Automating IIS setup via PowerShell is a foundational skill for maintaining consistent web environments. While the core steps remain the same, modern Windows Server versions (2019/2022/2025) have introduced the IISAdministration module as the preferred path for automation.
IISAdministration module over the legacy WebAdministration module. It is built for the PowerShell object pipeline, offering better performance and more reliable transactional commits.
1. Install the Web Server Role
This command installs the base IIS role along with the required management tools for PowerShell control.
2. Create an Application Pool
If you are using a Group Managed Service Account (gMSA) for your pool identity, ensure your username ends with a $ (e.g., svc_webapp$).
# Modern IISAdministration method Import-Module IISAdministration $poolName = "MyApplicationPool" # Create the pool New-IISAppPool -Name $poolName # Set identity (use gMSA or custom account) $pool = Get-IISAppPool -Name $poolName $pool.ProcessModel.IdentityType = "SpecificUser" $pool.ProcessModel.UserName = "DOMAIN\svc_webapp$" $pool.ProcessModel.Password = "" # Required blank for gMSA $pool | Set-IISAppPool
3. Create the Website & SSL Binding
Modern IIS setup utilizes SNI (Server Name Indication), allowing you to host multiple SSL sites on a single IP address.
$siteName = "MyWebSite"
$path = "C:\inetpub\wwwroot\myapp"
$thumbprint = (Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.Subject -like "*CN=mysite.com*" } | Select-Object -First 1).Thumbprint
# Create Site with HTTPS and SNI enabled
New-IISSite -Name $siteName -PhysicalPath $path -BindingInformation "*:80:"
New-IISSiteBinding -Name $siteName -BindingInformation "*:443:mysite.com" -CertificateThumbPrint $thumbprint -Protocol https -SslFlag "Sni"
Note: Windows Server 2025 has deprecated the legacy IIS 6 Management Console. Ensure your automation scripts do not rely on Web-Lgcy-Mgmt-Console.