Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Prepare RODC with prepopulated passwords for DSInternals testing
- # Powered by Evgeniy Berendyaev
- # Assume that we have a virtual machine Windows Server 2012 or higher installed
- Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
- # Constants:
- $DC1IPAddress = '10.0.0.10'
- $RODC1IPAddress = '10.0.0.15'
- $DC1Gateway = '10.0.0.1'
- $DC1Name = 'LAB-DC1'
- $RODC1Name = 'LAB-RODC1'
- $PwdString = 'Blabla123'
- $ForestName = 'LAB.LOCAL'
- $DomainName = 'LAB'
- # Change IP and server name:
- $NetAdapterIndex = (Get-NetAdapter).ifIndex
- New-NetIPAddress -InterfaceIndex $NetAdapterIndex -IPAddress $DC1IPAddress -PrefixLength 24 -DefaultGateway $DC1Gateway
- $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem
- $ComputerInfo.Rename($DC1Name)
- Restart-Computer
- # Promote DC:
- $Pwd = ConvertTo-SecureString $PwdString -AsPlainText -Force
- # I have Windows 2016 so I've specified WinThreshold domain level
- Install-ADDSForest -DomainName $ForestName -SafeModeAdministratorPassword $Pwd -DomainMode WinThreshold -InstallDns -NoRebootOnCompletion -Confirm:$false
- Restart-Computer
- # Create some users:
- $i = 0;
- $acctPwd = ConvertTo-SecureString $PwdString -AsPlainText -Force
- for($i = 0; $i -lt 10; $i++)
- {
- New-ADUser -Name "test$i" -AccountPassword $acctPwd -Enabled $true
- }
- # Clone the DC
- $dc = Get-ADComputer $DC1Name
- Add-ADGroupMember "Cloneable Domain Controllers" $dc.SamAccountName
- Get-ADDCCloningExcludedApplicationList -GenerateXml
- New-ADDCCloneConfigFile -CloneComputerName $RODC1Name -IPv4Address $RODC1IPAddress -IPv4SubnetMask 255.255.255.0 -IPv4DefaultGateway $DC1Gateway -IPv4DNSResolver $DC1IPAddress –Static
- # From GUI: export the VM, import it again with the new identificator and run.
- # Uninstall DC, then install a RODC
- $Pwd = ConvertTo-SecureString $PwdString -AsPlainText -Force
- Uninstall-ADDSDomainController -LocalAdministratorPassword $Pwd -Confirm:$False
- Remove-WindowsFeature DNS
- Restart-Computer
- $Pwd = ConvertTo-SecureString $PwdString -AsPlainText -Force
- Install-ADDSDomainController -DomainName $DomainName -SiteName Default-First-Site-Name -SafeModeAdministratorPassword $Pwd -InstallDns -ReplicationSourceDC $DC1Name$ForestName -ReadOnlyReplica -Confirm:$False
- # Edit password replication policy (add test* users to allowed list)
- $users = Get-ADUser -Filter {SamAccountName -like 'test*'}
- Add-ADDomainControllerPasswordReplicationPolicy -Identity $RODC1Name -AllowedList $users -Confirm:$false
- # Force replicate passwords
- foreach ($user in $users)
- {
- repadmin /rodcpwdrepl $RODC1Name $DC1Name $user
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement