Merge pull request #238 from rchristman89/dev

xADDomainController: Added new parameter to support IFM
dsccommunity · Jan 29, 2019 · 854ca06 · 854ca06
2 parents 38e91bb + f1d226b
commit 854ca06
Show file tree

Hide file tree

Showing 5 changed files with 263 additions and 66 deletions.
diff --git a/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1 b/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1
@@ -57,7 +57,8 @@ data localizedData
         after each configuration.
         ($env:systemRoot\system32\Configuration\BuiltinProvCache\MSFT_xADDomain)
 #>
-function Get-TrackingFilename {
+function Get-TrackingFilename
+{
     [OutputType([String])]
     [CmdletBinding()]
     param(
@@ -74,13 +75,13 @@ function Get-TargetResource
     [OutputType([System.Collections.Hashtable])]
     param
     (
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [String] $DomainName,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $SafemodeAdministratorPassword,
 
         [Parameter()] [ValidateNotNullOrEmpty()]
@@ -116,10 +117,12 @@ function Get-TargetResource
     $maxRetries = 5
     $retryIntervalInSeconds = 30
     $domainShouldExist = (Test-Path (Get-TrackingFilename -DomainName $DomainName))
-    do {
+    do
+    {
     try
     {
-        if ($isDomainMember) {
+        if ($isDomainMember)
+        {
             ## We're already a domain member, so take the credentials out of the equation
             Write-Verbose ($localizedData.QueryDomainADWithLocalCredentials -f $domainFQDN);
             $domain = Get-ADDomain -Identity $domainFQDN -ErrorAction Stop;
@@ -177,7 +180,8 @@ function Get-TargetResource
         }
     }
 
-    if($domainShouldExist) {
+    if($domainShouldExist)
+    {
         $retries++
         Write-Verbose ($localizedData.RetryingGetADDomain -f $retries, $maxRetries, $retryIntervalInSeconds)
         Start-Sleep -Seconds ($retries * $retryIntervalInSeconds)
@@ -192,13 +196,13 @@ function Test-TargetResource
     [OutputType([System.Boolean])]
     param
     (
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [String] $DomainName,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $SafemodeAdministratorPassword,
 
         [Parameter()] [ValidateNotNullOrEmpty()]
@@ -271,13 +275,13 @@ function Set-TargetResource
 {
     param
     (
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [String] $DomainName,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
+        [Parameter(Mandatory = $true)]
         [PSCredential] $SafemodeAdministratorPassword,
 
         [Parameter()] [ValidateNotNullOrEmpty()]
@@ -337,7 +341,7 @@ function Set-TargetResource
     {
         $installADDSParams['DomainMode'] = $DomainMode;
     }
-    
+
     if ($PSBoundParameters.ContainsKey('ParentDomainName'))
     {
         Write-Verbose -Message ($localizedData.CreatingChildDomain -f $DomainName, $ParentDomainName);

diff --git a/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1 b/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1
@@ -9,27 +9,64 @@ $adCommonFunctions = Join-Path `
     -ChildPath '\MSFT_xADCommon\MSFT_xADCommon.psm1'
 Import-Module -Name $adCommonFunctions
 
+<#
+    .SYNOPSIS
+        Returns the current state of the certificate that may need to be requested.
+
+    .PARAMETER DomainName
+        Provide the FQDN of the domain the Domain Controller is being added to.
+
+    .PARAMETER DomainAdministrationCredential
+        Provide the Domain Admin credentials to be able to promote a new Domain Controller. This is a PSCredential.
+
+    .PARAMETER SafemodeAdministratorPassword
+        Provide a password that will be used to set the DSRM password. This is a PSCredential.
+
+    .PARAMETER DatabasePath
+        Provide the path where the NTDS.dit will be created and stored.
+
+    .PARAMETER LogPath
+        Provide the path where the logs for the NTDS will be created and stored.
+
+    .PARAMETER SysvolPath
+        Provide the path where the Sysvol will be created and stored.
+
+    .PARAMETER SiteName
+        Provide the name of the site you want the Domain Controller to be added to.
+#>
 function Get-TargetResource
 {
+    [CmdletBinding()]
     [OutputType([System.Collections.Hashtable])]
     param
     (
-        [Parameter(Mandatory)]
-        [String]$DomainName,
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DomainName,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$DomainAdministratorCredential,
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$SafemodeAdministratorPassword,
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $SafemodeAdministratorPassword,
 
-        [String]$DatabasePath,
+        [Parameter()]
+        [System.String]
+        $DatabasePath,
 
-        [String]$LogPath,
+        [Parameter()]
+        [System.String]
+        $LogPath,
 
-        [String]$SysvolPath,
+        [Parameter()]
+        [System.String]
+        $SysvolPath,
 
-        [String]$SiteName
+        [Parameter()]
+        [System.String]
+        $SiteName
     )
 
     $returnValue = @{
@@ -41,7 +78,7 @@ function Get-TargetResource
     {
         Write-Verbose -Message "Resolving '$($DomainName)' ..."
         $domain = Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential
-        if ($domain -ne $null)
+        if ($null -ne $domain)
         {
             Write-Verbose -Message "Domain '$($DomainName)' is present. Looking for DCs ..."
             try
@@ -77,30 +114,76 @@ function Get-TargetResource
     $returnValue
 }
 
+<#
+    .SYNOPSIS
+        Returns the current state of the certificate that may need to be requested.
+
+    .PARAMETER DomainName
+        Provide the FQDN of the domain the Domain Controller is being added to.
+
+    .PARAMETER DomainAdministrationCredential
+        Provide the Domain Admin credentials to be able to promote a new Domain Controller. This is a PSCredential.
+
+    .PARAMETER SafemodeAdministratorPassword
+        Provide a password that will be used to set the DSRM password. This is a PSCredential.
+
+    .PARAMETER DatabasePath
+        Provide the path where the NTDS.dit will be created and stored.
+
+    .PARAMETER LogPath
+        Provide the path where the logs for the NTDS will be created and stored.
+
+    .PARAMETER SysvolPath
+        Provide the path where the Sysvol will be created and stored.
+
+    .PARAMETER SiteName
+        Provide the name of the site you want the Domain Controller to be added to.
+
+    .PARAMETER InstallationMediaPath
+        Provide the path for the IFM folder that was created with ntdsutil.
+        This should not be on a share but locally to the Domain Controller being promoted.
+#>
 function Set-TargetResource
 {
+    [CmdletBinding()]
     param
     (
-        [Parameter(Mandatory)]
-        [String]$DomainName,
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DomainName,
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$DomainAdministratorCredential,
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $SafemodeAdministratorPassword,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$SafemodeAdministratorPassword,
+        [Parameter()]
+        [System.String]
+        $DatabasePath,
 
-        [String]$DatabasePath,
+        [Parameter()]
+        [System.String]
+        $LogPath,
 
-        [String]$LogPath,
+        [Parameter()]
+        [System.String]
+        $SysvolPath,
 
-        [String]$SysvolPath,
+        [Parameter()]
+        [System.String]
+        $SiteName,
 
-        [String]$SiteName
+        [Parameter()]
+        [System.String]
+        $InstallationMediaPath
     )
 
     # Debug can pause Install-ADDSDomainController, so we remove it.
-    $parameters = $PSBoundParameters.Remove("Debug");
+    $parameters = $PSBoundParameters.Remove("Debug")
+    $parameters = $PSBoundParameters.Remove('InstallationMediaPath')
     $targetResource = Get-TargetResource @PSBoundParameters
 
     if ($targetResource.Ensure -eq $false)
@@ -142,6 +225,10 @@ function Set-TargetResource
         {
             $params.Add("SiteName", $SiteName)
         }
+        if (-not [string]::IsNullOrWhiteSpace($InstallationMediaPath))
+        {
+            $params.Add("InstallationMediaPath", $InstallationMediaPath)
+        }
 
         Install-ADDSDomainController @params
         Write-Verbose -Message "Node is now a domain controller for '$($DomainName)'."
@@ -162,27 +249,72 @@ function Set-TargetResource
     }
 }
 
+<#
+    .SYNOPSIS
+        Returns the current state of the certificate that may need to be requested.
+
+    .PARAMETER DomainName
+        Provide the FQDN of the domain the Domain Controller is being added to.
+
+    .PARAMETER DomainAdministrationCredential
+        Provide the Domain Admin credentials to be able to promote a new Domain Controller. This is a PSCredential.
+
+    .PARAMETER SafemodeAdministratorPassword
+        Provide a password that will be used to set the DSRM password. This is a PSCredential.
+
+    .PARAMETER DatabasePath
+        Provide the path where the NTDS.dit will be created and stored.
+
+    .PARAMETER LogPath
+        Provide the path where the logs for the NTDS will be created and stored.
+
+    .PARAMETER SysvolPath
+        Provide the path where the Sysvol will be created and stored.
+
+    .PARAMETER SiteName
+        Provide the name of the site you want the Domain Controller to be added to.
+
+    .PARAMETER InstallationMediaPath
+        Provide the path for the IFM folder that was created with ntdsutil.
+        This should not be on a share but locally to the Domain Controller being promoted.
+#>
 function Test-TargetResource
 {
+    [CmdletBinding()]
     [OutputType([System.Boolean])]
     param
     (
-        [Parameter(Mandatory)]
-        [String]$DomainName,
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DomainName,
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $DomainAdministratorCredential,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$DomainAdministratorCredential,
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $SafemodeAdministratorPassword,
 
-        [Parameter(Mandatory)]
-        [PSCredential]$SafemodeAdministratorPassword,
+        [Parameter()]
+        [System.String]
+        $DatabasePath,
 
-        [String]$DatabasePath,
+        [Parameter()]
+        [System.String]
+        $LogPath,
 
-        [String]$LogPath,
+        [Parameter()]
+        [System.String]
+        $SysvolPath,
 
-        [String]$SysvolPath,
+        [Parameter()]
+        [System.String]
+        $SiteName,
 
-        [String]$SiteName
+        [Parameter()]
+        [System.String]
+        $InstallationMediaPath
     )
 
     if ($PSBoundParameters.SiteName)
@@ -197,8 +329,8 @@ function Test-TargetResource
 
     try
     {
-        $parameters = $PSBoundParameters.Remove("Debug");
-
+        $parameters = $PSBoundParameters.Remove("Debug")
+        $parameters = $PSBoundParameters.Remove('InstallationMediaPath')
         $existingResource = Get-TargetResource @PSBoundParameters
         $isCompliant = $existingResource.Ensure
 

diff --git a/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.schema.mof b/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.schema.mof
@@ -1,11 +1,12 @@
 [ClassVersion("1.0.1.0"), FriendlyName("xADDomainController")]
 class MSFT_xADDomainController : OMI_BaseResource
 {
-    [Key] String DomainName;
-    [Required, EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential;
-    [Required, EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword;
-    [write] String DatabasePath;
-    [write] String LogPath;
-    [write] String SysvolPath;
-    [write] String SiteName;
+    [Key, Description("The FQDN of the domain the Domain Controller will be joining.")] String DomainName;
+    [Required, Description("The 'PSCredential' object containing Domain Adminstrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential;
+    [Required, Description("The 'PSCredential' object containing the password to use for DSRM."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword;
+    [Write, Description("The path where the database will be stored.")] String DatabasePath;
+    [Write, Description("The path where the logs will be stored.")] String LogPath;
+    [Write, Description("The path where the Sysvol will be stored.")] String SysvolPath;
+    [Write, Description("The name of the site this Domain Controller will be added to.")] String SiteName;
+    [Write, Description("The path of the media you want to use install the Domain Controller.")] String InstallationMediaPath;
 };