This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathADDomain.ps1
133 lines (111 loc) · 4.67 KB
/
ADDomain.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
configuration ADDomain
{
param
(
[Parameter(Mandatory)]
[pscredential]$safemodeAdministratorCred,
[Parameter(Mandatory)]
[pscredential]$domainCred
)
Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xNetworking, PSDesiredStateConfiguration, xRemoteDesktopAdmin, cChoco
Node $AllNodes.Where{$_.Role -eq "HADC"}.Nodename
{
xComputer SetName {
Name = $Node.MachineName
}
xIPAddress SetIP {
IPAddress = $Node.IPAddress
InterfaceAlias = $Node.InterfaceAlias
SubnetMask = $Node.SubnetMask
AddressFamily = $Node.AddressFamily
}
XDefaultGatewayAddress SetGateway {
AddressFamily = $Node.AddressFamily
InterfaceAlias = $Node.InterfaceAlias
Address = $Node.DefaultGateway
}
xDNSServerAddress SetDNS {
Address = $Node.DNSAddress
InterfaceAlias = $Node.InterfaceAlias
AddressFamily = $Node.AddressFamily
}
WindowsFeature ADDSInstall
{
Ensure = "Present"
Name = "AD-Domain-Services"
}
# Optional GUI tools
WindowsFeature ADDSTools
{
Ensure = "Present"
Name = "RSAT-ADDS"
}
xWaitForADDomain DscForestWait
{
DomainName = $Node.DomainName
DomainUserCredential = $domaincred
RetryCount = $Node.RetryCount
RetryIntervalSec = $Node.RetryIntervalSec
DependsOn = "[WindowsFeature]ADDSInstall"
}
# No slash at end of folder paths
xADDomainController SecondDC
{
DomainName = $Node.DomainName
DomainAdministratorCredential = $domainCred
SafemodeAdministratorPassword = $safemodeAdministratorCred
DependsOn ='[xComputer]SetName', '[xIPAddress]SetIP', '[WindowsFeature]ADDSInstall'
}
xRemoteDesktopAdmin RDP
{
Ensure = "Present"
DependsOn = '[xADDomainController]SecondDC'
UserAuthentication = 'Secure'
}
xFirewall AllowRDP
{
Name = 'DSC - Remote Desktop Admin Connections'
Group = "Remote Desktop"
Ensure = 'Present'
Enabled = 'True'
Action = 'Allow'
Profile = 'Domain','Private'
}
### To install Chrome
cChocoPackageInstaller installChrome
{
Name = "install googlechrome"
DependsOn = "[cChocoInstaller]installChoco"
}
}
}
# Configuration Data for AD
$ConfigData = @{
AllNodes = @(
@{
Nodename = "192.168.2.59"
MachineName = 'DC2'
Role = "HADC"
DomainName = "cheltenham.com"
IPAddress = '192.168.2.59'
InterfaceAlias = 'Ethernet'
DefaultGateway = '192.168.2.1'
SubnetMask = '24'
AddressFamily = 'IPv4'
DNSAddress = '192.168.2.100', '192.168.2.59'
RetryCount = 20
RetryIntervalSec = 30
PSDscAllowDomainUser = $true
PsDscAllowPlainTextPassword = $true
}
)
}
ADDomain -ConfigurationData $ConfigData `
-safemodeAdministratorCred (Get-Credential -UserName '(Password Only)' `
-Message "Domain Safe Mode Administrator Password") `
-domainCred (Get-Credential -UserName cheltenham\administrator `
-Message "Domain Admin Credential")
# Make sure that LCM is set to continue configuration after reboot
#Set-DSCLocalConfigurationManager -Path .\NewDomain –Verbose
# Build the domain
Start-DscConfiguration -Wait -Force -Credential cheltenham.com\administrator -Path .\ADDomain -Verbose