<# Notes:Goal - Create a domain controller and populate with OUs, Groups

1.  
2.  
3. <# Notes:
4.  
5. Goal - Create a domain controller and populate with OUs, Groups, and Users.
6. This script must be run after prepDomainController.
7.  
8. Disclaimer - This example code is provided without copyright and AS IS. It is free for you to use and modify.
9.  
10. #>
11.  
12. configuration BuildDomainController
13. {
14. Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xNetworking, xDnsServer
15. Node localhost
16. {
17.  
18. LocalConfigurationManager {
19. ActionAfterReboot = 'ContinueConfiguration'
20. ConfigurationMode = 'ApplyOnly'
21. RebootNodeIfNeeded = $true
22. }
23.  
24. xIPAddress NewIPAddress {
25. IPAddress = $node.IPAddress
26. InterfaceAlias = $node.InterfaceAlias
27. AddressFamily = 'IPV4'
28. }
29.  
30. xDefaultGatewayAddress NewIPGateway {
31. Address = $node.GatewayAddress
32. InterfaceAlias = $node.InterfaceAlias
33. AddressFamily = 'IPV4'
34. DependsOn = '[xIPAddress]NewIPAddress'
35. }
36.  
37. xDnsServerAddress PrimaryDNSClient {
38. Address = $node.DnsAddress
39. InterfaceAlias = $node.InterfaceAlias
40. AddressFamily = 'IPV4'
41. DependsOn = '[xDefaultGatewayAddress]NewIPGateway'
42. }
43.  
44. User Administrator {
45. Ensure = 'Present'
46. UserName = 'Administrator'
47. Password = $Cred
48. DependsOn = '[xDnsServerAddress]PrimaryDNSClient'
49. }
50.  
51. xComputer NewComputerName {
52. Name = $node.ThisComputerName
53. DependsOn = '[User]Administrator'
54. }
55.  
56. WindowsFeature ADDSInstall {
57. Ensure = 'Present'
58. Name = 'AD-Domain-Services'
59. DependsOn = '[xComputer]NewComputerName'
60. }
61.  
62. xADDomain FirstDC {
63. DomainName = $node.DomainName
64. DomainAdministratorCredential = $domainCred
65. SafemodeAdministratorPassword = $domainCred
66. DatabasePath = $node.DCDatabasePath
67. LogPath = $node.DCLogPath
68. SysvolPath = $node.SysvolPath
69. DependsOn = '[WindowsFeature]ADDSInstall'
70. }
71.  
72. xADUser myaccount {
73. DomainName = $node.DomainName
74. Path = "CN=Users,$($node.DomainDN)"
75. UserName = 'myaccount'
76. GivenName = 'My'
77. Surname = 'Account'
78. DisplayName = 'My Account'
79. Enabled = $true
80. Password = $Cred
81. DomainAdministratorCredential = $Cred
82. PasswordNeverExpires = $true
83. DependsOn = '[xADDomain]FirstDC'
84. }
85.  
86. xADUser gshields {
87. DomainName = $node.DomainName
88. Path = "CN=Users,$($node.DomainDN)"
89. UserName = 'gshields'
90. GivenName = 'Greg'
91. Surname = 'Shields'
92. DisplayName = 'Greg Shields'
93. Enabled = $true
94. Password = $Cred
95. DomainAdministratorCredential = $Cred
96. PasswordNeverExpires = $true
97. DependsOn = '[xADDomain]FirstDC'
98. }
99.  
100. xADUser djones {
101. DomainName = $node.DomainName
102. Path = "CN=Users,$($node.DomainDN)"
103. UserName = 'djones'
104. GivenName = 'Donna'
105. Surname = 'Jones'
106. DisplayName = 'Donna Jones'
107. Enabled = $true
108. Password = $Cred
109. DomainAdministratorCredential = $Cred
110. PasswordNeverExpires = $true
111. DependsOn = '[xADDomain]FirstDC'
112. }
113.  
114. xADUser jhelmick {
115. DomainName = $node.DomainName
116. Path = "CN=Users,$($node.DomainDN)"
117. UserName = 'jhelmick'
118. GivenName = 'Jane'
119. Surname = 'Helmick'
120. DisplayName = 'Jane Helmick'
121. Enabled = $true
122. Password = $Cred
123. DomainAdministratorCredential = $Cred
124. PasswordNeverExpires = $true
125. DependsOn = '[xADDomain]FirstDC'
126. }
127.  
128. xADGroup IT {
129. GroupName = 'IT'
130. Path = "CN=Users,$($node.DomainDN)"
131. Category = 'Security'
132. GroupScope = 'Global'
133. MembersToInclude = 'gshields', 'jhelmick', 'myaccount'
134. DependsOn = '[xADDomain]FirstDC'
135. }
136.  
137. xADGroup DomainAdmins {
138. GroupName = 'Domain Admins'
139. Path = "CN=Users,$($node.DomainDN)"
140. Category = 'Security'
141. GroupScope = 'Global'
142. MembersToInclude = 'gshields', 'myaccount'
143. DependsOn = '[xADDomain]FirstDC'
144. }
145.  
146. xADGroup EnterpriseAdmins {
147. GroupName = 'Enterprise Admins'
148. Path = "CN=Users,$($node.DomainDN)"
149. Category = 'Security'
150. GroupScope = 'Universal'
151. MembersToInclude = 'gshields', 'myaccount'
152. DependsOn = '[xADDomain]FirstDC'
153. }
154.  
155. xADGroup SchemaAdmins {
156. GroupName = 'Schema Admins'
157. Path = "CN=Users,$($node.DomainDN)"
158. Category = 'Security'
159. GroupScope = 'Universal'
160. MembersToInclude = 'gshields', 'myaccount'
161. DependsOn = '[xADDomain]FirstDC'
162. }
163.  
164. xDnsServerADZone addReverseADZone {
165. Name = '3.168.192.in-addr.arpa'
166. DynamicUpdate = 'Secure'
167. ReplicationScope = 'Forest'
168. Ensure = 'Present'
169. DependsOn = '[xADDomain]FirstDC'
170. }
171. }
172. }
173.  
174. $ConfigData = @{
175. AllNodes = @(
176. @{
177. Nodename = "localhost"
178. ThisComputerName = "dc"
179. IPAddress = "10.0.2.15/24"
180. DnsAddress = "8.8.8.8"
181. GatewayAddress = "10.0.2.2"
182. InterfaceAlias = "Ethernet"
183. DomainName = "company.pri"
184. DomainDN = "DC=Company,DC=Pri"
185. DCDatabasePath = "C:\NTDS"
186. DCLogPath = "C:\NTDS"
187. SysvolPath = "C:\Sysvol"
188. PSDscAllowPlainTextPassword = $true
189. PSDscAllowDomainUser = $true
190. }
191. )
192. }
193.  
194. $domainCred = Get-Credential -UserName company\Administrator -Message "Please enter a new password for Domain Administrator."
195. $Cred = Get-Credential -UserName Administrator -Message "Please enter a new password for Local Administrator and other accounts."
196.  
197. BuildDomainController -ConfigurationData $ConfigData
198.  
199. Set-DSCLocalConfigurationManager -Path .\BuildDomainController –Verbose
200. Start-DscConfiguration -Wait -Force -Path .\BuildDomainController -Verbose