param
(
    [string]$ParentForestRootDomain = "contoso.com",
    [string]$NewTreeDomainName      = "msp.org",
    [string]$SafeModePassword       = "P4ssw0rd1234!",
    [string]$Username               = "Administrator",
    [string]$Password               = "packer"
)

$scriptName = $MyInvocation.MyCommand.Name
$logFile = "C:\Logs\${scriptName}_log.txt"
Start-Transcript -Path $logFile -Append

$p = ConvertTo-SecureString $Password -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential("$ParentForestRootDomain\$Username", $p)

Write-Host "[INFO] Setting Administrator password"
$computerName = $env:COMPUTERNAME
$adminPassword = $Password
$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
$adminUser.SetPassword($adminPassword)

Write-Host "[INFO] Installing AD-Domain-Services feature"
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

Write-Host "[INFO] Importing ADDSDeployment module"
Import-Module ADDSDeployment

try {
    Write-Host "[INFO] Installing New Tree Domain in Existing Forest"
    Install-ADDSDomain `
        -InstallDns `
        -ParentDomainName $ParentForestRootDomain `
        -NewDomainName $NewTreeDomainName `
        -DomainType TreeDomain `
        -DatabasePath "C:\Windows\NTDS" `
        -LogPath "C:\Windows\NTDS" `
        -SysvolPath "C:\Windows\SYSVOL" `
        -NoRebootOnCompletion `
        -Force `
        -Credential $c `
        -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")

    Write-Host "[INFO] Successfully added new tree domain: $NewTreeDomainName"
} catch {
    Write-Host "[ERR] Failed to add new tree domain: $NewTreeDomainName"
    Write-Host $_.Exception.Message
}

Stop-Transcript