#Active Directory
### Anzeige leeren ###
Clear-Host
### In das Verzeichnis c:\ wechseln ###
Set-Location c:\
### Verfügbare Netzwerkadapter anzeigen ###
Get-NetAdapter
# Ausgabe:
# Name InterfaceDescription ifIndex Status
# ---- -------------------- ------- ------
# Ethernet0 Intel(R) 82574L Gigabit Network Conn... 4 Up
### Herausfinden wofür Name steht - Hier: InterfaceAlias ###
Get-NetAdapter | Get-Member
# Ausgabe:
# DriverVersion AliasProperty DriverVersion = DriverVersionString
# ifAlias AliasProperty ifAlias = Name
# ifDesc AliasProperty ifDesc = InterfaceDescription
# ifIndex AliasProperty ifIndex = InterfaceIndex
# ifName AliasProperty ifName = InterfaceName
# InterfaceAlias AliasProperty InterfaceAlias = Name
# LinkLayerAddress AliasProperty LinkLayerAddress = MacAddress
### DHCP bei Ethernet0 deaktivieren
Set-NetIPInterface -InterfaceAlias "Ethernet0" -Dhcp Disabled -PassThru
# Ausgabe:
# ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStore
# ------- -------------- ------------- ------------ --------------- ---- --------------- -----------
# 4 Ethernet0 IPv6 1500 25 Disabled Connected ActiveStore
# 4 Ethernet0 IPv4 1500 25 Disabled Connected ActiveStore
### Statische IPv4-Adresse und Gateway zuweisen ###
New-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Ethernet0" `
-IPAddress 192.168.123.20 -PrefixLength 24 `
-DefaultGateway 192.168.123.2
### DNS Server zuweisen ###
Set-DnsClientServerAddress `
-InterfaceAlias "Ethernet0" `
-ServerAddresses 192.168.123.20
### IP Adresse anzeigen ###
Get-NetIPAddress -InterfaceAlias "Ethernet0"
# Ausgabe:
# IPAddress : 192.168.123.20
# InterfaceIndex : 4
# InterfaceAlias : Ethernet0
# AddressFamily : IPv4
# Type : Unicast
# PrefixLength : 24
# PrefixOrigin : Manual
# SuffixOrigin : Manual
# AddressState : Preferred
# ValidLifetime : Infinite ([TimeSpan]::MaxValue)
# PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
# SkipAsSource : False
# PolicyStore : ActiveStore
### Zugewiesener DNS-Eintrag anzeigen ###
Get-DnsClientServerAddress -InterfaceAlias "Ethernet0"
### Verbindung zum Internet testen - Hier die IP von Google ###
Test-Connection 8.8.8.8
# Ausgabe:
# Source Destination IPV4Address IPV6Address Bytes Time(ms)
# ------ ----------- ----------- ----------- ----- --------
# DC01 8.8.8.8 32 12
# DC01 8.8.8.8 32 8
# DC01 8.8.8.8 32 6
# DC01 8.8.8.8 32 9
### Optional: Computername zu dc01 ändern und Server neu starten ###
Rename-Computer -NewName dc01 -Restart -Force -PassThruPS C:\Users\Administrator> Get-WindowsFeature -Name *Domain*
Get-WindowsFeature : Die Benennung "Get-WindowsFeature" wurde nicht als Name eines Cmdlet, einer Funktion, einer
Skriptdatei oder eines ausführbaren Programms erkannt. Überprüfen Sie die Schreibweise des Namens, oder ob der Pfad
korrekt ist (sofern enthalten), und wiederholen Sie den Vorgang.
In Zeile:1 Zeichen:1
+ Get-WindowsFeature -Name *Domain*
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-WindowsFeature:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionDANGER-ALERT Darstellung. Dieser Fehler tritt auf, wenn man die x86 Version von PowerShell verwendet. Stattdessen sollte man die 64bit Version verwenden. Dann kann folgender Befehl ausgeführt werden.
PS C:\Users\Administrator> Get-Module -ListAvailable
Verzeichnis: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0.1 Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}
Binary 1.0.0.1 PackageManagement {Find-Package, Get-Package, Get-PackageProvider, Get-Packa...
