How to create your Windows Server 2019/2022 Hyper-V Lab using the GUI and Windows PowerShell.

This Hyper-V lab should be suitable for learning/testing multiple technologies in Windows Server 2019 and/or Windows Server 2022.

Disclaimer: While all the steps here have been tested to work, some additional troubleshooting and tweaking may be necessary. The information is provided here in good faith.

Hardware:The following physical hardware is recommended as a minimum. Any less than this will require you to adjust the virtual machine specifications down:

• CPU:Core i5 or AMD Ryzen 5 CPU, 64-bit, Intel VT or AMD-V capable (3.0GHz, or better)
• RAM:16Gb DDR4, 12800 (more and faster RAM is better)
• HDD:1TB SSD/nVME, or 2x 512GB SSDs in RAID 1 configuration, or better (Recommended)
• NIC:Single or Dual 1GbE (or better)

Prerequisites:

• You will need Windows 10 or Windows 11 Professional (or Education or Enterprise) or Windows Server 2012 R2/Windows Server 2016/Windows Server 2019/Windows Server 2022 as your physical host OS to be able to use Hyper-V Manager.
• You will also need the Windows 10/Windows 11 Enterprise and Windows Server 2019/Windows Server 2022 ISO files to create those virtual machines (VMs).
• The processor needs to support Hardware-Assisted Virtualization.

o This can be enabled in the computer’s BIOS by enabling Intel Virtualization Technology (also known as Intel VT), and Intel VT for DirectI/O (aka VT-d)or AMD-V, depending on the brand of the processor.

• The processor also needs to support Second-Level Address Translation (SLAT). Modern Intel or AMD 64-bit processors should support SLAT by default.

o SLAT is also called “Rapid Virtualization Indexing (RVI)”, and has been known as Extended Page Tables (EPT) by Intel and Nested Page Tables (NPT) by AMD.

o To test your machine for SLAT support, download coreinfo.exe from Microsoft Sysinternals and use the coreinfo -v switch to list the features.

   An asterisk next to a feature indicates that it is supported whereas a minus sign indicates that the feature is not supported.

   You could also run systeminfo.exe from the command line and check the line that says Hyper-V Requirements:. It should read: A hypervisor has been detected.

• Next, the Hyper-V feature also needs to be enabled:

o To do so, click on Start and type Turn Windows Features on or off. In Windows 11, open the Run dialog box (Win+R) and type optionalfeatures.exe

o Enable Hyper-V, Virtual Machine Platform and Windows Hypervisor Platform and restart.

If you're in a hurry or you've done all this before, click here to go straight to the PowerShell code.

Download Windows Server 2019/2022 Evaluation

1. Open your favourite browser and in your favourite search engine, search for “intitle:Try Windows Server 2019” (or 2022)



2. The first result should be the link to Try Windows Server 20xx on Microsoft Evaluation Center. Select the option for Windows Server Free Trial | Microsoft. Make sure to expand the Windows Server 20xx 'Evaluations' and 'Get started for free' link, select ISO and proceed to register. Then download and save the 64-bit ISO locally (We’ll assume C:\ISOs\WS20xxEval.ISO).

Download Windows 10/Windows 11 Enterprise Evaluation

3. From the same link as above (Microsoft Evaluation Center), at the top of the page, click on the Products button and in the drop-down, select Windows 10 Enterprise or Windows 11 Enterprise.



4. Jump through the relevant hoops and save the ISO locally (We’ll assume C:\ISOs\Win1xEntEval.ISO).

STEP 2: Get your Networking on…

Create some Layer 2 switches for the Virtual Machines to connect to using the Hyper-V Virtual Switch Manager.

1. Click on START and type Hyper-V. Right-click on Hyper-V Manager and select Pin to Start, right-click on Hyper-V Manager again and select Pin to Taskbar.
2. Now open Hyper-V Manager. Click on Virtual Switch Manager.
3. With New virtual network switch selected, under Create virtual switch and What type of virtual switch do you want to create? Select Private and beneath that, click on Create Virtual Switch.



4. Name the virtual switch Private Network and under Connection type and What do you want to connect this virtual network to? make sure that Private Network is selected.



5. Repeat steps 3 and 4, naming the second virtual switch Private Network 2.

You may need to adjust the specifications to meet your own individual resources and requirements.

1. In Hyper-V Manager, on the Actions pane on the right-hand side, click on New and select Virtual Machine.


2. Click Next on the Before You Begin screen and on the Specify Name and Location screen, type LON-DC1 as the name of the virtual machine (VM).
3. Enable the checkbox next to Store the virtual machine in a different location and select a suitable location.
   This will typically be a fast drive (SSDs are recommended), with enough space and can be backed up easily. Click Next.



4. On the Specify Generation screen, leave Generation 1 selected as default and click Next.
5. On the Assign Memory screen, type in 2048 and make sure that the Use Dynamic Memory for this virtual machine. checkbox is selected. Click Next.
6. On the Configure Networking screen, select Private Network from the Connection drop-down box and click Next. (THIS IS NIC 1!)
7. On the Connect Virtual Hard Disk screen, leave the Name and Location as default, change the size to 30GB (or higher, if you can afford it, or as per specifications above).
   Click Next.



8. On the Installation Options screen, select the Install an operating system from a bootable CD/DVD-ROM option and select the Image file (.iso) radio button and Browse to
   C:\ISOs\WS20xxEval.ISO. Click Next. Review the Summary, and click Finish.



9. Repeat the steps for all VMs, making the changes necessary according to the specifications above, before starting any of the VMs.
10. Once all the VMs have been created, click once on the LON-DC1 VM, click on Settings in the Actions pane, and make the following changes (depending on your computer specification,
    some may not be possible);
1. Under Add Hardware, select Network Adapter, click Add and on the Network Adapter pane, under Virtual switch, select Private Network 2 from the drop-down box.
   (NOTE! You will have repeat this step (10.a) for LON-SVR1 and LON-SVR2. These NICs will later be renamed to "1.Internal" and "2.External".) (THIS IS NIC 2!)



2. Under the Memory section, change the RAM and Dynamic Memory settings as per the specifications above.



3. Change the Number of virtual processors: 4




For the love of all that is holy... do all this in PowerShell...!!

---


STEP 4: Virtual Machine Installation…

Now we can start installing OSes and configuring the Virtual Machines.

1. Right-click the LON-DC1 virtual machine in the center pane and select Connect, or highlight the VM and in the Actions pane, click on Connect.
2. On the menu bar, click on Media, expand DVD Drive and select Insert Disk… Browse to the relevant ISO, click on it and then click on Start inside the VM. Windows installation should start.



3. For Language to install: Select any language, as long as it’s English (United States), however, for Time and Currency format: select English (United Kingdom).
4. Click Next, then on the next screen, Install Now.
5. On the Activate Windows screen, click on I don't have a product key.



6. In the Select the operating system you want to install window, make sure to select Windows Server 20xx Datacenter (Desktop Experience).



7. Continue with LON-DC1 installation.

If you wish, you may now start installing the other VMs, but note that multiple, simultaneous installations will undoubtedly, negatively impact host computer resources, especially where they are limited.

8. Once the installation completes, the VM will restart and you may now repeat step 2 above and select Eject.
9. Upon restart use the credentials below and click on Finish.
Username:    Administrator
Password:     Pa55w.rd



---


STEP 5: Windows Server Virtual Machine Configuration…

First things, first. We’ll perform post-installation configuration and the install some key roles.

1. Log onto LON-DC1 using the username; Administrator and the password; Pa55w.rd.
   Once logged in, when Server Manager opens, click on Configure this local server and then click on the randomly generated computer name (e.g. WIN-EMQF28R2OCP).
2. The System Properties dialog screen open. Under Computer Name, in the Computer description: field, type in LON-DC1 and then below that, click on Change...
3. In the Computer name: field, type in LON-DC1 and then click on OK.



4. Click OK in the Computer Name/Domain Changes popup dialog. Click Close in the System Properties window. When the restart popup appears, select Restart Later.
5. Back in Server Manager, click on Configure this local server and click on the IPv4 address assigned by DHCP, IPv6 enabled link next to Ethernet.
6. Right-click the first Ethernet NIC, select Rename and rename it to 1.Internal. Right-click the second NIC, and rename it to 2.External.
   (NOTE! You will have to repeat this step (6) for LON-SVR1, LON-SVR2 and LON-CL1.
7. Right-click the 1.Internal NIC, select Properties, then Internet Protocol Version 4 (TCP/IPv4).
8. Enter the appropriate IP settings. Take special note of DNS settings.

