# Script uses DSC (Desired State Configuration to rename PC, assign network details, promote as DC and make new domain admin user # Home; DSC; Active Directory; Domain Controller; Networking <# REQUIREMENTS: Windows PowerShell 5 via Windows Management Framework 5 Production Preview: https://www.microsoft.com/en-us/download/details.aspx?id=48729 DSC Resources: (Install-Module [modulename]) xActiveDirectory xComputer Management xNetworking #> # The Local Configuration Manager (LCM) must be configured in advance to know to reboot as soon as one is required # This cannot be set directly but rather the setting must be saved into a MOF (Management Object Format) plain text configuration file # This file must then be read by the Set-DSCLocalConfigurationManager Command configuration EnableRestarts { LocalConfigurationManager { RebootNodeIfNeeded = $true } } # We use the temp file here since we don't actually need to keep this configuration file after execution EnableRestarts -OutputPath $Env:Temp\ | out-null Set-DscLocalConfigurationManager -Path $Env:Temp | out-null Remove-Item C:\Users\ADMINI~1\AppData\Local\Temp\1\localhost.meta.mof # Request input that is required from the user do { $ComputerName = Read-Host 'Enter new Computer Name' } while($ComputerName -eq "") do { $DomainName = Read-Host 'Enter name of new domain/forest' } while($DomainName -eq "") do { $DCIP = Read-Host 'Enter the IP address of the new domain controller' } while($DCIP -eq "") do { $DefaultGateway = Read-Host 'Enter the Default Gateway to use' } while($DefaultGateway -eq "") # Configure all of the settings we want to apply for this configuration $ConfigData = @{ AllNodes = @( @{ NodeName = 'localhost' MachineName = $ComputerName DomainName = $DomainName LabPassword = [passwordgoeshere] ADAdminUser = [usernamegoeshere] IPAddress = $DCIP InterfaceAlias = 'Ethernet0' DefaultGateway = $DefaultGateway SubnetMask = '24' AddressFamily = 'IPv4' DNSAddress = $DCIP, '8.8.8.8' PSDscAllowPlainTextPassword = $true } ) } Configuration BuildTest01 { Import-DscResource -Module xActiveDirectory, xComputerManagement, xNetworking Node $AllNodes.NodeName { LocalConfigurationManager { ActionAfterReboot = 'ContinueConfiguration' ConfigurationMode = 'ApplyOnly' RebootNodeIfNeeded = $true } # All of the resources that require a password expect a PSCredential object -- even those that only want a password # For lab purposes we will use the same password everywhere $password = ConvertTo-SecureString $Node.LabPassword -AsPlainText -Force $username = "$DomainName\administrator" $LabCred = New-Object System.Management.Automation.PSCredential($username,$password) # Wit DSC, this is literally all you need to do to change the name of a computer. Because the LCM is set to reboot when needed above, that's even taken care of xComputer SetName { Name = $Node.MachineName } # This is all that is needed to configure network details xIPAddress SetIP { IPAddress = $Node.IPAddress InterfaceAlias = $Node.InterfaceAlias DefaultGateway = $Node.DefaultGateway SubnetMask = $Node.SubnetMask AddressFamily = $Node.AddressFamily } xDNSServerAddress SetDNS { Address = $Node.DNSAddress InterfaceAlias = $Node.InterfaceAlias AddressFamily = $Node.AddressFamily } # This requires that Active Directory Domain Services role be present on the machine. If it isn't, go install it. (All that logic is taken care of behind the scenes) WindowsFeature ADDSInstall { Ensure = 'Present' Name = 'AD-Domain-Services' } # Make sure the Active Directory Management tools are installed WindowsFeature ADDSTools { Ensure = "Present" Name = "RSAT-ADDS" } # Build a domain controller. This is all that is required. The rest is taken care of automatically! xADDomain FirstDC { DomainName = $Node.DomainName DomainAdministratorCredential = $LabCred SafemodeAdministratorPassword = $LabCred DependsOn = '[xComputer]SetName', '[xIPAddress]SetIP', '[WindowsFeature]ADDSInstall' } # Assign a custom admin user so we don't use the default 'administrator' account xADUser FirstUser { DomainAdministratorCredential = $LabCred DomainName = $Node.DomainName UserName = $Node.ADAdminUser Password = $LabCred Ensure = 'Present' } # There is no built in resource I could find to change user group membership in AD so we use the "script" resource to run a traditional command Script NewADAdminUser { SetScript = { Add-ADGroupMember -Identity "Domain Admins" -Members $Using:Node.ADAdminUser } TestScript = { $false } GetScript = { } } } } # We now need to build a MOF (Managed Object File) based on the configuration defined above and based on the custom configuration parameters we defined # This will place the MOF in a folder called "BuildTest01" under the current operating folder BuildTest01 -ConfigurationData $ConfigData # We now enforce the configuration using the command syntax below Start-DscConfiguration -Wait -Force -Path .\BuildTest01 -Verbose