Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- param([string]$Stage)
- $ADDSSettings = @{
- Hostname = "SPDEV-DC"
- IPAddress = "192.168.0.225"
- }
- $SQLSettings = @{
- Hostname = "SPDEV-SQL"
- IPAddress = "192.168.0.226"
- JoinDomain = $True
- }
- $SP2010Settings = @{
- Hostname = "SPDEV-SP2010"
- IPAddress = "192.168.0.210"
- Version = "2010"
- JoinDomain = $True
- }
- $SP2013Settings = @{
- Hostname = "SPDEV-SP2013"
- IPAddress = "192.168.0.213"
- Version = "2013"
- JoinDomain = $True
- }
- $ADFS2Settings = @{
- Hostname = "SPDEV-ADFS2"
- IPAddress = "192.168.0.227"
- JoinDomain = $True
- }
- $SetupPath = "D:"
- $AutoSPInstallerPath = "$SetupPath\Sharepoint\AutoSPInstaller"
- $NetBiosName = "pocketdomain"
- $TLD = "corp"
- $UserOU = "SharepointUsers"
- $DomainUsers = @(
- "SP_Farm",
- "SP_CacheSuperUser",
- "SP_CacheSuperReader",
- "SP_Services",
- "SP_PortalAppPool",
- "SP_ProfilesAppPool",
- "SP_SearchService",
- "SP_SearchContent",
- "SP_ProfileSync",
- "SP_VisioUser",
- "SP_PerfPointUser",
- "SP_ExcelUser"
- "ADFS_SVC"
- )
- $DNSServer = $ADDSSettings.IPAddress
- $NetMask = "255.255.255.0"
- $Gateway = "192.168.0.1"
- $Password = "Bananarama!"
- $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
- $DomainName = "$NetBiosName.$TLD"
- $UserPath = "OU=$UserOU,DC=$NetBiosName,DC=$tld"
- $KDC = "10.0.0.1"
- $CAHost = $ADDSSettings.Hostname
- $CAConfig = "$CAHost.$DomainName\$CAHost"
- . $SetupPath\functions.ps1
- Function Add-Task ($Stage) {
- schtasks.exe /CREATE /RU 'builtin\users' /SC ONLOGON /RL HIGHEST /TN "$Stage" /tr "powershell.exe -file $SetupPath\Setup.ps1 -Stage $Stage"
- }
- if (!($Stage -match "First_Run")) {schtasks.exe /DELETE /TN "$Stage" /F}
- $First_Run_Scriptblock = {
- param($Settings)
- $Servername = $Settings.Hostname
- $IP = $Settings.IPAddress
- $JoinDomain = $Settings.JoinDomain
- cscript c:\windows\system32\slmgr.vbs /skms $kdc`:1688
- cscript c:\windows\system32\slmgr.vbs /ato
- cscript c:\windows\system32\slmgr.vbs /ato
- schtasks.exe /CHANGE /tn "\Microsoft\Windows\Server Manager\ServerManager" /disable
- net user administrator $Password
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value 1 -PropertyType String -Force
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "Administrator" -PropertyType String -Force
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword" -Value $Password -PropertyType String -Force
- Write-Host "Setting network configuration..."
- $NetworkWMI = Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'"
- $NetworkWMI.EnableStatic($IP, $NetMask)
- $NetworkWMI.SetGateways($Gateway, 1)
- $NetworkWMI.SetDNSServerSearchOrder($DNSServer)
- $ComputerWMI = Get-WmiObject win32_computersystem
- If ($Settings.Version) {[System.Environment]::SetEnvironmentVariable("Version", $Settings.Version, "Machine")}
- if ($JoinDomain) {
- $Counter = 0
- do {Write-Host "Waiting for $DomainName..."; $Counter++; Start-Sleep -Seconds 5}
- until ((Test-Connection $DomainName -quiet) -OR ($counter -eq 10))
- if (!(Test-Connection $DomainName)) {throw "Can't reach $DomainName"}
- $ComputerWMI.JoinDomainOrWorkGroup($DomainName, $Password, "$NetBiosName\Administrator", $Null, 23)
- $ComputerWMI.Rename($ServerName,$Password,"$NetBiosName\Administrator")
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "$NetBiosName\Administrator" -PropertyType String -Force
- } else {
- Rename-Computer $Servername
- }
- }
- $Install_SQL_Scriptblock = {
- netsh advfirewall firewall add rule name="SQL" protocol=tcp dir=in localport=1433 action=allow enable=yes
- net user /add sqlagent $Password
- net user /add sqlengine $Password
- start-process -path "$SetupPath\SQL\setup.exe" -ArgumentList "/configurationfile=""$SetupPath\sql_configuration.ini""" -Wait
- }
- $Install_RSAT_Scriptblock = {
- Add-WindowsFeature -name "RSAT-AD-Tools"
- }
- $Install_ADDS_ScriptBlock = {
- Write-Host "Adding AD-Domain-Services"
- Add-WindowsFeature -Name "ad-domain-services" -IncludeAllSubFeature -IncludeManagementTools
- Write-Host "Adding DNS..."
- Add-WindowsFeature -Name "dns" -IncludeAllSubFeature -IncludeManagementTools
- Write-Host "Adding Group Policy Management Console..."
- Add-WindowsFeature -Name "gpmc" -IncludeAllSubFeature -IncludeManagementTools
- }
- $Install_Forest_Scriptblock = {
- Import-Module ADDSDeployment
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "$NetBiosName\Administrator" -PropertyType String -Force
- Write-Host "Installing Forest..."
- $ForestSettings = @{
- CreateDNSDelegation = $False
- DatabasePath = "C:\Windows\NTDS"
- DomainMode = "Win2012"
- ForestMode = "Win2012"
- DomainName = $DomainName
- DomainNetbiosName = $NetBiosName
- InstallDns = $True
- LogPath = "C:\Windows\NTDS"
- NoRebootOnCompletion = $False
- SysvolPath = "C:\Windows\SYSVOL"
- Force = $True
- SafeModeAdministratorPassword = $SecurePassword
- }
- Install-ADDSForest @ForestSettings
- }
- $Setup_ADObjects_Scriptblock = {
- New-ADOrganizationalUnit "$UserOU"
- Foreach ($User in $DomainUsers) {New-ADUser $User -GivenName $User -Path $UserPath -Enabled $True -AccountPassword $SecurePassword}
- }
- $Install_PKI_Scriptblock = {
- Import-Module ServerManager
- Write-Host "Adding Certificate Services..."
- Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
- Add-WindowsFeature ADCS-Enroll-Web-Svc,Adcs-Enroll-Web-Pol,ADCS-Web-Enrollment
- $PKISettings = @{
- CACommonName = "$env:COMPUTERNAME"
- CAType = "EnterpriseRootCA"
- CryptoProviderName = "RSA#Microsoft Software Key Storage Provider"
- KeyLength = 2048
- HashAlgorithmName = "SHA1"
- ValidityPeriod = "Years"
- ValidityPeriodUnits = 3
- Force = $True
- }
- Install-AdcsCertificationAuthority @PKISettings
- dsacls "CN=WebServer,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=pocketdomain,DC=corp" /G """NT Authority\Authenticated Users"":CA;enroll"
- #Install-AdcsWebEnrollment -Confirm:$False
- #Install-AdcsEnrollmentWebService -CAConfig $CAConfig -SSLCertThumbprint $WildCard.Thumbprint -AuthenticationType Username -Confirm:$False -Force
- #Install-AdcsEnrollmentPolicyWebService -SSLCertThumbprint $WildCard.Thumbprint -AuthenticationType UserName -Confirm:$false -Force
- }
- $Setup_Sharepoint_Scriptblock = {
- if ($Env:Version -eq "2013") {Import-Module ServerManager;Add-WindowsFeature Net-Framework-Features,Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Application-Server,AS-Web-Support,AS-TCP-Port-Sharing,AS-WAS-Support, AS-HTTP-Activation,AS-TCP-Activation,AS-Named-Pipes,AS-Net-Framework,WAS,WAS-Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer}
- Write-Host "Disabling UAC..."
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system' -Name EnableLUA -PropertyType DWord -Value 0 -Force
- Write-Host "Disabling IE first-run customization..."
- New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main' -Force
- New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main' -name DisableFirstRunCustomize -PropertyType DWord -Value 1 -Force
- add-windowsfeature "RSAT-AD-Tools"
- New-CertificateRequest -subject "CN=*.$DomainName" -OnlineCA $CAConfig
- }
- $Install_Sharepoint_Scriptblock = {
- start-process -path "$AutoSPInstallerPath\AutoSPInstallerLaunch.bat" -ArgumentList "$AutoSPInstallerPath\PocketDomain-$env:Version.xml" -wait
- throw "Installing Sharepoint, no reboot required."
- }
- $Install_ADFS3_Scriptblock = {
- Add-WindowsFeature ADFS-Federation -IncludeManagementTools -IncludeAllSubFeature
- Import-Module ADFS
- New-CertificateRequest -subject "CN=adfs3.$DomainName" -OnlineCA $CAConfig
- $ADFS3Certificate = Get-ChildItem Cert:\LocalMachine\My | ? Subject -eq "CN=adfs3.$DomainName"
- $ADFS3Credential = New-Object System.Management.Automation.PSCredential ("$NetBiosName\ADFS_SVC", $SecurePassword)
- $ADFSSettings = @{
- CertificateThumbprint = $ADFS3Certificate.Thumbprint
- FederationServiceDisplayName = "$DomainName ADFS Login"
- FederationServiceName = "adfs3.$DomainName"
- ServiceAccountCredential = $ADFS3Credential
- }
- Install-ADFSFarm @ADFSSettings
- $ADFSIPAddress = (Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'").ipaddress[0]
- invoke-command -ComputerName $ADDSSettings.Hostname ([scriptblock]::Create("invoke-expression ""dnscmd /recordadd $DomainName adfs3 A $ADFSIPAddress"""))
- }
- $Install_ADFS2_Scriptblock = {
- start-process "$SetupPath\Installs\ADFSSetup.exe" -ArgumentList "/quiet" -wait
- Add-PSSnapin Microsoft.Adfs.PowerShell
- New-CertificateRequest -subject "CN=adfs2.$DomainName" -OnlineCA $CAConfig
- $ADFS2Certificate = Get-ChildItem Cert:\LocalMachine\My | ?{ $_.Subject -eq "CN=adfs2.$DomainName"}
- [array]$FSConfigArguments = @(
- "/ServiceAccount $NetBiosName\adfs_svc",
- "/ServiceAccountPassword $Password",
- "/FederationServiceName adfs2.$DomainName",
- "/CleanConfig",
- "/CertThumbprint $ADFS2Certificate.thumbprint",
- "/AutoCertRolloverEnabled"
- )
- $ADFSIPAddress = (Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'").ipaddress[0]
- start-process "C:\Program Files\Active Directory Federation Services 2.0\Fsconfig.exe" -argumentlist ($FSConfigArguments -join " ") -wait
- invoke-command -ComputerName $ADDSSettings.Hostname ([scriptblock]::Create("invoke-expression ""dnscmd /recordadd $DomainName adfs2 A $ADFSIPAddress"""))
- }
- switch ($Stage)
- {
- "First_Run_ADDS" {&$First_Run_Scriptblock $ADDSSettings; Add-Task Install_RSAT}
- "First_Run_SQL" {&$First_Run_Scriptblock $SQLSettings; Add-Task Install_SQL}
- "First_Run_SP2013" {&$First_Run_Scriptblock $SP2010Settings; Add-Task Setup_Sharepoint}
- "First_Run_SP2010" {&$First_Run_Scriptblock $SP2013Settings; Add-Task Setup_Sharepoint}
- "First_Run_ADFS2" {&$First_Run_Scriptblock $ADFS2Settings; Add-Task Install_ADFS2}
- "Setup_Sharepoint" {&$Setup_Sharepoint_Scriptblock; Add-Task Install_Sharepoint}
- "Install_Sharepoint" {&$Install_Sharepoint_Scriptblock}
- "Install_RSAT" {&$Install_RSAT_Scriptblock; Add-Task Install_ADDS}
- "Install_SQL" {&$Install_SQL_Scriptblock}
- "Install_ADDS" {&$Install_ADDS_ScriptBlock; Add-Task Install_Forest}
- "Install_Forest" {&$Install_Forest_Scriptblock; Add-Task Setup_ADObjects}
- "Install_PKI" {&$Install_PKI_Scriptblock; Add-Task Install_ADFS3}
- "Setup_ADObjects" {&$Setup_ADObjects_Scriptblock; Add-Task Install_PKI}
- "Install_ADFS3" {&$Install_ADFS3_Scriptblock}
- "Install_ADFS2" {&$Install_ADFS2_Scriptblock}
- }
- if (!($Error[0])) {Restart-Computer} else {Write-Host "Errors!"; $Error | Select-Object * | Out-File c:\errors.txt -Append; notepad.exe c:\errors.txt}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement