For most tasks, you can use sconfig.cmd. But, if you’re not running Server Core, or you just want to know how to do it yourself, here are some examples in no particular order:
cd /d %SystemRoot%\System32 net stop wsuaserv cscript scregedit.wsf /AU /4 net start wsuaservThe 4 means Automatically download and schedule installation.
In addition, cscript scregedit.wsf /cli shows some other useful commands.
To promote the machine to be a domain controller (in this example, in a new forest):
dcpromo /NewDomain:forest /NewDomainDNSName:deep6.test /ReplicaOrNewDomain:domain /InstallDNS:yes /SafeModeAdminPassword:hunter2
You could instead create an answer file for unattended installation:
[DCInstall] NewDomain=forest NewDomainDNSName=deep6.test ReplicaOrNewDomain=domain InstallDNS=Yes SafeModeAdminPassword=hunter2
And then run:
dcpromo /unattend:unattend.txt
PowerShell version (may require role addition – to be tested):
Import-Module ADDSDeployment ; Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "WinThreshold" -DomainName "deep6.test" -DomainNetbiosName "DEEP6" -ForestMode "WinThreshold" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true
The ‘easiest’ way to do command-line administration of AD is probably with the ds* commands. Here are some examples to get you started:
If you’re feeling penitent, here are some wmic commands instead:
C:\>wmic /namespace:\\root\directory\ldap path ds_user ^ More? where "ds_cn='Administrator'" get ds_distinguishedName,ds_userAccountControl DS_distinguishedName DS_userAccountControl CN=Administrator,CN=Users,DC=deep6,DC=test 66048
Unfortunately it’s not possible to use wmic to set user properties; the Active Directory (DS) WMI Provider has a quirky way of updating properties.
dnscmd.exe is the usual command-line utility for DNS management.
Feel free to contact me with any questions, comments, or feedback.