Script 3.4.0 Pester {Describe, Context, It, Should...}
Script 1.0.0.1 PowerShellGet {Install-Module, Find-Module, Save-Module, Update-Module...}
Script 2.0.0 PSReadline {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remov...
Verzeichnis: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.0.0 AppBackgroundTask {Disable-AppBackgroundTaskDiagnosticLog, Enable-AppBackgro...
Manifest 2.0.0.0 AppLocker {Get-AppLockerFileInformation, Get-AppLockerPolicy, New-Ap...
Manifest 1.0.0.0 AppvClient {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add...
Manifest 2.0.1.0 Appx {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest...
Manifest 1.0 BestPractices {Get-BpaModel, Get-BpaResult, Invoke-BpaModel, Set-BpaResult}
Manifest 2.0.0.0 BitsTransfer {Add-BitsFile, Complete-BitsTransfer, Get-BitsTransfer, Re...
Manifest 1.0.0.0 BranchCache {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disa...
Manifest 1.0.0.0 CimCmdlets {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance,...
Manifest 1.0 ConfigCI {Get-SystemDriver, New-CIPolicyRule, New-CIPolicy, Get-CIP...
Manifest 1.0 ConfigDefender {Get-MpPreference, Set-MpPreference, Add-MpPreference, Rem...
Manifest 1.0 Defender {Get-MpPreference, Set-MpPreference, Add-MpPreference, Rem...
Manifest 1.0.1.0 DeliveryOptimization {Get-DeliveryOptimizationStatus, Get-DeliveryOptimizationP...
Binary 2.0.0.0 DFSR {New-DfsReplicationGroup, Get-DfsReplicationGroup, Set-Dfs...
Manifest 1.0.0.0 DirectAccessClientComponents {Disable-DAManualEntryPointSelection, Enable-DAManualEntry...
Script 3.0 Dism {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-Window...
Manifest 1.0.0.0 DnsClient {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get...
Manifest 1.0.0.0 EventTracingManagement {Start-EtwTraceSession, New-EtwTraceSession, Get-EtwTraceS...
Manifest 2.0.0.0 International {Get-WinDefaultInputMethodOverride, Set-WinDefaultInputMet...
Manifest 1.0.0.0 iSCSI {Get-IscsiTargetPortal, New-IscsiTargetPortal, Remove-Iscs...
Manifest 2.0.0.0 IscsiTarget {Add-ClusteriSCSITargetServerRole, Add-IscsiVirtualDiskTar...
Script 1.0.0.0 ISE {New-IseSnippet, Import-IseSnippet, Get-IseSnippet}
Manifest 1.0.0.0 Kds {Add-KdsRootKey, Get-KdsRootKey, Test-KdsRootKey, Set-KdsC...
Manifest 1.0.1.0 Microsoft.PowerShell.Archive {Compress-Archive, Expand-Archive}
Manifest 3.0.0.0 Microsoft.PowerShell.Diagnostics {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter...
Manifest 3.0.0.0 Microsoft.PowerShell.Host {Start-Transcript, Stop-Transcript}
Manifest 1.0.0.0 Microsoft.PowerShell.LocalAccounts {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser...
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...
Script 1.0 Microsoft.PowerShell.ODataUtils Export-ODataEndpointProxy
Manifest 3.0.0.0 Microsoft.PowerShell.Security {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Format-List, Format-Custom, Format-Table, Format-Wide...}
Manifest 3.0.0.0 Microsoft.WSMan.Management {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredS...
Manifest 1.0 MMAgent {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent...
Manifest 1.0.0.0 MsDtc {New-DtcDiagnosticTransaction, Complete-DtcDiagnosticTrans...
Manifest 2.0.0.0 NetAdapter {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-Ne...
Manifest 1.0.0.0 NetConnection {Get-NetConnectionProfile, Set-NetConnectionProfile}
Manifest 1.0.0.0 NetDiagnostics Get-NetView
Manifest 1.0.0.0 NetEventPacketCapture {New-NetEventSession, Remove-NetEventSession, Get-NetEvent...
Manifest 2.0.0.0 NetLbfo {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTea...
Manifest 1.0.0.0 NetNat {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMa...
Manifest 2.0.0.0 NetQos {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, ...
Manifest 2.0.0.0 NetSecurity {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPse...
Manifest 1.0.0.0 NetSwitchTeam {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTea...
Manifest 1.0.0.0 NetTCPIP {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol...
Manifest 1.0.0.0 NetworkConnectivityStatus {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Rese...
Manifest 1.0.0.0 NetworkSwitchManager {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEt...
Manifest 1.0.0.0 NetworkTransition {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfig...
Manifest 1.0 NFS {Get-NfsMappedIdentity, Get-NfsNetgroup, Install-NfsMappin...
Manifest 1.0.0.0 PcsvDevice {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restar...
Binary 1.0.0.0 PersistentMemory {Get-PmemDisk, Get-PmemPhysicalDevice, Get-PmemUnusedRegio...
Manifest 1.0.0.0 PKI {Add-CertificateEnrollmentPolicyServer, Export-Certificate...
Manifest 1.0.0.0 PlatformIdentifier Get-PlatformIdentifier
Manifest 1.0.0.0 PnpDevice {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, D...
Manifest 1.1 PrintManagement {Add-Printer, Add-PrinterDriver, Add-PrinterPort, Get-Prin...
Binary 1.0.11 ProcessMitigations {Get-ProcessMitigation, Set-ProcessMitigation, ConvertTo-P...
Manifest 1.1 PSDesiredStateConfiguration {Set-DscLocalConfigurationManager, Start-DscConfiguration,...
Script 1.0.0.0 PSDiagnostics {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WS...
Binary 1.1.0.0 PSScheduledJob {New-JobTrigger, Add-JobTrigger, Remove-JobTrigger, Get-Jo...
Manifest 2.0.0.0 PSWorkflow {New-PSWorkflowExecutionOption, New-PSWorkflowSession, nwsn}
Manifest 1.0.0.0 PSWorkflowUtility Invoke-AsWorkflow
Manifest 2.0.0.0 RemoteDesktop {Get-RDCertificate, Set-RDCertificate, New-RDCertificate, ...
Manifest 1.0.0.0 ScheduledTasks {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledT...
Manifest 2.0.0.0 SecureBoot {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBoo...
Manifest 1.0.0.0 SecurityCmdlets {Backup-SecurityPolicy, Restore-SecurityPolicy, Backup-Aud...
Script 1.0.0.0 ServerCore {Get-DisplayResolution, Set-DisplayResolution}
Script 2.0.0.0 ServerManager {Get-WindowsFeature, Install-WindowsFeature, Uninstall-Win...
Cim 1.0.0.0 ServerManagerTasks {Get-SMCounterSample, Get-SMPerformanceCollector, Start-SM...
Manifest 2.0.0.0 SmbShare {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbSha...
Manifest 2.0.0.0 SmbWitness {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw...
Manifest 2.0.0.0 SoftwareInventoryLogging {Get-SilComputer, Get-SilComputerIdentity, Get-SilSoftware...
Manifest 1.0.0.0 StartLayout {Export-StartLayout, Import-StartLayout, Export-StartLayou...
Manifest 2.0.0.0 Storage {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add...
Manifest 1.0.0.0 StorageBusCache {Clear-StorageBusDisk, Disable-StorageBusCache, Disable-St...
Manifest 2.0.0.0 TLS {New-TlsSessionTicketKey, Enable-TlsSessionTicketKey, Disa...
Manifest 1.0.0.0 TroubleshootingPack {Get-TroubleshootingPack, Invoke-TroubleshootingPack}
Manifest 2.0.0.0 TrustedPlatformModule {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm...}
Binary 2.1.639.0 UEV {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-Uev...
Manifest 1.0.0.0 UserAccessLogging {Enable-Ual, Disable-Ual, Get-Ual, Get-UalDns...}
Manifest 2.0.0.0 VpnClient {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnectio...
Manifest 1.0.0.0 Wdac {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn...}
Manifest 2.0.0.0 Whea {Get-WheaMemoryPolicy, Set-WheaMemoryPolicy}
Manifest 1.0.0.0 WindowsDeveloperLicense {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperL...
