Promoting first Domain Controller on Windows server 2012 Core using PowerShell

Note: The following article is applicable on Windows Server 2012 with GUI as well.

So, you have installed new Windows server 2012 Core version and setup network configuration. You’re ready to set it up as the first Domain Controller in the forest.  We can promote a DC using GUI, Sconfig (on Core) and Powershell cmdlet. We are going to discuss Powershell command here.

Powershell has 2 cmdlets for promoting a domain controller, the cmdlet and the difference:

  • Install-ADDSForest – Installs a new forest. This is used when you’re going to promote the very first DC.
  • Install-ADDSDomain – Installs Domain in an existing Forest.

Since, this article is on first DC, we would use Install-ADDSForest cmdlet.

1. To launch Powershell on Windows Server Core, just type Powershell  in the command prompt!

2. Now, we need to install the ADDSDeployment module so that all AD deployment cmdlets are available for use. Type the following command:

Import-Module ADDSDeployment

3. Since It is going to be the first Domain Controller in the Forest, the cmdlet we need to use here is Install-ADDSForest . You can get dig more on this cmdlet by going through its help file: Get-Help Install-ADDSForest.

The below command is fairly simple and installs the new domain with DNS service.

Install-ADDSForest -DomainName <NameofYourDomain> -InstallDNS


Some of the common parameters available to be used are:

-DomainMode and –ForestMode  : Specify the Domain or Forest functional level. The default value is Windows2008R2. Options available are:

  • 2 or Win2003 (Windows 2003)
  • 3 or Win2008 (Windows 2008)
  • 4 or Win2008R2 (Windows 2008 R2)
  • 5 or Win2012 (Windows 2012)

-SafeModeAdministratorPassword : To provide the administrator account password for Safe mode or DSRM. if you omit the parameter, then you will be prompted for the Safe mode password before proceeding.

Note:- If you wish to provide the password in the command, then it must be a Secure string using the ConvertTo-SecureString cmdlet. So, the code would be: –SafeModeAdministratorPassword (ConvertTo-SecureString ‘Password’ –AsPlainText –Force)

SysVolPath : Fully qualified path of the destination directory for Sysvol folder. It cannot be a UNC path.

DatabasePath : Fully qualified path for the AD database file or NTDS directory.

-Force : Suppress any warning during the execution of the DC promotion.