Build Active Directoy

Powershell Scripts for quick deployment (Push it via GPO when machine is newly joined)

Enable TLS 1.2 in powershell session

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Enable TLS 1.2 on client machine or Server

If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'))
    New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'))
    New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'))
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'))
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

Write-Host 'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.' -ForegroundColor Cyan

Install 7zip

$dlurl = '' + (Invoke-WebRequest -UseBasicParsing -Uri '' | Select-Object -ExpandProperty Links | Where-Object {($_.outerHTML -match 'Download')-and ($_.href -like "a/*") -and ($_.href -like "*-x64.exe")} | Select-Object -First 1 | Select-Object -ExpandProperty href)
# modified to work without IE
# above code from:
$installerPath = Join-Path $env:TEMP (Split-Path $dlurl -Leaf)
Invoke-WebRequest $dlurl -OutFile $installerPath
Start-Process -FilePath $installerPath -Args "/S" -Verb RunAs -Wait
Remove-Item $installerPath

Install notepad++ with latest version

$LocalTempDir = $env:TEMP
$href = ((Invoke-WebRequest -Uri '').Links | Where-Object { $_.innerText -match 'current version' }).href
$downloadUrl = ((Invoke-WebRequest "$href").Links | Where-Object { $_.innerHTML -match 'installer' -and $_.href -match 'x64.exe' }).href
Invoke-RestMethod $downloadUrl -OutFile "$LocalTempDir/np++.exe"
start-process -FilePath "$LocalTempDir\np++.exe" -ArgumentList '/S' -Verb runas -Wait

Install Chrome

$LocalTempDir = $env:TEMP; $ChromeInstaller = "ChromeInstaller.exe"; (new-object System.Net.WebClient).DownloadFile('', "$LocalTempDir\$ChromeInstaller"); & "$LocalTempDir\$ChromeInstaller" /silent /install; $Process2Monitor = "ChromeInstaller"; Do { $ProcessesFound = Get-Process | ?{$Process2Monitor -contains $_.Name} | Select-Object -ExpandProperty Name; If ($ProcessesFound) { "Still running: $($ProcessesFound -join ', ')" | Write-Host; Start-Sleep -Seconds 2 } else { rm "$LocalTempDir\$ChromeInstaller" -ErrorAction SilentlyContinue -Verbose } } Until (!$ProcessesFound)

Install common AAD powershell modules

Install-PackageProvider NuGet -Force

Set-PSRepository PSGallery -InstallationPolicy Trusted

Set-ExecutionPolicy RemoteSigned

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Module Az -Force

Install-Module MSOnline -Force

Install-Module AzureAD -Force

Install Edge browser > Navigate to Install Edge for manual download and installation

commands deprecated

md -Path $env:temp\edgeinstall -erroraction SilentlyContinue | Out-Null
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$Download = join-path $env:temp\edgeinstall MicrosoftEdgeEnterpriseX64.msi
Invoke-WebRequest ''  -OutFile $Download
Start-Process "$Download" -ArgumentList "/quiet"


Install firefox

# Define the URL for the Firefox full installer
$firefoxURL = ""

# Define the path where the installer will be saved
$installerPath = "C:\Temp\FirefoxInstaller.exe"

# Create the directory if it doesn't exist
if (-Not (Test-Path "C:\Temp")) {
    New-Item -ItemType Directory -Path "C:\Temp"

# Download the Firefox full installer
Invoke-WebRequest -Uri $firefoxURL -OutFile $installerPath

# Install Firefox silently
Start-Process -FilePath $installerPath -Args "/S" -Wait

# Delete the installer
Remove-Item -Path $installerPath

# Confirm Installation
Write-Host "Firefox silent installation is complete."

Remove firefox

# Look up the uninstall string for Firefox from the Windows Registry
$uninstallPath = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall  -Recurse |
Get-ItemProperty |
Where-Object {$_.DisplayName -match 'Mozilla Firefox'} |
Select-Object -Property DisplayName, UninstallString

# Check if Firefox is installed
if ($uninstallPath -eq $null) {
    Write-Host "Firefox is not installed on this machine."
} else {
    # Run the uninstaller
    Write-Host "Uninstalling Firefox..."
    Start-Process cmd -ArgumentList "/c $($uninstallPath.UninstallString) /S" -Wait
    Write-Host "Firefox has been uninstalled."

Other commands

Join domain

On client machine ( going to be domain joined )

Set-DNSClientServerAddress "<adapter name>" –ServerAddresses ("<IP of DC>")


Set-DNSClientServerAddress "NIC1" –ServerAddresses ("")
Set-DNSClientServerAddress "Ethernet0" –ServerAddresses ("")

Verify the DNS server you set


Rename computer name

Rename-Computer -NewName "<new computer name>" -Restart


Rename-Computer -NewName "ADFS1" -Restart

Join domain

add-computer –domainname "<domain name>"  -restart


add-computer –domainname "" -DomainCredential ace\administrator -restart

Rename domain-joined machines

Rename-Computer -NewName "<new computer name>" -DomainCredential <domain admin in SAM format> -Restart


Rename-Computer -NewName "ACEADFS1" -DomainCredential ace\administrator -Restart

Leave domain

Remove-Computer -UnjoinDomaincredential <domain admin in SAM format> -PassThru -Verbose -Restart


Remove-Computer -UnjoinDomaincredential Power\administrator -PassThru -Verbose -Restart