Deploying and Managing AD with

Get-CimInstance -ClassName Win32_Product | Get-Random -Count 3 |fl

Obtaining a List of Installed Applications:

Get-CimInstance -ClassName Win32_Product |fl

 

Deploying and Managing Active Directory with Windows PowerShell

Chapter 1. Deploy your first forest and domain

Get-NetAdapter

Get-Member

Set-NetIPAddress

New-NetIPAddress

Set-DnsClientServerAddress

Get-NetIPAddress

Rename-Computer

Install-WindowsFeature

Get-Command

Format-Table

Update-Help

ConvertTo-SecureString

 

Get-NetAdapter | Get-Member

Set-NetIPInterface -InterfaceAlias “10 Network” -DHCP Disabled -PassThru

New-NetIPAddress `
     -AddressFamily IPv4 `
     -InterfaceAlias “10 Network” `
     -IPAddress 192.168.10.2 `
     -PrefixLength 24 `
     -DefaultGateway 192.168.10.1

New-NetIPAddress `
     -AddressFamily IPv6 `
     -InterfaceAlias “10 Network” `
     -IPAddress 2001:db8:0:10::2 `
     -PrefixLength 64 `
     -DefaultGateway 2001:db8:0:10::1

 

Set-DnsClientServerAddress `
     -InterfaceAlias “10 Network” `
     -ServerAddresses 192.168.10.2,2001:db8:0:10::2

 

Get-NetIPAddress -InterfaceAlias “10 Network”

Rename-Computer -NewName dc01 -Restart -Force -PassThru

 

Install Active Directory Domain Services

 

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

 

Get-Command -Module ADDSDeployment | Format-Table Name

Name
—-
Add-ADDSReadOnlyDomainControllerAccount
Install-ADDSDomain
Install-ADDSDomainController
Install-ADDSForest
Test-ADDSDomainControllerInstallation
Test-ADDSDomainControllerUninstallation
Test-ADDSDomainInstallation
Test-ADDSForestInstallation
Test-ADDSReadOnlyDomainControllerAccountCreation
Uninstall-ADDSDomainController

 

Update-Help -SourcePath //dc02/PSHelp

Save-Help -DestinationPath //dc02/PSHelp -force

 

Import-Module ADDSDeployment
Test-ADDSForestInstallation `
     -DomainName ‘afd.ink’ `
     -DomainNetBiosName ‘afd’ `
     -DomainMode 6 `
     -ForestMode 6 `
     -NoDnsOnNetwork `
     -NoRebootOnCompletion

 

Deploy the first domain controller and forest

Install-ADDSForest `
     -DomainName ‘afd.ink’ `
     -DomainNetBiosName ‘afd’ `
     -DomainMode 4 `
     -ForestMode 4 `
     -NoDnsOnNetwork `
     -SkipPreChecks `
     -Force

Deploying and Managing AD with

a fuller list of the options for Install-ADDSForest:

Deploying and Managing AD with

 

 

Chapter 2. Manage DNS and DHCP

 

Add-DnsServerPrimaryZone

Add-DnsServerSecondaryZone

Get-DnsServerZone

Export-DnsServerZone

Set-DnsServerPrimaryZone

Set-DnsServerSecondaryZone

Add-DnsServerStubZone

Set-DnsServerStubZone

Add-DnsServerConditionalForwarderZone

Add-DnsServerZoneDelegation

Set-DnsServerZoneDelegation

Add-DnsServerResourceRecord

Add-DnsServerResourceRecordA

Add-DnsServerResourceRecordAAAA

Add-DnsServerResourceRecordCName

Add-DnsServerResourceRecordDnsKey

Add-DnsServerResourceRecordDS

Add-DnsServerResourceRecordMX

Add-DnsServerResourceRecordPtr

Get-DnsServerResourceRecord

Set-DnsServerResourceRecord

Set-DnsServerScavenging

Start-DnsServerScavenging

Get-DnsServerScavenging

 

Add-DhcpServerInDC

Add-DhcpServerv4Scope

Add-DhcpServerv4ExclusionRange

Set-DhcpServerv4OptionValue

Add-DhcpServerv6Scope

Add-DhcpServerv6ExclusionRange

Set-DhcpServerv6OptionValue

 

Create new primary zones

 

Add-DnsServerPrimaryZone -Name ‘nipit.cn’ `
                         -ComputerName ‘dc01.afd.ink’ `
                         -ReplicationScope ‘Domain’ `
                         -DynamicUpdate ‘Secure’ `
                         -PassThru

Creating a reverse lookup zone

Add-DnsServerPrimaryZone -NetworkID 172.16.8.0/24 `
                         -ReplicationScope ‘Forest’ `
                         -DynamicUpdate ‘NonsecureAndSecure’ `
                         -PassThru

 

Add-DnsServerPrimaryZone -NetworkID 2001:db8:0:10::/64 `
                         -ReplicationScope ‘Forest’ `
                         -DynamicUpdate ‘Secure’ `
                         -PassThru

Creating file-based zones uses the -ZoneFile parameter

Add-DnsServerPrimaryZone -Name ‘nipict.com’ `
                         -ZoneFile ‘nipict.com.dns’ `
                         -DynamicUpdate ‘None’

 

Change the settings of a primary zone

Set-DnsServerPrimaryZone

Deploying and Managing AD with

Set-DnsServerPrimaryZone -Name ‘nipict.com’ `
                         -Notify ‘NotifyServers’ `
                         -NotifyServers “192.168.10.201”,”192.168.10.202″ `
                         -PassThru

Get-DnsServerZone -Name ‘nipict.com’ | Format-List

 

Export a primary zone

Export-DnsServerZone -Name ‘0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa’ `
                     -Filename ‘0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns’

The file is saved in the %windir%/system32/dns

 

Create secondary zones

Secondary DNS zones are primarily used for providing distributed DNS resolution when you are using traditional file-based DNS zones. Secondary DNS zones are used for both forward lookup and reverse lookup zones. The DnsServerSecondaryZone set of cmdlets is used to deploy and manage secondary DNS zones.

A secondary DNS zone is a read-only zone and depends on transferring the data for the zone from another DNS server. That other server must be configured to allow zone transfers.

 

Add-DnsServerSecondaryZone –Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `
                           -ZoneFile “0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns” `
                           -LoadExisting `
                           -MasterServers 192.168.10.2,2001:db8:0:10::2 `
                           -PassThru

 

Set-DnsServerSecondaryZone -Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `
                           -MasterServers 192.168.10.3,2001:db8:0:10::3 `
                           -PassThru

 

Set-DnsServerPrimaryZone -Name ‘nipit.cn’ `
                         -SecureSecondaries TransferToZoneNameServer `
                         -PassThru

Add-DnsServerStubZone -Name nipict.com `
                      -MasterServers 192.168.10.4 `
                      -ReplicationScope Domain `
                      -PassThru

 

Set-DnsServerStubZone -Name nipict.com `
                      -LocalMasters 192.168.10.201,192.168.10.202 `
                      -PassThru

 

Configure conditional forwards

Add-DnsServerConditionalForwarderZone -Name nipict.com`
                                      -MasterServers 192.168.10.2,2001:db8::10:2 `
                                      -ForwarderTimeout 5 `
                                      -ReplicationScope “Forest” `
                                      -Recursion $False `
                                      -PassThru

Set-DnsServerConditionalForwarderZone -Name nipict.com `
                                      -MasterServers 192.168.10.3,2001:db8::10:3 `
                                      -PassThru

 

To remove a conditional forward, use the Remove-DnsServerZone

 

Manage zone delegation

Add-DnsServerZoneDelegation -Name nipict.com `
                            -ChildZoneName Engineering `
                            -IPAddress 192.168.10.12,2001:db8:0:10::c `
                            -NameServer dc01.afd.ink`
                            -PassThru

 

Set-DnsServerZoneDelegation -Name nipict.com `
                            -ChildZoneName Engineering `
                            -IPAddress 192.168.10.13,2001:db8:0:10::d `
                            -NameServer dc02.afd.ink`
                            -PassThru

 

Manage DNS records

Get-Help Add-DnsServerResourceRecord* | ft -auto Name,Synopsis

Name                              Synopsis
—-                              ——–
Add-DnsServerResourceRecord       Adds a resource record of a specified type to…
Add-DnsServerResourceRecordA      Adds a type A resource record to a DNS zone.
Add-DnsServerResourceRecordAAAA   Adds a type AAAA resource record to a DNS server.
Add-DnsServerResourceRecordCName  Adds a type CNAME resource record to a DNS  zone.
Add-DnsServerResourceRecordDnsKey Adds a type DNSKEY resource record to a DNS zone.
Add-DnsServerResourceRecordDS     Adds a type DS resource record to a DNS zone.
Add-DnsServerResourceRecordMX     Adds an MX resource record to a DNS server.
Add-DnsServerResourceRecordPtr    Adds a type PTR resource record to a DNS server.

 

Add-DnsServerResourceRecord  -ZoneName “afd.ink” `
                             -A `
                             -Name wds-11 `
                             -IPv4Address 192.168.10.11 `
                             -CreatePtr `
                             -PassThru

Add-DnsServerResourceRecordA -ZoneName “afd.ink” `
                             -Name wds-11 `
                             -IPv4Address 192.168.10.11 `
                             -CreatePtr `
                             -PassThru

 

Add-DnsServerResourceRecord  -ZoneName “afd.ink” `
                             -AAAA `
                             -Name wds-11 `
                             -IPv6Address 2001:db8:0:10::b `
                             -CreatePtr `
                             -PassThru

Add-DnsServerResourceRecord -ZoneName “afd.ink” `
                            -CName `
                            -Name wds `
                            -HostNameAlias wds-11.afd.ink `
                            -PassThru

Add-DnsServerResourceRecord -ZoneName “afd.ink” `
                            -Name “.”  `
                            -MX `
                            -MailExchange mail.afd.ink`
                            -Preference 10

Add-DnsServerResourceRecord -ZoneName “afd.ink” `
                            -Name “.”  `
                            -MX `
                            -MailExchange mail2.afd.ink`
                            -Preference 20

 

Add-DnsServerResourceRecord Parameters for SRV records:

Deploying and Managing AD with

Add-DnsServerResourceRecord -ZoneName “afd.ink” `
                            -Name _nntp._tcp `
                            -SRV `
                            -DomainName “edge-1.afd.ink” `
                            -Port 119 `
                            -Priority 0 `
                            -Weight 0 `
                            -PassThru

 

HostName   RecordType Timestamp TimeToLive RecordData
——–   ———- ——— ———- ———-
_nntp._tcp SRV        0         01:00:00   [0][0][119][edge-1.afd.ink.]

 

Configure zone scavenging and aging (配置区域清理和老化)

Set-DnsServerScavenging -ScavengingState:$True `
                        -ScavengingInterval 4:00:00:00 `
                        -RefreshInterval 3:00:00:00 `
                        -NoRefreshInterval 0 `
                        -ApplyOnAllZones `
                        -PassThru

Get-DnsServerScavenging

Start-DnsServerScavenging

 

Deploy DHCP

Install-WindowsFeature -ComputerName dc01 `
                       -Name DHCP `
                       -IncludeAllSubFeature `
                       -IncludeManagementTools

 

Add-DhcpServerInDC -DnsName ‘dc01.afd.ink’ -PassThru

 

Add-DhcpServerv4Scope -Name “afd-dhcp” `
                      -ComputerName “dc01” `
                      -Description “Default IPv4 Scope for afd.ink” `
                      -StartRange “172.16.8.100” `
                      -EndRange   “172.16.8.200” `
                      -SubNetMask “255.255.255.0” `
                      -State Active `
                      -Type DHCP `
                      -PassThru

 

Add-DhcpServerv4ExclusionRange -ScopeID “172.16.8.0” `
                               -ComputerName “dc01” `
                               -StartRange “172.16.8.100” `
                               -EndRange   “172.16.8.120” `
                               -PassThru

 

Set-DhcpServerv4OptionValue -ScopeID 172.16.8.0 `
                            -ComputerName “dc01” `
                            -DnsDomain “afd.ink” `
                            -DnsServer “172.16.8.10” `
                            -Router “172.16.8.1” `
                            -PassThru

Add-DhcpServerv6Scope -Name “afd-IPv6-Default” `
                         -ComputerName “dc01” `
                         -Description “Default IPv6 Scope for afd.ink” `
                         -Prefix 2001:db8:0:10:: `
                         -State Active `
                         -PassThru

Add-DhcpServerv6ExclusionRange –ComputerName dc01 `
                               -Prefix 2001:db8:0:10:: `
                               -StartRange 2001:db8:0:10::1 `
                               -EndRange   2001:db8:0:10::20 `
                               -PassThru

 

Set-DhcpServerv6OptionValue -Prefix 2001:db8:0:10:: `
                               -ComputerName “dc01” `
                               -DnsServer 2001:db8:0:10::1 `
                               -DomainSearchList “afd.ink” `
                               -PassThru

 

Chapter 3. Create and manage users and groups

ADUser

ADGroup

ADGroupMember

ADAccountPassword

ADPrincipalGroupMembership

ADObject

ADComputer

 

Import-CSV

ConvertTo-SecureString

Get-Command

Test-Path

Read-Host

Write-Host

 

Create users

 

New-ADUser

Deploying and Managing AD with

Deploying and Managing AD with

Deploying and Managing AD with

 

Get-ADUser -Identity Administrator

$SecurePW = Read-Host -Prompt “Enter a password” -asSecureString
New-ADUser -Name “gazh” `
           -AccountPassword $SecurePW  `
           -SamAccountName ‘gazh’ `
           -DisplayName ‘gazh’ `
           -Enabled $True `
           -PassThru `
           -PasswordNeverExpires $True `
           -UserPrincipalName ‘gazh’

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

原创文章,作者:kepupublish,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/182803.html

(0)
上一篇 2021年11月1日 23:00
下一篇 2021年11月1日 23:00

相关推荐

发表回复

登录后才能评论