Script 1.0 WindowsErrorReporting {Enable-WindowsErrorReporting, Disable-WindowsErrorReporti...
Manifest 1.0.0.0 WindowsSearch {Get-WindowsSearchSetting, Set-WindowsSearchSetting}
Manifest 1.0.0.0 WindowsUpdate Get-WindowsUpdateLog
Manifest 1.0.0.2 WindowsUpdateProvider {Get-WUAVersion, Get-WULastInstallationDate, Get-WULastSca...PS C:\Users\Administrator> Import-Module ServerManager
# Ausgabe: keine (Das bedeutet, es hat funktioniert)### Name des Features Active Directory herausfinden ###
PS C:\Users\Administrator> Get-WindowsFeature -Name *Domain*
Display Name Name Install State
------------ ---- -------------
[ ] Active Directory-Domänendienste AD-Domain-Services Available
### Ohne Bedingung: Active Directory Domain Dienste installieren ###
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
# Ausgabe:
# Success Restart Needed Exit Code Feature Result
# ------- -------------- --------- --------------
# True Yes SuccessRest... {Active Directory-Domänendienste, Gruppenr...
# WARNUNG: Sie müssen den Server neu starten, um den Installationsprozess abzuschließen.
# WARNUNG: Fehler beim Starten der automatischen Aktualisierung für installierte Komponenten. Fehler: 0x8024a10b
### Mit Bedingung: Active Directory Domain Dienste installieren ###
if ( (Get-WindowsFeature -Name AD-Domain-Services).InstallState -ne "Installed" ) {
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
}
# Ausgabe: Gleich wie mit ohne Bedingung### Trockendurchlauf, Simulation mit -whatif: Active Directory Domain Dienste installieren ###
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature -Whatif### Server hochstufen zu einem Domänencontroller ###
$pwdSS = ConvertTo-SecureString 'C0deguru' -AsPlainText -Force
# keine Ausgabe
Import-Module ADDSDeployment
# keine Ausgabe
Install-ADDSForest `
-CreateDnsDelegation:$false ` # Keine DNS-Delegierung, da private Domäne verwendet wird
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" ` # Name für Forest-Mode oder Domain-Mode
-DomainName "guru.test" ` # Name für Active Directory
-DomainNetBiosName "GURU" `
-ForestMode "WinThreshold" `
-InstallDns:$true ` # DNS Server soll verwendet werden
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false ` # Server Neustart ist gewünscht
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword $pwdSS ` # Variable mit Passwort als Secure String
-SkipPreChecks ` # Voraussetzungsüberprüfungen werden durchgeführt
-Force:$true # Durchführung starten
PS C:\Users\Administrator> Get-DnsClientServerAddress -InterfaceAlias "Ethernet0"
InterfaceAlias Interface Address ServerAddresses
Index Family
-------------- --------- ------- ---------------
Ethernet0 10 IPv4 {127.0.0.1}
Ethernet0 10 IPv6 {::1}
PS C:\Users\Administrator> Set-DnsClientServerAddress `
-InterfaceAlias "Ethernet0" `
-ServerAddresses 192.168.123.20
PS C:\Users\Administrator> Get-DnsClientServerAddress -InterfaceAlias "Ethernet0"
InterfaceAlias Interface Address ServerAddresses
Index Family
-------------- --------- ------- ---------------
Ethernet0 10 IPv4 {192.168.123.20}
Ethernet0 10 IPv6 {::1}
bei DC02
PS C:\> ping guru.test
Ping wird ausgeführt für guru.test [192.168.123.20] mit 32 Bytes Daten:
Antwort von 192.168.123.20: Bytes=32 Zeit<1ms TTL=128
Antwort von 192.168.123.20: Bytes=32 Zeit<1ms TTL=128
Antwort von 192.168.123.20: Bytes=32 Zeit<1ms TTL=128
Antwort von 192.168.123.20: Bytes=32 Zeit<1ms TTL=128
Ping-Statistik für 192.168.123.20:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
PS C:\>
PS C:\> Add-Computer -DomainName guru.test -Restart
## Dann folgt ein Eingabefenster:
## Benutzername: guru\administrator
## Kennwort: C0deguru
## Nach erfolgreicher Eingabe startet der Server neu