-
Notifications
You must be signed in to change notification settings - Fork 0
/
DC.ps1
121 lines (90 loc) · 3.08 KB
/
DC.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<#PSScriptInfo
.VERSION 0.3.1
.GUID edd05043-2acc-48fa-b5b3-dab574621ba1
.AUTHOR Michael Greene
.COMPANYNAME Microsoft Corporation
.COPYRIGHT
.TAGS DSCConfiguration
.LICENSEURI https://github.com/Microsoft/DomainControllerConfig/blob/master/LICENSE
.PROJECTURI https://github.com/Microsoft/DomainControllerConfig
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES
https://github.com/Microsoft/DomainControllerConfig/blob/master/README.md#versions
.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core
#>
#Requires -module @{ModuleName = 'xActiveDirectory';ModuleVersion = '2.17.0.0'}
#Requires -module @{ModuleName = 'xStorage'; ModuleVersion = '3.4.0.0'}
#Requires -module @{ModuleName = 'xPendingReboot'; ModuleVersion = '0.3.0.0'}
<#
.DESCRIPTION
Demonstrates a minimally viable domain controller configuration script
compatible with Azure Automation Desired State Configuration service.
Required variables in Automation service:
- Credential to use for AD domain admin
- Credential to use for Safe Mode recovery
Create these credential assets in Azure Automation,
and set their names in lines 11 and 12 of the configuration script.
Required modules in Automation service:
- xActiveDirectory
- xStorage
- xPendingReboot
#>
configuration DomainControllerConfig
{
Import-DscResource -ModuleName @{ModuleName = 'xActiveDirectory'; ModuleVersion = '2.17.0.0'}
Import-DscResource -ModuleName @{ModuleName = 'xStorage'; ModuleVersion = '3.4.0.0'}
Import-DscResource -ModuleName @{ModuleName = 'xPendingReboot'; ModuleVersion = '0.3.0.0'}
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
# When using with Azure Automation, modify these values to match your stored credential names
$domainCredential = Get-AutomationPSCredential 'Credential'
$safeModeCredential = Get-AutomationPSCredential 'Credential'
node localhost
{
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
}
xWaitforDisk Disk2
{
DiskId = 2
RetryIntervalSec = 10
RetryCount = 30
}
xDisk DiskF
{
DiskId = 2
DriveLetter = 'F'
DependsOn = '[xWaitforDisk]Disk2'
}
xPendingReboot BeforeDC
{
Name = 'BeforeDC'
SkipCcmClientSDK = $true
DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF'
}
# Configure domain values here
xADDomain Domain
{
DomainName = 'contoso.local'
DomainAdministratorCredential = $domainCredential
SafemodeAdministratorPassword = $safeModeCredential
DatabasePath = 'F:\NTDS'
LogPath = 'F:\NTDS'
SysvolPath = 'F:\SYSVOL'
DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF','[xPendingReboot]BeforeDC'
}
Registry DisableRDPNLA
{
Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
ValueName = 'UserAuthentication'
ValueData = 0
ValueType = 'Dword'
Ensure = 'Present'
DependsOn = '[xADDomain]Domain'
}
}
}