Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- configuration CreateADPDC
- {
- # Set parameters for deployment
- param
- (
- # Gets the Domain name from .json script parameters
- [Parameter(Mandatory = $true)]
- [String]$DomainName,
- # Gets the DomainNetBIOS name from .json script parameters
- [Parameter(Mandatory = $true)]
- [string]$DomainNetbiosName,
- # Gets the adminstrator credentials from .json script parameters
- [Parameter(Mandatory = $true)]
- #[System.Management.Automation.PSObject]$Admincreds,
- [System.Management.Automation.PSCredential]$Admincreds,
- # Gets the backupadminstrator credentials from .json script parameters
- [Parameter(Mandatory = $true)]
- [System.Management.Automation.PSCredential]$BackupadminCreds,
- # Gets the monitoradminstrator credentials from .json script parameters
- [Parameter(Mandatory = $true)]
- [System.Management.Automation.PSCredential]$MonitoradminCreds,
- # Retry count value, used for execute respons on AD deployment
- [Int]$RetryCount=20,
- [Int]$RetryIntervalSec=30
- )
- # Import Powershell DSC modules
- Import-DscResource -ModuleName xActiveDirectory, xDisk, xNetworking, xPendingReboot, cDisk
- # AD OU path, where the OU should be placed
- $lines = $DomainName.Split(".")
- foreach ($line in $lines)
- {
- $path += "dc=$line,"
- }
- $DomainPath = $path.TrimEnd(",")
- #Create DomainCreds
- $DomainCreds = New-Object System.Management.Automation.PSCredential ("${DomainName}\$($Admincreds.UserName)", $Admincreds.Password)
- Node localhost
- {
- LocalConfigurationManager
- {
- ActionAfterReboot = 'ContinueConfiguration'
- ConfigurationMode = 'ApplyOnly'
- RebootNodeIfNeeded = $true
- }
- #----------------------------------------------------------------
- ####################....Windows Feature(s)....####################
- #----------------------------------------------------------------
- # Install DNS feature
- WindowsFeature DNS
- {
- Ensure = "Present"
- Name = "DNS"
- }
- #Install the IIS Role
- WindowsFeature IIS
- {
- Ensure = “Present”
- Name = “Web-Server”
- }
- # Install ADDS
- WindowsFeature ADDSInstall
- {
- Ensure = "Present"
- Name = "AD-Domain-Services"
- }
- # Optional GUI tools
- WindowsFeature ADDSTools
- {
- Ensure = "Present"
- Name = "RSAT-ADDS"
- }
- # Install RSAT-ADDS-Tools
- WindowsFeature RSAT-ADDS-Tools
- {
- Ensure = "Present"
- Name = "RSAT-ADDS-Tools"
- }
- # Install RSAT-AD-AdminCenter
- WindowsFeature RSAT-AD-AdminCenter
- {
- Ensure = "Present"
- Name = "RSAT-AD-AdminCenter"
- }
- # Install RSAT-DNS-Tools
- WindowsFeature DNSTools
- {
- Name = "RSAT-DNS-Server"
- }
- #----------------------------------------------------------------
- ####################....PRE....####################
- #----------------------------------------------------------------
- # Configure DC nic with best practice settings
- $firstActiveAdapter = Get-NetAdapter -InterfaceDescription "Microsoft Hyper-V Network Adapter*" | Sort-Object -Property ifIndex | Select-Object -First 1
- xDnsServerAddress DnsServerAddress
- {
- Address = '127.0.0.1'
- InterfaceAlias = $firstActiveAdapter.InterfaceAlias
- AddressFamily = 'IPv4'
- DependsOn = "[WindowsFeature]DNS"
- }
- # Wait for datadisk
- xWaitforDisk Disk2
- {
- DiskNumber = 2
- RetryIntervalSec =$RetryIntervalSec
- RetryCount = $RetryCount
- }
- # Give disk nr2 letter F:\
- cDiskNoRestart ADDataDisk
- {
- DiskNumber = 2
- DriveLetter = "F"
- }
- # No slash at end of folder paths
- xADDomain FirstDS
- {
- DomainName = $DomainName
- DomainNetbiosName = $DomainNetbiosName
- DomainAdministratorCredential = $DomainCreds
- SafemodeAdministratorPassword = $DomainCreds
- DatabasePath = "F:\NTDS"
- LogPath = "F:\NTDS"
- SysvolPath = "F:\SYSVOL"
- DependsOn = "[WindowsFeature]ADDSInstall","[xDnsServerAddress]DnsServerAddress","[cDiskNoRestart]ADDataDisk"
- }
- # Wait for AD to deploy
- xWaitForADDomain DscForestWait
- {
- DomainName = $DomainName
- DomainUserCredential = $DomainCreds
- RetryCount = $RetryCount
- RetryIntervalSec = $RetryIntervalSec
- DependsOn = "[xADDomain]FirstDS"