   The 1.Internal NICs on LON-DC1, LON-SVR1, LON-SVR2 and LON-CL1 will have the following IP settings:

	LON-DC1	LON-SVR1	LON-SVR2	LON-CL1
IP:	172.16.0.10	172.16.0.21	172.16.0.22	172.16.0.50
SM:	255.255.0.0	255.255.0.0	255.255.0.0	255.255.0.0
Pri DNS:	172.16.0.10	172.16.0.10	172.16.0.10	172.16.0.10
Sec DNS:	127.0.0.1	Blank	Blank	Blank



9. The 2.External NICs on LON-DC1, LON-SVR1 and LON-SVR2 will have the following IP settings (All other entries may be left blank.):

	LON-DC1	LON-SVR1	LON-SVR2
IP:	131.107.0.1	131.107.0.21	131.107.0.22
SM:	255.255.0.0	255.255.0.0	255.255.0.0

10. Click OK then Close.
    NOW, go back to the 1.Internal NIC and check those DNS settings I told you about... Once ales ist gut, Click OK then Close.

    HINT! To identify which NIC is connected to the (Internal) “Private Network”, in Hyper-V Manager, select the LON-DC1 VM, click on Settings and click on one of Network Adapter and under Virtual switch choose Not connected. The corresponding NIC in the VM should respond with Network cable unplugged. Don't forget to reconnect the NICs...

11. Now restart the VM.
12. Once restarted, go back into the NIC settings and verify that the DNS settings have not changed.



---


STEP 6: Install the AD Role Service and Promote the Server to a Domain Controller…

In Server Manager, in the top right-hand section, click on Manage, then Add Roles and Features.



Click Next to accept the defaults for the the next three screens... Before you begin, Installation Type (Role-based or feature-based installation) and Server Selection (Select a server from the server pool).

In the Select server roles screen, click on the checkbox and select Active Directory Domain Services. A new pop-up box opens asking you whether you would like to Accept features that are required for Active Directory Domain Services?

The same pop-up box appears when you click on DHCP Server and DNS Server. Click on Accept for all three roles.



Accept the pop-up defaults for Role Services installation options.

Now we'll go ahead and complete the promotion of LON-DC1 to a domain controller.

1. In Server Manager, the notification icon should be showing a red flag. One of the notifications should be a link to Promote this server to a domain controller. Click on this link.
2. The Active Directory Domain Services Configuration Wizard opens.
3. Select Add a new forest and type Adatum.com for the Root domain name: Click Next.



4. In the Domain Controller Options screen, change the Forest functional level and Domain functional Level to Windows Server 2016, or Windows Server 2012 R2 leaving capabilities as-is and then type Pa55w.rd as the Domain Services Restore Mode (DSRM) password.



5. Click Next to ignore the warning in the DNS Options screen.
6. Click Next all the way to the end and start the installation, after making sure that All prerequisite checks passed successfully.
7. Once the DC has been installed, Configure DNS
1. Click on Tools and open the DNS Manager.
2. Expand Forward Lookup Zones, right-click on Adatum.com, and create the following resource records;
                                       

Record	Value	Record Type
adfs	172.16.0.10	Host (A)
crl	lon-dc1.adatum.com	Alias (CNAME)
EnterpriseRegistration	lon-svr1.adatum.com	Alias (CNAME)



8. Next up, we'll configure DHCP.
1. Click on Tools and then DHCP Manager.
2. First and foremost, right-click on lon-dc1.adatum.com and click on Authorize then click on the refresh icon on the toolbar.
3. Expand lon-dc1.adatum.com, expand IPv4, and create the following Scope;

Name: Adatum.com
Address Pool: Start IP: 172.16.0.160
End IP:  172.16.0.190

---

Scope Options: 003 Router 172.16.0.1
006 DNS Server 172.16.0.10
015 Domain Name Adatum.com

 

The installation of Active Directory Certificate Services (ADCS) is OPTIONAL, so feel free to skip this whole section 9.

9. Once that is done, we'll start configuring Active Directory Certificate Services (ADCS) on LON-DC1.
1. Click on the notification icon and open the Configure Active Directory Certificate Services on the destination computer link. Click Next on the Credentials page.
2. Select Certification Authority and Certification Authority Web Enrollment on the Role Services page.



3. On the Setup Type screen, make sure that Enterprise CA is selected and on the CA Type page, Root CA is selected.
4. On the Private Key page, click Next and on the Cryptography screen, change the Key length: to 4096 and select the option to Allow administrator interaction…



5. Click Next and on the CA Name page, change the Common name for this CA: to AdatumCA



6. Accept all other defaults and install Certificate Services.

IMPORTANT...

7. NOTE! When installing LON-CA1, make sure that on step c., the Setup Type is Standalone and CA Type is Root CA and on step e., the Common name for this CA: is set to AdatumCA.




---



Go Back

Yeah! PowerShell BABY!

Next, let’s see how to do all that using Windows PowerShell…
    In half the time! Power’s Hell!
        Am-I-right!?

Note: Most issues will arise from either:
(a) You're not running PowerShell as Administrator.
(Right-click on PowerShell and Run as Administrator)
(b) Your ExecutionPolicy is set to Restricted.
(Run the cmdlet: Set-ExecutionPolicy RemoteSigned).

If you are using Windows Server 20xx as the OS for the physical virtualization host, run the following cmdlet first;

Install-WindowsFeature Hyper-V-Tools,Hyper-V-PowerShell

But, let's not fight...
A script, you say...? Scroll to the bottom...

To speed things up, you can copy and paste all the cmdlets into PowerShell...ON YOUR PHYSICAL/VIRTUALIZATION HOST!

STEP 1: Grab some ISOs

Make sure you have performed Step 1 and grabbed some ISOs and placed them in the $Path location. In our case, $Path = C:\ISOs

You don't need PowerShell for this, but say that you did (I don't know how long these links will last...Correct as at 12 Feb 2022.):


For Windows 10 Enterprise:
Invoke-WebRequest -UseBasicParsing -URI https://software-download.microsoft.com/download/sg/444969d5-f34g-4e03-ac9d-1f9786c69161/19044.1288.211006-0501.21h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-gb.iso -Method GET -OutFile C:\ISOs\Win10EntEval.iso

For Windows 11 Enterprise:
Invoke-WebRequest -UseBasicParsing -URI https://software-download.microsoft.com/download/sg/888969d5-f34g-4e03-ac9d-1f9786c66749/22000.318.211104-1236.co_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-gb.iso -Method GET -OutFile C:\ISOs\Win11EntEval.iso

For Windows Server 2019 Datacenter:
Invoke-WebRequest -UseBasicParsing -URI https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso -Method GET -OutFile C:\ISOs\WS2019Eval.iso

For Windows Server 2022 Datacenter:
Invoke-WebRequest -UseBasicParsing -URI https://software-download.microsoft.com/download/sg/20348.169.210806-2348.fe_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso -Method GET -OutFile C:\ISOs\WS2022Eval.iso


STEP 2: Configure OSI Layer-2 Networking

Create Virtual Switches;

New-VMSwitch -SwitchName 'Private Network' -SwitchType Private
New-VMSwitch -SwitchName 'Private Network 2' -SwitchType Private

STEP 3: Create Virtual Machines

New-Item -ItemType Directory -Name HVVM -ErrorAction SilentlyContinue
$Path="C:\HVVM\"
New-VM -Name LON-DC1 -Path ($Path+'LON-DC1') -MemoryStartupBytes 2GB -NewVHDPath ($Path+'LON-DC1\Virtual Disks\LON-DC1.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2
New-VM -Name LON-SVR1 -Path ($Path+'LON-SVR1') -MemoryStartupBytes 2GB -NewVHDPath ($Path+'LON-SVR1\Virtual Disks\LON-SVR1.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2
New-VM -Name LON-CL1 -Path ($Path+'LON-CL1 -MemoryStartupBytes 2GB -NewVHDPath ($Path+'LON-CL1\Virtual Disks\LON-CL1.vhdx') -NewVHDSizeBytes 20GB -SwitchName 'Private Network' -Generation 2
           OPTIONAL:
           New-VM -Name LON-SVR2 -Path ($Path+'LON-SVR2') -MemoryStartupBytes 2GB -NewVHDPath Path+'LON-SVR2\Virtual Disks\LON-SVR2.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2
           New-VM -Name LON-SVR3 -Path ($Path+'LON-SVR3') -MemoryStartupBytes 1GB -NewVHDPath ($Path+'LON-SVR3\Virtual Disks\LON-SVR3.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2
           New-VM -Name LON-SVR4 -Path ($Path+'LON-SVR4') -MemoryStartupBytes 1GB -NewVHDPath ($Path+'LON-SVR4\Virtual Disks\LON-SVR4.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2
           New-VM -Name LON-CA1 -Path ($Path+'LON-CA1') -MemoryStartupBytes 1GB -NewVHDPath ($Path+'LON-CA1\Virtual Disks\LON-CA1.vhdx') -NewVHDSizeBytes 30GB -SwitchName 'Private Network' -Generation 2

Create second hard drives for LON-DC1, LON-SVR1 and LON-SVR2 and attach them;

New-VHD -Path ($Path+'LON-DC1\Virtual Disks\LON-DC1-AllFiles.vhdx') -SizeBytes 10GB -Fixed
New-VHD -Path ($Path+'LON-SVR1\Virtual Disks\LON-SVR1-AllFiles.vhdx') -SizeBytes 10GB -Fixed
New-VHD -Path ($Path+'LON-SVR2\Virtual Disks\LON-SVR2-AllFiles.vhdx') -SizeBytes 10GB -Fixed

Configure Processors;

Set-VMProcessor -VMName LON-DC1 -Count 4
Set-VMProcessor -VMName LON-SVR1 -Count 4
Set-VMProcessor -VMName LON-CL1 -Count 4
           OPTIONAL:
           Set-VMProcessor -VMName 'LON-SVR2' -Count 4
           Set-VMProcessor -VMName 'LON-SVR3' -Count 2
           Set-VMProcessor -VMName 'LON-SVR4' -Count 2
           Set-VMProcessor -VMName 'LON-CA1' -Count 2

Configure Virtual Machines to start from DVD (.iso);
** Remember to change WS20xxEval.ISO and Win1xEntEval.ISO in the path to the correct ISOs you downloaded. E.g. 'C:\ISOs\WS20xxEval.iso' to 'C:\ISOs\WS2019Eval.iso' **

Add-VMDVDDrive -VMName 'LON-DC1' -Path 'C:\ISOs\WS20xxEval.iso'
Add-VMDVDDrive -VMName 'LON-SVR1' -Path 'C:\ISOs\WS20xxEval.iso'
Add-VMDVDDrive -VMName 'LON-CL1' -Path 'C:\ISOs\Win1xEntEval.ISO'
           OPTIONAL:
           Add-VMDVDDrive -VMName 'LON-SVR2' -Path 'C:\ISOs\WS20xxEval.iso'
           Add-VMDVDDrive -VMName 'LON-SVR3' -Path 'C:\ISOs\WS20xxEval.iso'
           Add-VMDVDDrive -VMName 'LON-SVR4' -Path 'C:\ISOs\WS20xxEval.iso'
           Add-VMDVDDrive -VMName 'LON-CA1' -Path 'C:\ISOs\WS20xxEval.iso'

STEP 4: Now start the Virtual Machines and install Windows. You don't need PowerShell for that!

But, say that you wanted to...


Start-VM -Name 'LON-DC1','LON-SVR1','LON-CL1'
           OPTIONAL:
           Start-VM -Name 'LON-SVR2','LON-SVR3','LON-SVR4'

Verify that the VMs are running:


Get-VM | Where Status -eq 'Running'

Change the computer names. From the physical/virtualization host...

First, commit to memory (variables), local and domain credentials, for use throughout...


$Cred1 = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'Administrator',('Pa55w.rd' | ConvertTo-SecureString -AsPlainText -Force)
$Cred2 = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'ADATUM\Administrator',('Pa55w.rd' | ConvertTo-SecureString -AsPlainText -Force)

Invoke-Command -VMName 'LON-DC1' -ScriptBlock{Rename-Computer -NewName 'LON-DC1' -LocalCredential $Cred1 -Force -Restart}
Invoke-Command -VMName 'LON-SVR1' -ScriptBlock{Rename-Computer -NewName 'LON-SVR1' -LocalCredential $Cred1 -Force -Restart}
Invoke-Command -VMName 'LON-CL1' -ScriptBlock{Rename-Computer -NewName 'LON-CL1' -LocalCredential $Cred1 -Force -Restart}
           OPTIONAL:
           Invoke-Command -VMName 'LON-SVR2' -ScriptBlock{Rename-Computer -NewName 'LON-SVR2' -LocalCredential $Cred1 -Force -Restart}
           Invoke-Command -VMName 'LON-SVR3' -ScriptBlock{Rename-Computer -NewName 'LON-SVR3' -LocalCredential $Cred1 -Force -Restart}
           Invoke-Command -VMName 'LON-SVR4' -ScriptBlock{Rename-Computer -NewName 'LON-SVR4' -LocalCredential $Cred1 -Force -Restart}
           Invoke-Command -VMName 'LON-CA1' -ScriptBlock{Rename-Computer -NewName 'LON-CA1' -LocalCredential $Cred1 -Force -Restart}

STEP 5: Configure Windows IP and Networking settings. Again, PowerShell, no!

But, again, say that you wanted to...

From the physical/virtualization host...

First, get the NIC interface index number.
$IfIndex = Invoke-Command -VMName 'LON-DC1' -Credential $Cred1 -ScriptBlock {Get-NetAdapter | Select -ExpandProperty ifIndex -First 1}
Then set the IP address...
Invoke-Command -VMName 'LON-DC1' -Credential $Cred1 -ScriptBlock {Set-NetIPAddress -InterfaceIndex $ifindex -IPAddress 172.16.0.10 -PrefixLength 24}

Clear the variable for reuse. Wash, Rinse, Repeat for LON-SVR1 and LON-SVR2...
Clear-Variable -Name IfIndex
$IfIndex = Invoke-Command -VMName 'LON-SVR1' -Credential $Cred1 -ScriptBlock {Get-NetAdapter | Select -ExpandProperty ifIndex -First 1
Invoke-Command -VMName 'LON-SVR1' -Credential $Cred1 -ScriptBlock {Set-NetIPAddress -InterfaceIndex $ifindex -IPAddress 172.16.0.21 -PrefixLength 24}

Clear-Variable -Name IfIndex
$IfIndex = Invoke-Command -VMName 'LON-CL1' -Credential $Cred1 -ScriptBlock {Get-NetAdapter | Select -ExpandProperty ifIndex -First 1
Invoke-Command -VMName 'LON-CL1' -Credential $Cred1 -ScriptBlock {Set-NetIPAddress -InterfaceIndex $ifindex -IPAddress 172.16.0.50 -PrefixLength 24}

STEP 6: Install AD Domain Services, Promote DC, Configure DNS and DHCP.

Perfect use-case scenario for PowerShell... Again, from the physical/virtualization host...

Invoke-Command -VMName 'LON-DC1' -Credential $Cred1 -ScriptBlock {Install-WindowsFeature 'AD-Domain-Services','DNS','DHCP' -IncludeAllSubFeature -IncludeManagementTools}

And now the moment you've been waiting for...
Install the Forest and Promote server to a domain controller.

Invoke-Command -VMName 'LON-DC1' -Credential $Cred1 -ScriptBlock {Import-Module ADDSDeployment}
Invoke-Command -VMName 'LON-DC1' -Credential $Cred1 -ScriptBlock {Install-ADDSForest -CreateDNSDelegation:$false -DatabasePath 'C:\Windows\NTDS' -DomainMode Win2016 -DomainName Adatum.com -DomainNetbiosName ADATUM -ForestMode Win2016 -LogPath C:\Windows\NTDS -NoRebootOnCompletion:$True -SysvolPath C:\Windows\SYSVOL -SafeModeAdministratorPassword (ConvertTo-SecureString "Pa55w.rd" -AsPlainText -Force) -Force:$true}

Create DNS Resource Records;

Add-DNSServerResourceRecordA -Name adfs -ZoneName adatum.com -IPv4Address 172.16.0.10 -TimeToLive 01:00:00
Add-DNSServerResourceRecordCNAME -Name crl -HostNameAlias lon-dc1.adatum.com -ZoneName adatum.com
Add-DNSServerResourceRecordCNAME -Name EnterpriseRegistration -HostNameAlias lon-svr1.adatum.com -ZoneName adatum.com

Authorize the DHCP Server, create the DHCP Scope and set DHCP Scope Options;

Add-DHCPServerInDC
Add-DHCPServerv4Scope -StartRange 172.16.0.160 -EndRange 172.16.0.190 -SubnetMask 255.255.0.0 -Name Adatum -Type Both
Set-DHCPServerv4OptionValue -ScopeID 172.16.0.0 -DNSDomain Adatum.com -DNSServer 172.16.0.10 -Router 172.16.0.1

  RELEASE THE KRAKEN!  
   Restart the Domain Controller…

Restart-Computer LON-DC1 -Force

Once the server completes the installation and reboots automatically, you may now start the configuration of the other VMs.

The following cmdlets will allow you to add the hosts to the Adatum.com domain.

Add all other virtual machines to the domain:

Add-Computer -Computername LON-SVR1,LON-CL1 -DomainName Adatum.com –Credential $Cred2 -Restart –Force
           OPTIONAL:
           Add-Computer -Computername LON-SVR2,LON-SVR3,LON-SVR4 -DomainName Adatum.com –Credential $Cred2 -Restart –Force

 

ADDENDUM
NOTE! All hosts are members of the Adatum.com domain, EXCEPT LON-CA1, which is a Standalone Root CA and SHOULD NEVER be connected to the domain!
IP Configuration: (Subnet Mask: 255.255.0.0; Primary DNS Server: 172.16.0.10)
---
LON-DC1: IP Address: 172.16.0.10; (Note! Primary DNS is ITSELF. Secondary is 127.0.0.1)
This is the Domain Controller, Enterprise Root CA and hosts the Adatum.com domain.
LON-CA1: IP Address: 172.16.0.25; This is a Member Server and Standalone Root CA (Not in the Domain!)
LON-SVR1: IP Address: 172.16.0.21; This is a Member Server in the Adatum.com domain.
LON-SVR2: IP Address: 172.16.0.22; This is a Member Server in the Adatum.com domain.
LON-SVR3: IP Address: 172.16.0.23; This is a Member Server in the Adatum.com domain.
LON-SVR4: IP Address: 172.16.0.24; This is a Member Server in the Adatum.com domain.
LON-CL1: IP Address: 172.16.0.50; This is a Member Client in the Adatum.com domain.


 

Installation of AD Certificate Services - (NOTE! This section is totally OPTIONAL.)

Once domain configuration is fully complete, and NOT BEFORE, install AD Certificate Services on LON-DC1;

Install-WindowsFeature ADCS-Cert-Authority,ADCS-Web-Enrollment -IncludeAllSubFeature -IncludeManagementTools

Configure Active Directory Certificate Services
On LON-DC1;


Install-ADCSCertificationAuthority -CAType EnterpriseRootCA -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 4096 -HashAlgorithmName SHA1 -CACommonName AdatumCA -AllowAdministratorInteraction -ValidityPeriod Years -ValidityPeriodUnits 5

On LON-CA1;

Install-ADCSCertificationAuthority -CAType StandAloneRootCA -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 4096 -HashAlgorithmName SHA1 -CACommonName AdatumRootCA -AllowAdministratorInteraction -ValidityPeriod Years -ValidityPeriodUnits 5

 

...AND...Stick a fork in it, you're done! Ah, yes. The script...


     Right-click, Save link As (or Save target as)...     CreateYourHyperVLab.ps1
     Verify the HASH signatures...
     In PowerShell; Get-FileHash %Userprofile%\Desktop\CreateYourHyperVLab.ps1 -Algorithm RIPEMD160 | SHA256 | SHA384 | SHA512

RIPEMD160: 7737018FB3B1114DB62280B1A6DA9C976671E0B2
SHA256: 3EC48508F25077309A3E01560E777248ED327DAC00E76776746C05C477EB655D
SHA384: EB02FFAE3CBFFDEBA4C3893616F7589915462F2DF7617563ABF4825B6B61FA2BCED83895210B13462F23C150BA8AF4BE
SHA512: B0D666E5A4C2CDF0942B69F50DA535E00890C0EE98F6E0398C0E4A5C6402AF40C6EE7718D3FD93F8945BA0E23DCA646A803DA1574000F0B9946EECC045BF0C28

Save the file on your desktop and from the Run dialog box:
PowerShell %Userprofile%\Desktop\CreateYourHyperVLab.ps1

 

Enjoy your newly minted lab!

 

To the Surface...