From 51a74bc7066a679012368d9e4756cc8ee9506305 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sat, 3 Aug 2019 10:45:29 +0200 Subject: [PATCH] ADComputer: Add example to create cluster computer account (#461) - Changes to ActiveDirectoryDsc - Fix examples that had duplicate guid that would have prevented them to be published. - Changes to ADComputer - Add example showing how to create cluster computer account (issue #401). --- CHANGELOG.md | 3 + .../en-US/about_ADComputer.help.txt | 47 +++++++++++++ .../en-US/about_WaitForADDomain.help.txt | 11 +++- ...er_CreateClusterComputerAccount_Config.ps1 | 66 +++++++++++++++++++ ...ledState_EnabledComputerAccount_Config.ps1 | 2 +- ...PrestagedClusterComputerAccount_Config.ps1 | 2 +- ...ateUserAndIgnorePasswordChanges_Config.ps1 | 2 +- ...ontrollerUsingBuiltInCredential_Config.ps1 | 2 +- ...DomainControllerUsingCredential_Config.ps1 | 2 +- ...n_WaitForDomainControllerInSite_Config.ps1 | 2 +- ...itForDomainControllerWithReboot_Config.ps1 | 2 +- ...DomainControllerWithLongerDelay_Config.ps1 | 2 +- 12 files changed, 134 insertions(+), 9 deletions(-) create mode 100644 Examples/Resources/ADComputer/5-ADComputer_CreateClusterComputerAccount_Config.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d0e6491d7..d54167546 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,8 @@ - Updated all the examples files to be prefixed with the resource name so they are more easily discovered in PowerShell Gallery and Azure Automation ([issue #416](https://github.com/PowerShell/ActiveDirectoryDsc/issues/416)). + - Fix examples that had duplicate guid that would have prevented them + to be published. - Changes to ADManagedServiceAccount - Added a requirement to README stating "Group Managed Service Accounts need at least one Windows Server 2012 Domain Controller" @@ -68,6 +70,7 @@ any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Fixed the GUID in Example 3-AddComputerAccountSpecificPath_Config ([issue #410](https://github.com/PowerShell/ActiveDirectoryDsc/issues/410)). + - Add example showing how to create cluster computer account ([issue #401](https://github.com/PowerShell/ActiveDirectoryDsc/issues/401)). - Changes to ADOrganizationalUnit - Catch exception when the path property specifies a non-existing path ([issue #408](https://github.com/PowerShell/ActiveDirectoryDsc/issues/408)). diff --git a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt index ebe5b7e28..23cdc0733 100644 --- a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt +++ b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt @@ -221,4 +221,51 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config } } +.EXAMPLE 5 + +This configuration will create a computer account disabled, configure +a cluster using the disabled computer account, and enforcing the +computer account to be enabled. + +Configuration ADComputer_CreateClusterComputerAccount_Config +{ + param + ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Import-DscResource -ModuleName ActiveDirectoryDsc + Import-DscResource -ModuleName xFailoverCluster + + node localhost + { + ADComputer 'ClusterAccount' + { + ComputerName = 'CLU_CNO01' + EnabledOnCreation = $false + } + + xCluster 'CreateCluster' + { + Name = 'CLU_CNO01' + StaticIPAddress = '192.168.100.20/24' + DomainAdministratorCredential = $Credential + + DependsOn = '[ADComputer]ClusterAccount' + } + + ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' + { + Identity = 'CLU_CNO01' + ObjectClass = 'Computer' + Enabled = $true + + DependsOn = '[xCluster]CreateCluster' + } + } +} + diff --git a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt index 0884a2e88..848eac46e 100644 --- a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt +++ b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt @@ -2,7 +2,16 @@ WaitForADDomain .DESCRIPTION - The WaitForADDomain resource is used to wait for Active Directory to become available. + The WaitForADDomain resource is used to wait for Active Directory domain + controller to become available in the domain, or available in + a specific site in the domain. + + >Running the resource as *NT AUTHORITY\SYSTEM*, only work when + >evaluating the domain on the current node, for example on a + >node that should be a domain controller (which might require a + >restart of the node once the node becomes a domain controller). + >In all other scenarios use either the built-in parameter + >`PsDscRunAsCredential`, or the parameter `Credential`. ## Requirements diff --git a/Examples/Resources/ADComputer/5-ADComputer_CreateClusterComputerAccount_Config.ps1 b/Examples/Resources/ADComputer/5-ADComputer_CreateClusterComputerAccount_Config.ps1 new file mode 100644 index 000000000..c7e7f3af4 --- /dev/null +++ b/Examples/Resources/ADComputer/5-ADComputer_CreateClusterComputerAccount_Config.ps1 @@ -0,0 +1,66 @@ +<#PSScriptInfo +.VERSION 1.0.0 +.GUID 331c7f40-112d-468c-9bd0-8f1b073bee44 +.AUTHOR Microsoft Corporation +.COMPANYNAME Microsoft Corporation +.COPYRIGHT (c) Microsoft Corporation. All rights reserved. +.TAGS DSCConfiguration +.LICENSEURI https://github.com/PowerShell/ActiveDirectoryDsc/blob/master/LICENSE +.PROJECTURI https://github.com/PowerShell/ActiveDirectoryDsc +.ICONURI +.EXTERNALMODULEDEPENDENCIES +.REQUIREDSCRIPTS +.EXTERNALSCRIPTDEPENDENCIES +.RELEASENOTES First version. +.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core +#> + +#Requires -module ActiveDirectoryDsc +#Requires -module xFailoverCluster + +<# + .DESCRIPTION + This configuration will create a computer account disabled, configure + a cluster using the disabled computer account, and enforcing the + computer account to be enabled. +#> +Configuration ADComputer_CreateClusterComputerAccount_Config +{ + param + ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Import-DscResource -ModuleName ActiveDirectoryDsc + Import-DscResource -ModuleName xFailoverCluster + + node localhost + { + ADComputer 'ClusterAccount' + { + ComputerName = 'CLU_CNO01' + EnabledOnCreation = $false + } + + xCluster 'CreateCluster' + { + Name = 'CLU_CNO01' + StaticIPAddress = '192.168.100.20/24' + DomainAdministratorCredential = $Credential + + DependsOn = '[ADComputer]ClusterAccount' + } + + ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' + { + Identity = 'CLU_CNO01' + ObjectClass = 'Computer' + Enabled = $true + + DependsOn = '[xCluster]CreateCluster' + } + } +} diff --git a/Examples/Resources/ADObjectEnabledState/1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1 b/Examples/Resources/ADObjectEnabledState/1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1 index 9b4724806..50fef6b55 100644 --- a/Examples/Resources/ADObjectEnabledState/1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1 +++ b/Examples/Resources/ADObjectEnabledState/1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0.0 -.GUID b4d414dc-e230-4055-bdc3-fae268493881 +.GUID d2dfbf17-b113-42f7-9abe-f6c6dc5ea086 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 b/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 index 9f40aa0f3..49bc26028 100644 --- a/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 +++ b/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0.0 -.GUID b4d414dc-e230-4055-bdc3-fae268493881 +.GUID 1da557bb-07a1-4461-8f64-df0d62b30305 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/ADUser/2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1 b/Examples/Resources/ADUser/2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1 index 6a1bd37f3..a43d1a917 100644 --- a/Examples/Resources/ADUser/2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1 +++ b/Examples/Resources/ADUser/2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID b293f599-2660-424d-8200-61d399e44257 +.GUID 3bf5100b-238e-435a-8a98-67d756c5cdeb .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/WaitForADDomain/2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1 b/Examples/Resources/WaitForADDomain/2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1 index 1ef977615..9e4674318 100644 --- a/Examples/Resources/WaitForADDomain/2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID 5f105122-a318-46f4-a7e9-7dc745c57878 +.GUID ef167bdf-7f25-4d28-8ef3-68918eb2702c .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/WaitForADDomain/3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1 b/Examples/Resources/WaitForADDomain/3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1 index 7833077a5..d0b72d3e0 100644 --- a/Examples/Resources/WaitForADDomain/3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID 5f105122-a318-46f4-a7e9-7dc745c57878 +.GUID d0713e4e-274b-4510-949e-39bce2ef2158 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/WaitForADDomain/4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1 b/Examples/Resources/WaitForADDomain/4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1 index a5e6ca722..78facaac8 100644 --- a/Examples/Resources/WaitForADDomain/4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID 5f105122-a318-46f4-a7e9-7dc745c57878 +.GUID 20e1a154-1197-44e3-9c81-d1b9cc67defd .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/WaitForADDomain/5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1 b/Examples/Resources/WaitForADDomain/5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1 index d2f7c7d4e..717796968 100644 --- a/Examples/Resources/WaitForADDomain/5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID 5f105122-a318-46f4-a7e9-7dc745c57878 +.GUID 2ada2ead-8736-4d5e-9587-e14bacc28761 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/WaitForADDomain/6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1 b/Examples/Resources/WaitForADDomain/6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1 index 700f6896a..fdc8b3395 100644 --- a/Examples/Resources/WaitForADDomain/6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0 -.GUID 5f105122-a318-46f4-a7e9-7dc745c57878 +.GUID 0d9d34c3-c750-45f8-8611-74087e958fe1 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved.