API tools faq
paste
Advertisement
Moktart

OneManBand

Moktart
Aug 14th, 2014
287
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 11.85 KB | None | 0 0
raw download clone embed print report
  1. param([string]$Stage)
  2.  
  3.  
  4. $ADDSSettings = @{
  5.     Hostname = "SPDEV-DC"
  6.     IPAddress = "192.168.0.225"
  7.     }
  8. $SQLSettings = @{
  9.     Hostname = "SPDEV-SQL"
  10.     IPAddress = "192.168.0.226"
  11.     JoinDomain = $True
  12.     }
  13. $SP2010Settings = @{
  14.     Hostname = "SPDEV-SP2010"
  15.     IPAddress = "192.168.0.210"
  16.     Version = "2010"
  17.     JoinDomain = $True
  18.     }
  19. $SP2013Settings = @{
  20.     Hostname = "SPDEV-SP2013"
  21.     IPAddress = "192.168.0.213"
  22.     Version = "2013"
  23.     JoinDomain = $True
  24.     }
  25. $ADFS2Settings = @{
  26.     Hostname = "SPDEV-ADFS2"
  27.     IPAddress = "192.168.0.227"
  28.     JoinDomain = $True
  29.     }
  30.  
  31.  
  32.  
  33. $SetupPath = "D:"
  34. $AutoSPInstallerPath = "$SetupPath\Sharepoint\AutoSPInstaller"
  35. $NetBiosName = "pocketdomain"
  36. $TLD = "corp"
  37. $UserOU = "SharepointUsers"
  38. $DomainUsers = @(
  39.     "SP_Farm",
  40.     "SP_CacheSuperUser",
  41.     "SP_CacheSuperReader",
  42.     "SP_Services",
  43.     "SP_PortalAppPool",
  44.     "SP_ProfilesAppPool",
  45.     "SP_SearchService",
  46.     "SP_SearchContent",
  47.     "SP_ProfileSync",
  48.     "SP_VisioUser",
  49.     "SP_PerfPointUser",
  50.     "SP_ExcelUser"
  51.     "ADFS_SVC"
  52.     )
  53. $DNSServer = $ADDSSettings.IPAddress
  54. $NetMask = "255.255.255.0"
  55. $Gateway = "192.168.0.1"
  56. $Password = "Bananarama!"
  57. $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
  58. $DomainName = "$NetBiosName.$TLD"
  59. $UserPath = "OU=$UserOU,DC=$NetBiosName,DC=$tld"
  60. $KDC = "10.0.0.1"
  61. $CAHost = $ADDSSettings.Hostname
  62. $CAConfig = "$CAHost.$DomainName\$CAHost"
  63. . $SetupPath\functions.ps1
  64.  
  65. Function Add-Task ($Stage) {
  66. schtasks.exe /CREATE /RU 'builtin\users' /SC ONLOGON /RL HIGHEST /TN "$Stage" /tr "powershell.exe -file $SetupPath\Setup.ps1 -Stage $Stage"
  67. }
  68.  
  69. if (!($Stage -match "First_Run")) {schtasks.exe /DELETE /TN "$Stage" /F}
  70.  
  71. $First_Run_Scriptblock = {
  72.     param($Settings)
  73.     $Servername = $Settings.Hostname
  74.     $IP = $Settings.IPAddress
  75.     $JoinDomain = $Settings.JoinDomain
  76.  
  77.     cscript c:\windows\system32\slmgr.vbs /skms $kdc`:1688
  78.     cscript c:\windows\system32\slmgr.vbs /ato
  79.     cscript c:\windows\system32\slmgr.vbs /ato
  80.  
  81.     schtasks.exe /CHANGE /tn "\Microsoft\Windows\Server Manager\ServerManager" /disable
  82.     net user administrator $Password
  83.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value 1 -PropertyType String -Force
  84.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "Administrator" -PropertyType String -Force
  85.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword" -Value $Password -PropertyType String -Force
  86.  
  87.     Write-Host "Setting network configuration..."
  88.     $NetworkWMI = Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'"
  89.     $NetworkWMI.EnableStatic($IP, $NetMask)
  90.     $NetworkWMI.SetGateways($Gateway, 1)
  91.     $NetworkWMI.SetDNSServerSearchOrder($DNSServer)
  92.     $ComputerWMI = Get-WmiObject win32_computersystem
  93.  
  94.     If ($Settings.Version) {[System.Environment]::SetEnvironmentVariable("Version", $Settings.Version, "Machine")}
  95.  
  96.     if ($JoinDomain) {
  97.         $Counter = 0
  98.         do {Write-Host "Waiting for $DomainName..."; $Counter++; Start-Sleep -Seconds 5}
  99.         until ((Test-Connection $DomainName -quiet) -OR ($counter -eq 10))
  100.         if (!(Test-Connection $DomainName)) {throw "Can't reach $DomainName"}
  101.         $ComputerWMI.JoinDomainOrWorkGroup($DomainName, $Password, "$NetBiosName\Administrator", $Null, 23)
  102.         $ComputerWMI.Rename($ServerName,$Password,"$NetBiosName\Administrator")
  103.         New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "$NetBiosName\Administrator" -PropertyType String -Force
  104.         } else {
  105.         Rename-Computer $Servername
  106.         }
  107.     }
  108. $Install_SQL_Scriptblock = {
  109.     netsh advfirewall firewall add rule name="SQL" protocol=tcp dir=in localport=1433 action=allow enable=yes
  110.     net user /add sqlagent $Password
  111.     net user /add sqlengine $Password
  112.     start-process -path "$SetupPath\SQL\setup.exe" -ArgumentList "/configurationfile=""$SetupPath\sql_configuration.ini""" -Wait
  113.     }
  114. $Install_RSAT_Scriptblock = {
  115.     Add-WindowsFeature -name "RSAT-AD-Tools"
  116.     }
  117. $Install_ADDS_ScriptBlock = {
  118.     Write-Host "Adding AD-Domain-Services"
  119.     Add-WindowsFeature -Name "ad-domain-services" -IncludeAllSubFeature -IncludeManagementTools
  120.     Write-Host "Adding DNS..."
  121.     Add-WindowsFeature -Name "dns" -IncludeAllSubFeature -IncludeManagementTools
  122.     Write-Host "Adding Group Policy Management Console..."
  123.     Add-WindowsFeature -Name "gpmc" -IncludeAllSubFeature -IncludeManagementTools
  124.     }
  125. $Install_Forest_Scriptblock = {
  126.     Import-Module ADDSDeployment
  127.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "$NetBiosName\Administrator" -PropertyType String -Force
  128.     Write-Host "Installing Forest..."
  129.     $ForestSettings = @{
  130.         CreateDNSDelegation = $False
  131.         DatabasePath = "C:\Windows\NTDS"
  132.         DomainMode = "Win2012"
  133.         ForestMode = "Win2012"
  134.         DomainName = $DomainName
  135.         DomainNetbiosName = $NetBiosName
  136.         InstallDns = $True
  137.         LogPath = "C:\Windows\NTDS"
  138.         NoRebootOnCompletion = $False
  139.         SysvolPath = "C:\Windows\SYSVOL"
  140.         Force = $True
  141.         SafeModeAdministratorPassword = $SecurePassword
  142.         }
  143.     Install-ADDSForest @ForestSettings
  144.     }
  145. $Setup_ADObjects_Scriptblock = {
  146.     New-ADOrganizationalUnit "$UserOU"
  147.     Foreach ($User in $DomainUsers) {New-ADUser $User -GivenName $User -Path $UserPath -Enabled $True -AccountPassword $SecurePassword}
  148.     }
  149. $Install_PKI_Scriptblock = {
  150.     Import-Module ServerManager
  151.     Write-Host "Adding Certificate Services..."
  152.     Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
  153.     Add-WindowsFeature ADCS-Enroll-Web-Svc,Adcs-Enroll-Web-Pol,ADCS-Web-Enrollment
  154.     $PKISettings = @{
  155.         CACommonName = "$env:COMPUTERNAME"
  156.         CAType = "EnterpriseRootCA"
  157.         CryptoProviderName = "RSA#Microsoft Software Key Storage Provider"
  158.         KeyLength = 2048
  159.         HashAlgorithmName = "SHA1"
  160.         ValidityPeriod = "Years"
  161.         ValidityPeriodUnits = 3
  162.         Force = $True
  163.         }
  164.     Install-AdcsCertificationAuthority @PKISettings
  165.     dsacls "CN=WebServer,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=pocketdomain,DC=corp" /G """NT Authority\Authenticated Users"":CA;enroll"
  166.    
  167.    
  168.     #Install-AdcsWebEnrollment  -Confirm:$False
  169.     #Install-AdcsEnrollmentWebService -CAConfig $CAConfig -SSLCertThumbprint $WildCard.Thumbprint -AuthenticationType Username -Confirm:$False -Force
  170.     #Install-AdcsEnrollmentPolicyWebService -SSLCertThumbprint $WildCard.Thumbprint -AuthenticationType UserName -Confirm:$false -Force
  171.     }
  172. $Setup_Sharepoint_Scriptblock = {
  173.     if ($Env:Version -eq "2013") {Import-Module ServerManager;Add-WindowsFeature Net-Framework-Features,Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Application-Server,AS-Web-Support,AS-TCP-Port-Sharing,AS-WAS-Support, AS-HTTP-Activation,AS-TCP-Activation,AS-Named-Pipes,AS-Net-Framework,WAS,WAS-Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer}    
  174.     Write-Host "Disabling UAC..."
  175.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system' -Name EnableLUA -PropertyType DWord -Value 0 -Force
  176.     Write-Host "Disabling IE first-run customization..."
  177.     New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main' -Force
  178.     New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main' -name DisableFirstRunCustomize -PropertyType DWord -Value 1 -Force
  179.     add-windowsfeature "RSAT-AD-Tools"
  180.     New-CertificateRequest -subject "CN=*.$DomainName" -OnlineCA $CAConfig
  181.     }  
  182. $Install_Sharepoint_Scriptblock = {
  183.     start-process -path "$AutoSPInstallerPath\AutoSPInstallerLaunch.bat" -ArgumentList "$AutoSPInstallerPath\PocketDomain-$env:Version.xml" -wait
  184.     throw "Installing Sharepoint, no reboot required."
  185.     }
  186. $Install_ADFS3_Scriptblock = {
  187.     Add-WindowsFeature ADFS-Federation -IncludeManagementTools -IncludeAllSubFeature
  188.     Import-Module ADFS
  189.     New-CertificateRequest -subject "CN=adfs3.$DomainName" -OnlineCA $CAConfig
  190.     $ADFS3Certificate = Get-ChildItem Cert:\LocalMachine\My | ? Subject -eq "CN=adfs3.$DomainName"
  191.     $ADFS3Credential = New-Object System.Management.Automation.PSCredential ("$NetBiosName\ADFS_SVC", $SecurePassword)
  192.     $ADFSSettings = @{
  193.         CertificateThumbprint = $ADFS3Certificate.Thumbprint
  194.         FederationServiceDisplayName = "$DomainName ADFS Login"
  195.         FederationServiceName = "adfs3.$DomainName"
  196.         ServiceAccountCredential = $ADFS3Credential
  197.         }
  198.     Install-ADFSFarm @ADFSSettings
  199.     $ADFSIPAddress = (Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'").ipaddress[0]
  200.     invoke-command -ComputerName $ADDSSettings.Hostname ([scriptblock]::Create("invoke-expression ""dnscmd /recordadd $DomainName adfs3 A $ADFSIPAddress"""))
  201.     }
  202. $Install_ADFS2_Scriptblock = {
  203.     start-process "$SetupPath\Installs\ADFSSetup.exe" -ArgumentList "/quiet" -wait
  204.     Add-PSSnapin Microsoft.Adfs.PowerShell
  205.     New-CertificateRequest -subject "CN=adfs2.$DomainName" -OnlineCA $CAConfig
  206.     $ADFS2Certificate = Get-ChildItem Cert:\LocalMachine\My | ?{ $_.Subject -eq "CN=adfs2.$DomainName"}
  207.     [array]$FSConfigArguments = @(
  208.         "/ServiceAccount $NetBiosName\adfs_svc",
  209.         "/ServiceAccountPassword $Password",
  210.         "/FederationServiceName adfs2.$DomainName",
  211.         "/CleanConfig",
  212.         "/CertThumbprint $ADFS2Certificate.thumbprint",
  213.         "/AutoCertRolloverEnabled"
  214.         )
  215.     $ADFSIPAddress = (Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'").ipaddress[0]
  216.     start-process "C:\Program Files\Active Directory Federation Services 2.0\Fsconfig.exe" -argumentlist ($FSConfigArguments -join " ") -wait
  217.     invoke-command -ComputerName $ADDSSettings.Hostname ([scriptblock]::Create("invoke-expression ""dnscmd /recordadd $DomainName adfs2 A $ADFSIPAddress"""))
  218.     }
  219.  
  220.  
  221. switch ($Stage)
  222.     {
  223.     "First_Run_ADDS" {&$First_Run_Scriptblock $ADDSSettings; Add-Task Install_RSAT}
  224.     "First_Run_SQL" {&$First_Run_Scriptblock $SQLSettings; Add-Task Install_SQL}
  225.     "First_Run_SP2013" {&$First_Run_Scriptblock $SP2010Settings; Add-Task Setup_Sharepoint}
  226.     "First_Run_SP2010" {&$First_Run_Scriptblock $SP2013Settings; Add-Task Setup_Sharepoint}
  227.     "First_Run_ADFS2" {&$First_Run_Scriptblock $ADFS2Settings; Add-Task Install_ADFS2}
  228.     "Setup_Sharepoint" {&$Setup_Sharepoint_Scriptblock; Add-Task Install_Sharepoint}
  229.     "Install_Sharepoint" {&$Install_Sharepoint_Scriptblock}
  230.     "Install_RSAT" {&$Install_RSAT_Scriptblock; Add-Task Install_ADDS}
  231.     "Install_SQL"  {&$Install_SQL_Scriptblock}
  232.     "Install_ADDS" {&$Install_ADDS_ScriptBlock; Add-Task Install_Forest}
  233.     "Install_Forest" {&$Install_Forest_Scriptblock; Add-Task Setup_ADObjects}
  234.     "Install_PKI" {&$Install_PKI_Scriptblock; Add-Task Install_ADFS3}
  235.     "Setup_ADObjects" {&$Setup_ADObjects_Scriptblock; Add-Task Install_PKI}
  236.     "Install_ADFS3" {&$Install_ADFS3_Scriptblock}
  237.     "Install_ADFS2" {&$Install_ADFS2_Scriptblock}
  238.     }
  239.  
  240.  
  241.  
  242. if (!($Error[0])) {Restart-Computer} else {Write-Host "Errors!"; $Error | Select-Object * | Out-File c:\errors.txt -Append; notepad.exe c:\errors.txt}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!