- }
- #----------------------------------------------------------------
- ####################....OU....####################
- #----------------------------------------------------------------
- # Create OU named after NetBIOS name, saved on domain root level
- xADOrganizationalUnit DefaultOU
- {
- Name = $DomainNetbiosName
- Path = $DomainPath
- ProtectedFromAccidentalDeletion = $true
- Description = "Default managed OU"
- Ensure = 'Present'
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # Create Groups Sub OU
- xADOrganizationalUnit GroupsSubOU
- {
- Name = 'Groups'
- Path = "ou=$DomainNetbiosName," + $DomainPath
- ProtectedFromAccidentalDeletion = $true
- Description = "Groups SubOU"
- Ensure = 'Present'
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # Create Users Sub OU
- xADOrganizationalUnit UsersSubOU
- {
- Name = 'Users'
- Path = "ou=$DomainNetbiosName," + $DomainPath
- ProtectedFromAccidentalDeletion = $true
- Description = "Users SubOU"
- Ensure = 'Present'
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # Create RDS Sub OU
- xADOrganizationalUnit RDSSubOU
- {
- Name = 'RDS'
- Path = "ou=$DomainNetbiosName," + $DomainPath
- ProtectedFromAccidentalDeletion = $true
- Description = "RDS SubOU"
- Ensure = 'Present'
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- #----------------------------------------------------------------
- ####################....USERS --> GROUP(S)....####################
- #----------------------------------------------------------------
- # adminuser with Password never exipre
- xADUser adminuser
- {
- DomainName = $DomainName
- DomainAdministratorCredential = $domainCreds
- UserName = $adminCreds.UserName
- Password = $adminCreds
- PasswordNeverExpires = $true
- Ensure = "Present"
- Description = "Account used for operator based actions from Dustin Operations"
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # adminuser with Password never exipre
- xADUser backupadminuser
- {
- DomainName = $DomainName
- DomainAdministratorCredential = $domainCreds
- UserName = $BackupadminCreds.UserName
- Password = $BackupadminCreds
- PasswordNeverExpires = $true
- Ensure = "Present"
- Description = "Backupadmin User"
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # adminuser with Password never exipre
- xADUser monitoradminuser
- {
- DomainName = $DomainName
- DomainAdministratorCredential = $domainCreds
- UserName = $MonitoradminCreds.UserName
- Password = $MonitoradminCreds
- PasswordNeverExpires = $true
- Ensure = "Present"
- Description = "Account used for automated actions from Dustin Operations"
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # Create Active Directory group
- xADGroup ADGroup
- {
- GroupName = "G-SQL-Admin"
- GroupScope = "Global"
- Category = "Security"
- Description = "Used for sysadmin level - SQL instanse"
- Ensure = 'Present'
- Path = "ou=Groups,ou=$DomainNetbiosName," + $DomainPath
- Members = $adminCreds.UserName, $BackupadminCreds.UserName
- DependsOn = "[xADUser]adminuser", "[xADUser]backupadminuser", "[xADUser]monitoradminuser", "[xADOrganizationalUnit]GroupsSubOU"
- }
- # Add users Domain Admins group
- xADGroup DomainAdmins
- {
- GroupName = "Domain Admins"
- Ensure = 'Present'
- Path = "cn=Users," + $DomainPath
- MembersToInclude = $BackupadminCreds.UserName, $MonitoradminCreds.UserName
- DependsOn = "[xADUser]adminuser", "[xADUser]backupadminuser", "[xADUser]monitoradminuser"
- }
- #----------------------------------------------------------------
- ####################....MISC....####################
- #----------------------------------------------------------------
- # Enable Active Directory Recycle Bin
- xADRecycleBin RecycleBin
- {
- EnterpriseAdministratorCredential = $DomainCreds
- ForestFQDN = $DomainName
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- # Pending reboot after AD deploy
- xPendingReboot Reboot1
- {
- Name = "RebootServer"
- DependsOn = "[xWaitForADDomain]DscForestWait"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement