Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [cmdletbinding()]param()
- Set-location "C:\dsctemp"
- [DSCLocalConfigurationManager()]
- configuration LCMConfig
- {
- Node localhost
- {
- settings
- {
- ActionAfterReboot = 'ContinueConfiguration'
- ConfigurationMode = 'ApplyOnly'
- RebootNodeIfNeeded = $true
- }
- }
- }
- LCMConfig
- Set-DscLocalConfigurationManager -ComputerName localhost -Force -Verbose -path .\LCMConfig
- configuration DSCLabServer
- {
- Import-DscResource –ModuleName PSDesiredStateConfiguration
- Import-DSCResource -ModuleName xPSDesiredStateConfiguration
- Import-DSCResource -ModuleName xCertificate
- Import-DSCResource -ModuleName xActiveDirectory
- Import-DSCResource -ModuleName xAdcsDeployment
- Import-DscResource -ModuleName xComputerManagement
- Import-DSCResource -ModuleName xDhcpServer
- Import-DSCResource -ModuleName xNetworking
- Node $AllNodes.Where{$_.Role -eq "PrimaryServer"}.Nodename
- {
- User Administrator
- {
- UserName = "Administrator"
- Password = $Node.DomainCred
- Ensure = 'Present'
- }
- WindowsFeature DSCServiceFeature
- {
- Ensure = 'Present'
- Name = 'DSC-Service'
- }
- WindowsFeature ServerGuiMgmtInfra
- {
- Ensure = 'Present'
- Name = 'Server-Gui-Mgmt-Infra'
- }
- WindowsFeature ServerGuiShell
- {
- Ensure = 'Present'
- Name = 'Server-Gui-Shell'
- IncludeAllSubFeature = $true
- }
- $IPIndex = 0
- foreach($IP in $Node.IPs){
- $IPIndex++
- xIPAddress "NewIPAddress$IPindex"
- {
- IPAddress = $IP.IPAddress
- InterfaceAlias = $IP.InterfaceAlias
- SubnetMask = $IP.SubnetMask
- AddressFamily = $IP.AddressFamily
- }
- xDefaultGatewayAddress "DefaultGatewayAddress$IPIndex"
- {
- Address = $IP.DefaultGateway
- AddressFamily = $IP.AddressFamily
- InterfaceAlias = $IP.InterfaceAlias
- }
- xDnsServerAddress "DnsServerAddress$IPIndex"
- {
- Address = $IP.DNSServer
- InterfaceAlias = $IP.InterfaceAlias
- AddressFamily = $IP.AddressFamily
- }
- }
- xComputer NewComputerName
- {
- Name = $Node.ComputerName
- DependsOn = "[xIPAddress]NewIPAddress$IPindex"
- }
- File ADDatabasePath
- {
- DestinationPath = $Node.ADDatabasePath
- Type = 'Directory'
- Ensure = 'Present'
- }
- File ADLogPath
- {
- DestinationPath = $Node.ADLogPath
- Type = 'Directory'
- Ensure = 'Present'
- }
- WindowsFeature ADDSInstall
- {
- Ensure = "Present"
- Name = "AD-Domain-Services"
- }
- WindowsFeature RSATRoleTools
- {
- Ensure = "Present"
- Name = "RSAT-Role-Tools"
- IncludeAllSubFeature = $true
- }
- xADDomain PromoteDC
- {
- DomainName = $Node.DomainName
- DomainNetBIOSName= $Node.DomainNetBIOSName
- DomainAdministratorCredential = $Node.DomainCred
- SafemodeAdministratorPassword = $Node.SafemodeAdministratorPassword
- DatabasePath = $Node.ADDatabasePath
- LogPath = $Node.ADLogPath
- DependsOn = "[WindowsFeature]ADDSInstall","[File]ADDatabasePath","[File]ADLogPath","[xComputer]NewComputerName","[User]Administrator"
- }
- xDscWebService PSDSCPullServer
- {
- Ensure = 'Present'
- EndpointName = 'PSDSCPullServer'
- Port = 8080
- PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
- CertificateThumbPrint = 'AllowUnencryptedTraffic'
- ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
- ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
- State = 'Started'
- DependsOn = '[WindowsFeature]DSCServiceFeature'
- }
- File RegistrationKeyFile
- {
- Ensure = 'Present'
- Type = 'File'
- DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
- Contents = $Node.DSCRegistrationKey
- }
- WindowsFeature DHCP {
- DependsOn = "[xComputer]NewComputerName"
- Name = 'DHCP'
- Ensure = 'PRESENT'
- IncludeAllSubFeature = $true
- }
- xDhcpServerAuthorization LocalServerActivation
- {
- Ensure = 'Present'
- DependsOn = '[xADDomain]PromoteDC','[WindowsFeature]DHCP'
- }
- xDhcpServerScope Scope
- {
- DependsOn = '[xDhcpServerAuthorization]LocalServerActivation'
- Ensure = 'Present'
- IPEndRange = $Node.DHCPIPEndRange
- IPStartRange = $Node.DHCPIPStartRange
- Name = $Node.DHCPName
- SubnetMask = $Node.DHCPSubnetMask
- LeaseDuration = $Node.DHCPLeaseDuration
- State = $Node.DHCPState
- AddressFamily = $Node.DHCPAddressFamily
- }
- xDhcpServerOption Option
- {
- Ensure = 'Present'
- ScopeID = $Node.DHCPScopeID
- DnsDomain = $Node.DomainName
- DnsServerIPAddress = $Node.DHCPDnsServerIPAddress
- AddressFamily = $Node.DHCPAddressFamily
- Router = $Node.DHCPRouter
- DependsOn = '[xDhcpServerScope]Scope'
- }
- WindowsFeature ADCSCertAuthority
- {
- Ensure = 'Present'
- Name = 'ADCS-Cert-Authority'
- }
- xADCSCertificationAuthority ADCS
- {
- Ensure = 'Present'
- Credential = $Node.DomainCred
- CAType = 'EnterpriseRootCA'
- DependsOn = '[WindowsFeature]ADCSCertAuthority','[xADDomain]PromoteDC'
- CACommonName = "$($Node.DomainNetBIOSName) Root CA"
- HashAlgorithmName = "SHA256"
- KeyLength = 4096
- ValidityPeriod = "Years"
- ValidityPeriodUnits = 20
- }
- WindowsFeature ADCSWebEnrollment
- {
- Ensure = 'Present'
- Name = 'ADCS-Web-Enrollment'
- DependsOn = '[WindowsFeature]ADCSCertAuthority'
- }
- xADCSWebEnrollment CertSrv
- {
- Ensure = 'Present'
- IsSingleInstance = 'Yes'
- Credential = $Node.DomainCred
- DependsOn = '[WindowsFeature]ADCSWebEnrollment','[xADCSCertificationAuthority]ADCS'
- }
- }
- }
- $password = "Test@123!" | ConvertTo-SecureString -asPlainText -Force
- $DomainCred = New-Object System.Management.Automation.PSCredential("ADATUM\administrator",$password)
- $SafemodeAdministratorPassword = New-Object System.Management.Automation.PSCredential("administrator",$password)
- $ConfigData = 'a'
- $ConfigData = @{
- AllNodes = @(
- @{
- Nodename = "localhost"
- PSDscAllowDomainUser = $true
- PSDscAllowPlainTextPassword = $true
- ComputerName = 'LABDC01'
- Role = "PrimaryServer"
- DomainName = "adatum.com"
- DomainNetBIOSName = "ADATUM"
- ADDatabasePath = "C:\NTDS"
- ADLogPath = "C:\NTDS\LOG"
- DomainCred = $DomainCred
- SafemodeAdministratorPassword = $SafemodeAdministratorPassword
- IPs = @(
- @{
- IPAddress = '192.168.0.2'
- SubnetMask = 24
- AddressFamily = 'IPv4'
- InterfaceAlias = 'Ethernet'
- DNSServer = '192.168.0.2'
- DefaultGateway = '192.168.0.1'
- }
- )
- DHCPScopeID = '192.168.0.0'
- DHCPIPStartRange = '192.168.0.3'
- DHCPIPEndRange = '192.168.0.254'
- DHCPName = '192.168.0.0'
- DHCPSubnetMask = '255.255.255.0'
- DHCPLeaseDuration = '00:08:00'
- DHCPState = 'Active'
- DHCPAddressFamily = 'IPv4'
- DHCPDnsServerIPAddress = '192.168.0.2'
- DHCPRouter = '192.168.0.1'
- RetryCount = 20
- RetryIntervalSec = 30
- DSCRegistrationKey = "$([guid]::NewGuid())"
- }
- )
- }
- DSCLabServer -ConfigurationData $ConfigData
- Start-DscConfiguration -ComputerName localhost -Wait -Force -Verbose -path .\DSCLabServer
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement