Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- param (
- [string]$domainName,
- [string]$AD1NetBIOSName,
- [string]$safemodepassword,
- [string]$DomainAdminPassword,
- [string]$ADServer1PrivateIp
- )
- Function New-DscCert {
- [CmdletBinding()]
- param(
- [string]
- $Password,
- [string]
- $Instance
- )
- try {
- Write-Verbose 'Creating Certificate'
- $DomainDNSName = $Instance
- $name = new-object -com 'X509Enrollment.CX500DistinguishedName.1'
- $name.Encode("CN=$DomainDNSName", 0)
- $key = new-object -com 'X509Enrollment.CX509PrivateKey.1'
- $key.ProviderName = 'Microsoft RSA SChannel Cryptographic Provider'
- $key.KeySpec = 1
- $key.Length = 1024
- $key.SecurityDescriptor = 'D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)'
- $key.MachineContext = 1
- $key.ExportPolicy = 0x1
- $key.Create()
- $serverauthoid = new-object -com 'X509Enrollment.CObjectId.1'
- $serverauthoid.InitializeFromValue('1.3.6.1.4.1.311.80.1')
- $ekuoids = new-object -com 'X509Enrollment.CObjectIds.1'
- $ekuoids.add($serverauthoid)
- $ekuext = new-object -com 'X509Enrollment.CX509ExtensionEnhancedKeyUsage.1'
- $ekuext.InitializeEncode($ekuoids)
- $cert = new-object -com 'X509Enrollment.CX509CertificateRequestCertificate.1'
- $cert.InitializeFromPrivateKey(2, $key, '')
- $cert.Subject = $name
- $cert.Issuer = $cert.Subject
- $cert.NotBefore = get-date
- $cert.NotAfter = $cert.NotBefore.AddDays(730)
- $cert.X509Extensions.Add($ekuext)
- $cert.Encode()
- $enrollment = new-object -com 'X509Enrollment.CX509Enrollment.1'
- $enrollment.InitializeFromRequest($cert)
- $certdata = $enrollment.CreateRequest(0)
- $enrollment.InstallResponse(2, $certdata, 0, '')
- Write-Verbose 'Exporting Certificate'
- $certificate = Get-ChildItem cert:\localmachine\my -ErrorAction Stop | Where-Object { $_.Subject -eq "CN=$DomainDNSName" }
- $mypwd = ConvertTo-SecureString -String $Password -Force -AsPlainText -ErrorAction Stop
- Export-Certificate -Cert $certificate -FilePath c:\dsc.cer -ErrorAction Stop -Force
- }
- catch {
- $_
- }
- }
- New-DscCert -Password 'P@ssw0rd' -Instance $env:COMPUTERNAME
- $secpasswd = ConvertTo-SecureString $safemodepassword -AsPlainText -Force
- $SafeModePW = New-Object System.Management.Automation.PSCredential ('guest', $secpasswd)
- $secDomainAdminPassword = ConvertTo-SecureString "$DomainAdminPassword" -AsPlainText -Force
- $domainCred = New-Object System.Management.Automation.PSCredential ("dummy\versent", $secDomainAdminPassword)
- $ConfigurationData = @{
- AllNodes = @(
- @{
- nodename = '*'
- domain_name = $domainName
- RetryCount = 20
- RetryIntervalSec = 30
- },
- @{
- nodename = 'localhost'
- role = 'primary'
- newName = $AD1NetBIOSName
- CertificateFile = 'C:\dsc.cer'
- PSDscAllowDomainUser = $true
- }
- )
- }
- [DscLocalConfigurationManager()]
- configuration meta
- {
- Node localhost
- {
- Settings
- {
- RebootNodeIfNeeded = $true
- CertificateID = (Get-ChildItem Cert:\LocalMachine\My)[1].Thumbprint
- ActionAfterReboot = 'ContinueConfiguration'
- ConfigurationMode = 'ApplyOnly'
- }
- }
- }
- meta
- Set-DscLocalConfigurationManager -Path .\meta -Force -Verbose
- Configuration adds {
- param
- (
- [Parameter(Mandatory)]
- [pscredential]$SafeModePW,
- [Parameter(Mandatory)]
- [pscredential]$domainCred
- )
- Import-DscResource -ModuleName @{ModuleName="xActiveDirectory"; RequiredVersion="2.11.0.0"}
- Import-DscResource -ModuleName xComputerManagement
- Import-DscResource -ModuleName xNetworking
- Import-DscResource -ModuleName PSDesiredStateConfiguration
- Node $AllNodes.Where{$_.role -eq 'primary'}.nodename
- {
- File ADFiles
- {
- DestinationPath = 'D:\NTDS'
- Type = 'Directory'
- Ensure = 'Present'
- }
- xIPAddress DCIPAddress {
- InterfaceAlias = (Get-NetAdapter).Name
- IPAddress = $ADServer1PrivateIp
- }
- xDefaultGatewayAddress DefaultGateway {
- InterfaceAlias = (Get-NetAdapter).Name
- Address = (Get-AWSDefaultGateway -IPAddress $ADServer1PrivateIp)
- AddressFamily = "IPv4"
- }
- xDnsServerAddress DnsServerAddress {
- Address = '172.20.0.2'
- InterfaceAlias = (Get-NetAdapter).Name
- AddressFamily = 'IPv4'
- DependsOn = '[xIPAddress]DCIPAddress'
- }
- WindowsFeature ADDSInstall
- {
- Ensure = 'Present'
- Name = 'AD-Domain-Services'
- }
- xComputer NewName
- {
- Name = $Node.newName
- }
- WindowsFeature ADDSTools
- {
- Ensure = 'Present'
- Name = 'RSAT-ADDS'
- }
- xADDomain FirstDS
- {
- DomainName = $Node.domain_name
- DomainAdministratorCredential = $domainCred
- SafemodeAdministratorPassword = $SafeModePW
- DatabasePath = 'D:\NTDS'
- LogPath = 'D:\NTDS'
- DependsOn = '[WindowsFeature]ADDSInstall','[File]ADFiles'
- }
- xADUser FirstUser
- {
- DomainName = $Node.domain_name
- UserName = "versent"
- Password = $domainCred
- Ensure = "Present"
- DependsOn = "[xADDomain]FirstDS"
- }
- xADGroup AddVersentToDomainAdmin
- {
- GroupName = 'Domain Admins'
- Members = 'versent','Administrator'
- Ensure = 'present'
- }
- }
- }
- adds -Outputpath c:\temp -SafeModePW $SafeModePW -domainCred $domainCred -ConfigurationData $ConfigurationData
- Start-DscConfiguration -Wait -Verbose -Force -Path c:\temp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement