Windows Server 2025 ships with the same core IIS 10.0 engine but adds improved PowerShell module stability and tighter AD integration hooks. Teams that move site and application pool management into scripts eliminate the most common sources of drift and permission errors.

The practical payoff appears immediately in multi-tenant hosting environments where new sites must be created, bound to certificates, and wired to AD groups several times per week. A short set of cmdlets handles the entire workflow without opening IIS Manager.

#Prerequisites and module loading

Install the Web-Server and Web-Scripting-Tools features if they are not already present. The WebAdministration module is then imported automatically when any IIS cmdlet runs.

powershell
Install-WindowsFeature Web-Server, Web-Scripting-Tools -IncludeManagementTools
Import-Module WebAdministration

#Creating a site with AD authentication

The New-Website cmdlet accepts the physical path and binding parameters. After the site exists, set the authentication provider to Windows and restrict access to an AD security group.

powershell
$siteParams = @{
    Name = 'customer-portal'
    PhysicalPath = 'D:\sites\customer-portal'
    Binding = @{Protocol='https'; BindingInformation='*:443:portal.example.com'}
}
New-Website @siteParams

Set-WebConfigurationProperty -Filter 'system.webServer/security/authentication/windowsAuthentication' -PSPath 'IIS:\Sites\customer-portal' -Name enabled -Value $true

$acl = Get-Acl 'D:\sites\customer-portal'
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('DOMAIN\PortalUsers','Read','ContainerInherit,ObjectInherit','None','Allow')
$acl.AddAccessRule($rule)
Set-Acl 'D:\sites\customer-portal' $acl

#Application pool identity and recycling

  • Use a group-managed service account for the pool identity to avoid password rotation tasks.
  • Configure recycling on a fixed schedule rather than memory thresholds for predictable maintenance windows.
powershell
New-WebAppPool -Name 'customer-portal-pool'
Set-ItemProperty IIS:\AppPools\customer-portal-pool -Name processModel.identityType -Value SpecificUser
Set-ItemProperty IIS:\AppPools\customer-portal-pool -Name processModel.userName -Value 'DOMAIN\svc-portal'
Set-ItemProperty IIS:\AppPools\customer-portal-pool -Name recycling.periodicRestart.schedule -Value @{value='02:00'}

#Verification and logging

After deployment, confirm bindings and authentication settings with Get-WebBinding and Get-WebConfiguration. Forward IIS logs to a central collector using the same PowerShell session to keep audit trails consistent.

Adopt these patterns as the baseline for all new sites. Existing sites can be migrated by exporting current settings, converting them to the equivalent Set-* cmdlets, and storing the scripts in source control.