DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt

.NAME
    ADDomain
 
.DESCRIPTION
    The ADDomain resource creates a new domain in a new forest or a child domain in an existing forest. While it is possible to set the forest functional level and the domain functional level during deployment with this resource the common restrictions apply. For more information see https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels.
 
    ## Requirements
 
    * Target machine must be running Windows Server 2008 R2 or later.
 
.PARAMETER DomainName
    Key - String
    The fully qualified domain name (FQDN) of a new domain. If setting up a child domain this must be set to a single-label DNS name.
 
.PARAMETER Credential
    Required - Instance
    Specifies the user name and password that corresponds to the account used to install the domain controller. These are only used when adding a child domain and these credentials need the correct permission in the parent domain. This will not be created as a user in the new domain. The domain administrator password will be the same as the password of the local Administrator of this node.
 
.PARAMETER SafeModeAdministratorPassword
    Required - Instance
    Password for the administrator account when the computer is started in Safe Mode.
 
.PARAMETER ParentDomainName
    Write - String
    Fully qualified domain name (FQDN) of the parent domain.
 
.PARAMETER DomainNetBiosName
    Write - String
    NetBIOS name for the new domain.
 
.PARAMETER DnsDelegationCredential
    Write - Instance
    Credential used for creating DNS delegation.
 
.PARAMETER DomainType
    Write - String
    Allowed values: ChildDomain, TreeDomain
    When installing a new domain, specifies whether it is a new domain tree in an existing forest ('TreeDomain'), or a child of an existing domain ('ChildDomain'). Only used when installing a new domain. Default value is 'ChildDomain'.
 
.PARAMETER DatabasePath
    Write - String
    Path to a directory that contains the domain database.
 
.PARAMETER LogPath
    Write - String
    Path to a directory for the log file that will be written.
 
.PARAMETER SysvolPath
    Write - String
    Path to a directory where the Sysvol file will be written.
 
.PARAMETER ForestMode
    Write - String
    Allowed values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold
    The Forest Functional Level for the entire forest.
 
.PARAMETER DomainMode
    Write - String
    Allowed values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold
    The Domain Functional Level for the entire domain.
 
.PARAMETER DomainExist
    Read - Boolean
    Returns $true if the domain is available, or $false if the domain could not be found.
 
.PARAMETER DnsRoot
    Read - String
    Returns the fully qualified domain name (FQDN) DNS root of the domain.
 
.PARAMETER Forest
    Read - String
    Returns the fully qualified domain name (FQDN) of the forest.
 
.EXAMPLE 1
 
This configuration will create a new domain with a new forest and a forest
functional level of Server 2016.
 
Configuration ADDomain_NewForest_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $Credential,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $SafeModePassword
    )
 
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName ActiveDirectoryDsc
 
    node 'localhost'
    {
        WindowsFeature 'ADDS'
        {
            Name = 'AD-Domain-Services'
            Ensure = 'Present'
        }
 
        WindowsFeature 'RSAT'
        {
            Name = 'RSAT-AD-PowerShell'
            Ensure = 'Present'
        }
 
        ADDomain 'contoso.com'
        {
            DomainName = 'contoso.com'
            Credential = $Credential
            SafemodeAdministratorPassword = $SafeModePassword
            ForestMode = 'WinThreshold'
        }
    }
}
 
.EXAMPLE 2
 
This configuration will create a new child domain in an existing forest with
a Domain Functional Level of Windows Server 2016 (WinThreshold).
The credential parameter must contain the domain qualified credentials of a
user in the forest who has permissions to create a new child domain.
 
Configuration ADDomain_NewChildDomain_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $Credential,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $SafeModePassword
    )
 
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName ActiveDirectoryDsc
 
    node 'localhost'
    {
        WindowsFeature 'ADDS'
        {
            Name = 'AD-Domain-Services'
            Ensure = 'Present'
        }
 
        WindowsFeature 'RSAT'
        {
            Name = 'RSAT-AD-PowerShell'
            Ensure = 'Present'
        }
 
        ADDomain 'child'
        {
            DomainName = 'child'
            Credential = $Credential
            SafemodeAdministratorPassword = $SafeModePassword
            DomainType = 'ChildDomain'
            DomainMode = 'WinThreshold'
            ParentDomainName = 'contoso.com'
        }
    }
}
 
.EXAMPLE 3
 
This configuration will create a new domain tree in an existing forest with
a Domain Functional Level of Windows Server 2016 (WinThreshold).
The credential parameter must contain the domain qualified credentials of a
user in the forest who has permissions to create a new domain tree.
 
Configuration ADDomain_NewDomainTree_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $Credential,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $SafeModePassword
    )
 
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName ActiveDirectoryDsc
 
    node 'localhost'
    {
        WindowsFeature 'ADDS'
        {
            Name = 'AD-Domain-Services'
            Ensure = 'Present'
        }
 
        WindowsFeature 'RSAT'
        {
            Name = 'RSAT-AD-PowerShell'
            Ensure = 'Present'
        }
 
        ADDomain 'fabrikam.com'
        {
            DomainName = 'fabrikam.com'
            Credential = $Credential
            SafemodeAdministratorPassword = $SafeModePassword
            DomainType = 'TreeDomain'
            DomainMode = 'WinThreshold'
            ParentDomainName = 'contoso.com'
        }
    }
}