 domain controller to the existing domain.

To configure the network adapter and change the hostname using Powershell, use this tutorial:

Log in as Administrator. In the SConfig menu, use option 15 to exit to the PowerShell command line.

To install the Active Directory Domain Services role, use the Install-WindowsFeature cmdlet.

Install-WindowsFeature AD-Domain-Services

In this example a new Domain Controller will be added to an existing domain. The name of the existing domain is ‘lab01.local’ and DNS will be installed. If there is already a separate DNS server/appliance, e.g. Infoblox, the ‘InstallDns’ parameter should be set to false (-InstallDns:$false).

The domain controller will be placed in the existing site named ‘Site01’. If a sitename is not specified, the default is the site that is associated with the subnet that includes the IP address of the server. If no such site exists, the default is the site of the replication source domain controller.

After installing the domain controller, the server will automatically reboot, unless you set the ‘NoRebootOnCompletion’ parameter to true, which is not recommended by Microsoft, except for testing or troubleshooting.

Install-ADDSDomainController -DomainName 'lab01.local' -InstallDns -SiteName 'Site01' -Credential (Get-Credential 'LAB01\Administrator') -SafeModeAdministratorPassword (Get-Credential 'SafeModeAdministratorPassword').Password

After the reboot you have a fully functional domain controller.
If the domain controller is also a DNS server, you might want to set DNS Forwarders. Use the Set-DnsServerForwarder cmdlet to set the forwarders. For example, use the Google DNS server addresses, or any other (public) DNS server address.

Example:

Set-DnsServerForwarder -IPAddress 8.8.8.8,8.8.4.4

You have added a domain controller to an existing ADDS domain using Powershell!

If you want to install DHCP on the Domain Controller using Powershell, use this tutorial:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.