Are you ready to jump in and automate your Active Directory creation?
Warning: no way back from here!
This post is part of a series, at the bottom you find links to the other parts. In this part we will have a look at all the steps necessary to create a new Active Directory Domain.
We are going to:
- Install the required modules
- Create a DSC script
- Create/compile a MOF file (by running the created DSC script
- Configure our node with this MOF file.
Install the required modules
Install-Module xActiveDirectory -Verbose
Be aware: all modules starting with x are considered not final by Microsoft, so final implementation can be different when the module eventually becomes final.
If this is the first module you install, powershell will ask you to install NuGet-anycpu.exe. Behind the scene the Install-Module snippet uses PowerShellGet, wich in his turn uses NuGet, therefore NuGet-anycpu.exe must be available.
Click Yes
Next Install-Module will look in its online repository for the module you want to install, in this case xActiveDirectory. If found, it will ask you if you are sure that you want to install the module.
Click Yes
The output should be something like:
At this stage we have installed / configured all the necessary parts that will enable us to use DSC for crating our domain controller. Only one thing left, the actual PowerShell script itself.
Create a DSC script
Create and run a new PowerShell file: AssertDC.ps1
Be aware: you should never use plain text passwords in your production scripts!!!
# A configuration to Create a new Domain Controller for a new forest configuration AssertDC { param ( [Parameter(Mandatory)] [pscredential]$safemodeAdministratorCred, [Parameter(Mandatory)] [pscredential]$domainCred, [Parameter(Mandatory)] [pscredential]$NewADUserCred, [Parameter(Mandatory)] [string]$NewADUser ) Import-DscResource –ModuleName 'PSDesiredStateConfiguration' Import-DscResource -ModuleName 'xActiveDirectory' Node $AllNodes.Where{$_.Role -eq "Primary DC"}.Nodename { WindowsFeature ADDSInstall { Ensure = "Present" Name = "AD-Domain-Services" } WindowsFeature RSATTools { DependsOn= '[WindowsFeature]ADDSInstall' Ensure = 'Present' Name = 'RSAT-AD-Tools' IncludeAllSubFeature = $true } xADDomain FirstDS { DomainName = $Node.DomainName DomainAdministratorCredential = $domainCred SafemodeAdministratorPassword = $safemodeAdministratorCred DependsOn = "[WindowsFeature]RSATTools" } xWaitForADDomain DscForestWait { DomainName = $Node.DomainName DomainUserCredential = $domainCred RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec DependsOn = "[xADDomain]FirstDS" } xADUser FirstUser { DomainName = $Node.DomainName DomainAdministratorCredential = $domainCred UserName = $NewADUser Password = $NewADUserCred Ensure = "Present" DependsOn = "[xWaitForADDomain]DscForestWait" } } }
Create/compile a MOF file (by running the created DSC script
Run the following powershell commands, this will create a MOF file we can later use to configure our nodes (read computers)
$SafeModePW = 'S@fePassw0rd' $NewADUser = 'Wouter' # Configuration Data for AD $ConfigData = @{ AllNodes = @( @{ Nodename = "sp2013-dev" Role = "Primary DC" DomainName = "development.local" PSDscAllowPlainTextPassword = $true RetryCount = 20 RetryIntervalSec = 30 } ) } AssertDC ` -configurationData $ConfigData ` -safemodeAdministratorCred (New-Object System.Management.Automation.PSCredential ('guest', (ConvertTo-SecureString $SafeModePW -AsPlainText -Force))) ` -domainCred (New-Object System.Management.Automation.PSCredential ('Administrator', (ConvertTo-SecureString $SafeModePW -AsPlainText -Force))) ` -NewADUserCred (New-Object System.Management.Automation.PSCredential ($NewADUser, (ConvertTo-SecureString $SafeModePW -AsPlainText -Force))) ` -NewADUser $NewADUser
Result:
Configure our node with this MOF file.
$SafeModePW = 'S@fePassw0rd' $Credential = (New-Object System.Management.Automation.PSCredential ('Administrator', (ConvertTo-SecureString $SafeModePW -AsPlainText -Force))) Start-DscConfiguration -Wait -Force -Verbose ` -ComputerName "sp2013-dev" ` -Path .\AssertDC ` -Credential $Credential
this will take a while as it will install and configure your domain…
When finished, reboot the server and you will find yourself having created a whole new domain controller.
To create the configured user you have re-run the last script again to configure the last part of the script.
This is because we have added “xWaitForADDomain DscForestWait” in the first script and the server needed a reboot.
$SafeModePW = 'S@fePassw0rd' $Credential = (New-Object System.Management.Automation.PSCredential ('Administrator', (ConvertTo-SecureString $SafeModePW -AsPlainText -Force))) Start-DscConfiguration -Wait -Force -Verbose ` -ComputerName "sp2013-dev" ` -Path .\AssertDC ` -Credential $Credential
Voila, a newly created user in your new domain, in your new forest!
This post is seperated into multiple parts:
- What is DSC?
- Setting up the environment for DSC
- Configure Active Directory with DSC (this post)
- What LEGO has to do with PowerShell DSC Partial Configurations!
- Configure IIS with DSC
- Install SQL with DSC
- Install SharePoint
- Configure SharePoint