-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathActiveDirectoryHub.ps1
116 lines (95 loc) · 3.74 KB
/
ActiveDirectoryHub.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#BEGIN POWERSHELL SCRIPT
Configuration ActiveDirectoryHub{
#Download and Install Required Resources
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DscResource -ModuleName 'xPSDesiredStateConfiguration'
Import-DscResource -ModuleName 'ComputerManagementDSC'
Import-DscResource -ModuleName 'xSystemSecurity'
Import-DscResource -ModuleName 'ActiveDirectoryDsc'
#Initialize Script Variables
$DOMAIN_NAME = Get-AutomationVariable -Name "DOMAIN_NAME"
$ADMIN_PATH = Get-AutomationVariable -Name "ADMIN_PATH"
$API_FOLDER_PATH = Get-AutomationVariable -Name "API_FOLDER_PATH"
#Import Credentials From Azure Vault
$DOMAIN_CONTROLLER_JOIN = Get-AutomationPSCredential -Name 'DOMAIN_CONTROLLER_JOIN'
$DOMAIN_JOIN = Get-AutomationPSCredential -Name 'DOMAIN_JOIN'
#Roles and Feature Install Array
$Features = @(
'AD-Domain-Services',
'DNS',
'RSAT-AD-PowerShell',
'RSAT-ADDS',
'RSAT-DNS-Server',
'BitLocker',
'RSAT-Feature-Tools-BitLocker-BdeAducExt'
)
Node Node{
#------------------#
# Base OS Settings #
#------------------#
#Set UAC Configuration
xUAC UAC{
Setting = 'AlwaysNotify'
}
#Set and monitor the Timezone
TimeZone TimeZoneSet{
IsSingleInstance = 'Yes'
TimeZone = 'Pacific Standard Time'
}
#Set and monitor PowerShell Execution policy
PowerShellExecutionPolicy PowerShellExecutionPolicySet{
ExecutionPolicyScope = 'LocalMachine'
ExecutionPolicy = 'RemoteSigned'
}
#Create the Admin Folder
File AdminFolder{
Ensure = 'Present'
Type = 'Directory'
DestinationPath = $ADMIN_PATH
}
#Delete the API Registration Folder
File RemoveAPIFolder{
Ensure = 'Absent'
Type = 'Directory'
Force = $true
DestinationPath = $API_FOLDER_PATH
}
#------------------#
# Install Services #
#------------------#
##Windows Features Installation
WindowsFeatureSet InstallFeatures
{
Name = $Features
Ensure = 'Present'
IncludeAllSubFeature = $true
}
#Detect Forest's exists before performing join
WaitForADDomain 'WaitForestAvailability'{
DomainName = $DOMAIN_NAME
Credential = $DOMAIN_JOIN
DependsOn = '[WindowsFeatureSet]InstallFeatures'
}
#Configures the Domain Controller and Joins an Existing Domain
ADDomainController ForestJoin{
DomainName = $DOMAIN_NAME
Credential = $DOMAIN_CONTROLLER_JOIN
SafemodeAdministratorPassword = $DOMAIN_CONTROLLER_JOIN
DependsOn = '[WaitForADDomain]WaitForestAvailability'
}
#------------------#
# Monitor Services #
#------------------#
#Active Directory Service Monitoring (NTDS)
Service NTDSService{
Name = 'NTDS'
StartupType = 'Automatic'
State = 'Running'
DependsOn = '[ADDomainController]ForestJoin'
}
#-----------------------#
# Post-Install Services #
#-----------------------#
#Do not add Post-Install Services to a HUB Domain Controller Build
}
}