param( [SecureString] $SafeModeAdministratorPassword = (ConvertTo-SecureStri

1. param(
2. [SecureString] $SafeModeAdministratorPassword = (ConvertTo-SecureString -String 'P4$$word' -AsPlainText -Force),
3. [string] $DomainName = 'adds.localdev',
4. [string] $DomainNetbiosName = 'ADDSLOCALDEV',
5. [string] $DomainSuffix = 'DC=adds,DC=localdev',
6.  
7. [string] $UserName = 'Luke.Carrier',
8. [string] $UserFullName = 'Luke Carrier',
9. [SecureString] $UserPassword = (ConvertTo-SecureString -String 'P4$$word' -AsPlainText -Force),
10.  
11. [string] $RDHost = "$($env:ComputerName).$($env:UserDnsDomain)"
12. )
13.  
14. # Before running me...
15. #
16. # 1. Ensure that your two network adapters are configured:
17. # a. First one as NAT, DHCP
18. # b. Second one as Host-only, static IP
19.  
20. Import-Module -Name ServerManager
21. foreach ($module in @('ActiveDirectory', 'ADDSDeployment', 'RemoteDesktop')) {
22. try {
23. Import-Module -Name $module
24. } catch {
25. Write-Debug "Unable to import $($module) module -- is it installed yet?"
26. }
27. }
28.  
29. Set-StrictMode -Version Latest
30. $ErrorActionPreference = 'Stop'
31.  
32. $FeaturesAD = @('AD-Domain-Services', 'DNS', 'GPMC', 'RSAT-AD-Tools')
33. $FeaturesRD = @('RDS-Connection-Broker', 'RDS-RD-Server', 'RDS-Web-Access')
34. $GroupRDUsers = 'Remote Desktop Users'
35.  
36. if ((Get-WindowsFeature -Name $FeaturesAD) | ? { $_.Installed -eq $false }) {
37. Install-WindowsFeature -Name $FeaturesAD -IncludeAllSubFeature -IncludeManagementTools
38. Restart-Computer -Force
39. }
40.  
41. try {
42. Get-ADDomain | Out-Null
43. } catch {
44. Install-ADDSForest -DomainName $DomainName -DomainNetbiosName $DomainNetbiosName `
45. -DomainMode 'WinThreshold' -ForestMode 'WinThreshold' `
46. -CreateDnsDelegation:$false -InstallDns -NoRebootOnCompletion `
47. -DatabasePath 'C:\Windows\NTDS' -SysvolPath 'C:\Windows\SYSVOL_DFSR' `
48. -SafeModeAdministratorPassword $SafeModeAdministratorPassword -Force
49. Restart-Computer -Force
50. }
51.  
52. if ((Get-WindowsFeature -Name $FeaturesRD) | ? { $_.Installed -eq $false }) {
53. Install-WindowsFeature -Name $FeaturesRD -IncludeAllSubFeature -IncludeManagementTools
54. Restart-Computer -Force
55. }
56.  
57. try {
58. Get-ADUser -Identity "CN=$($UserName),CN=Users,$($DomainSuffix)" | Out-Null
59. } catch {
60. New-ADUser -SamAccountName $UserName -AccountPassword $UserPassword -Name $UserFullName `
61. -Enabled:$true -PasswordNeverExpires:$true -ChangePasswordAtLogon:$false
62. }
63.  
64. try {
65. Add-ADPrincipalGroupMembership `
66. -Identity "CN=$($UserName),CN=Users,$($DomainSuffix)" `
67. -MemberOf "CN=Enterprise Admins,CN=Users,$($DomainSuffix)" | Out-Null
68. } catch {
69. Get-ADPrincipalGroupMembership `
70. -Identity "CN=$($UserName),CN=Users,$($DomainSuffix)" `
71. -MemberOf "CN=Enterprise Admins,CN=Users,$($DomainSuffix)" | Out-Null
72. }
73.  
74. try {
75. Add-ADPrincipalGroupMembership `
76. -Identity "CN=$($UserName),CN=Users,$($DomainSuffix)" `
77. -MemberOf "CN=Domain Admins,CN=Users,$($DomainSuffix)" | Out-Null
78. } catch {
79. Get-ADPrincipalGroupMembership `
80. -Identity "CN=$($UserName),CN=Users,$($DomainSuffix)" `
81. -MemberOf "CN=Domain Admins,CN=Users,$($DomainSuffix)" | Out-Null
82. }
83.  
84. try {
85. New-RDSessionDeployment -ConnectionBroker $RDHost -SessionHost $RDHost -WebAccessServer $RDHost `
86. -Verbose
87. } catch {}
88. try {
89. New-RDSessionCollection -CollectionName 'Personal' `
90. -ConnectionBroker $RDHost -SessionHost $RDHost -PersonalUnmanaged
91. } catch {}
92.  
93. Set-RDPersonalSessionDesktopAssignment -CollectionName 'Personal' -Name $RDHost `
94. -User "$($DomainNetbiosName)\$($UserName)"
95.  
96. New-RDRemoteApp -DisplayName 'Notepad' -FilePath "$($env:WinDir)\system32\notepad.exe" -CollectionName 'Personal'