From a7514a38a858a4dd00d9ba102e8f85ab468c3557 Mon Sep 17 00:00:00 2001 From: James Frierson <50841359+JamesFrierson1@users.noreply.github.com> Date: Sat, 8 Jun 2019 12:17:30 -0500 Subject: [PATCH 01/45] Delete xActiveDirectory_TechNetDocumentation.html --- xActiveDirectory_TechNetDocumentation.html | 898 --------------------- 1 file changed, 898 deletions(-) delete mode 100644 xActiveDirectory_TechNetDocumentation.html diff --git a/xActiveDirectory_TechNetDocumentation.html b/xActiveDirectory_TechNetDocumentation.html deleted file mode 100644 index 77f26da1c..000000000 --- a/xActiveDirectory_TechNetDocumentation.html +++ /dev/null @@ -1,898 +0,0 @@ -
--
- The xActiveDirectory module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. This module contains the - xADDomain, xADDomainController, xADUser, xWaitForDomain, and xADDomainTrust resources. These DSC Resources allow you to configure and manage Active Directory. Note: these resources do not presently install the RSAT tools. -
-- All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service. The "x" in xActiveDirectory stands for experimental, which means that these resources will - be fix forward and monitored by the module owner(s). -
-Please leave comments, feature requests, and bug reports in the Q & A tab for this module.
-- If you would like to modify xActiveDirectory module, feel free. When modifying, please update the module name, resource friendly name, and MOF class name (instructions below). As specified in the license, you may copy or modify this resource - as long as they are used on the Windows Platform. -
-- For more information about Windows PowerShell Desired State Configuration, check out the blog posts on the - PowerShell Blog (this - is a good starting point). There are also great community resources, such as - PowerShell.org - , or - PowerShell Magazine - . For more information on the DSC Resource Kit, check out - this blog post. -
-To install xActiveDirectory module
-To confirm installation:
-- This module requires the latest version of PowerShell (v4.0, which ships in Windows 8.1 or Windows Server 2012R2). To easily use PowerShell 4.0 on older operating systems, - install WMF 4.0. Please read the installation instructions that are present on both the download page and the release notes for WMF 4.0. -
-
- The xActiveDirectory module contains the xADDomain, xADDomainController, xADUser, xWaitForDomain, and ADDomainTrust DSC Resources. These DSC Resources allow you to configure new domain, child domains,high availability domain
- controllers and establish cross-domain trusts.
- The
- xADDomain
- resource is responsible to create new Active directory forest configuration or new Active directory domain configuration.
- The
-
- xADDomainController
- resource is responsible to install a domain controller in Active directory.
-
- The
- xADUser
- resource is responsible to modify or remove Active directory User.
- The
- xWaitForDomain resource is responsible to wait for new domain to setup. It's worth noting that the RSAT tools will not be installed when these resources are used to configure AD. The
- xADDomainTrust resource is used to establish a cross-domain trust.
-
-
-
-
-
-
-
xADDomain resource has following properties:
-xADDomainController resource has following properties:
-xADUser resource has following properties:
-xWaitForADDomain resource has following properties:
-xADDomainTrust resource has following properties:
-When making changes to these resources, we suggest the following practice:
-- - We reserve resource and module names without prefixes ("x" or "c") for future use (e.g. "MSFT_ADDomain" or "MSFT_ADUser"). If the next version of Windows Server ships with a "ADDomain" resource, we don't want to break any configurations that use any - community modifications. Please keep a prefix such as "c" on all community modifications. - -
-1.0.0.0
-2.0.0.0
-2.1.0.0
-2.2
-2.3
-- In the following example configuration, a highly available domain is created by adding a domain controller to an existing domain. This example uses the xWaitForDomain resource to ensure that the domain is present before the second domain controller - is added. -
-# A configuration to Create High Availability Domain Controller -configuration AssertHADC -{ - param - ( - [Parameter(Mandatory)] - [pscredential]$safemodeAdministratorCred, - [Parameter(Mandatory)] - [pscredential]$domainCred, - [Parameter(Mandatory)] - [pscredential]$DNSDelegationCred, - [Parameter(Mandatory)] - [pscredential]$NewADUserCred - ) - Import-DscResource -ModuleName xActiveDirectory - Node $AllNodes.Where{$_.Role -eq "Primary DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - xADDomain FirstDS - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[WindowsFeature]ADDSInstall" - } - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[xADDomain]FirstDS" - } - xADUser FirstUser - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - UserName = "dummy" - Password = $NewADUserCred - Ensure = "Present" - DependsOn = "[xWaitForADDomain]DscForestWait" - } - } - Node $AllNodes.Where{$_.Role -eq "Replica DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[WindowsFeature]ADDSInstall" - } - xADDomainController SecondDC - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[xWaitForADDomain]DscForestWait" - } - } -} -# Configuration Data for AD -$ConfigData = @{ - AllNodes = @( - @{ - Nodename = "dsc-testNode1" - Role = "Primary DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 20 - RetryIntervalSec = 30 - }, - @{ - Nodename = "dsc-testNode2" - Role = "Replica DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 20 - RetryIntervalSec = 30 - } - ) -} -AssertHADC -configurationData $ConfigData ` --safemodeAdministratorCred (Get-Credential -Message "New Domain Safe Mode Admin Credentials") ` --domainCred (Get-Credential -Message "New Domain Admin Credentials") ` --DNSDelegationCred (Get-Credential -Message "Credentials to Setup DNS Delegation") ` --NewADUserCred (Get-Credential -Message "New AD User Credentials") -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode1" -Path $PSScriptRoot\AssertHADC ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode2" -Path $PSScriptRoot\AssertHADC ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") --
# A configuration to Create High Availability Domain Controller - -configuration AssertHADC -{ - - param - ( - [Parameter(Mandatory)] - [pscredential]$safemodeAdministratorCred, - - [Parameter(Mandatory)] - [pscredential]$domainCred, - - [Parameter(Mandatory)] - [pscredential]$DNSDelegationCred, - - [Parameter(Mandatory)] - [pscredential]$NewADUserCred - ) - - Import-DscResource -ModuleName xActiveDirectory - - Node $AllNodes.Where{$_.Role -eq "Primary DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xADDomain FirstDS - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[xADDomain]FirstDS" - } - - xADUser FirstUser - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - UserName = "dummy" - Password = $NewADUserCred - Ensure = "Present" - DependsOn = "[xWaitForADDomain]DscForestWait" - } - - } - - Node $AllNodes.Where{$_.Role -eq "Replica DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xADDomainController SecondDC - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[xWaitForADDomain]DscForestWait" - } - } -} - -# Configuration Data for AD - -$ConfigData = @{ - AllNodes = @( - @{ - Nodename = "dsc-testNode1" - Role = "Primary DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 20 - RetryIntervalSec = 30 - }, - - @{ - Nodename = "dsc-testNode2" - Role = "Replica DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 20 - RetryIntervalSec = 30 - } - ) -} - -AssertHADC -configurationData $ConfigData ` --safemodeAdministratorCred (Get-Credential -Message "New Domain Safe Mode Admin Credentials") ` --domainCred (Get-Credential -Message "New Domain Admin Credentials") ` --DNSDelegationCred (Get-Credential -Message "Credentials to Setup DNS Delegation") ` --NewADUserCred (Get-Credential -Message "New AD User Credentials") - -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode1" -Path $PSScriptRoot\AssertHADC ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") - -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode2" -Path $PSScriptRoot\AssertHADC ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") --
In this example, we create a domain, and then create a child domain on another node.
--
# Configuration to Setup Parent Child Domains - -configuration AssertParentChildDomains -{ - param - ( - [Parameter(Mandatory)] - [pscredential]$safemodeAdministratorCred, - - [Parameter(Mandatory)] - [pscredential]$domainCred, - - [Parameter(Mandatory)] - [pscredential]$DNSDelegationCred, - - [Parameter(Mandatory)] - [pscredential]$NewADUserCred - ) - - Import-DscResource -ModuleName xActiveDirectory - - Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xADDomain FirstDS - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[xADDomain]FirstDS" - } - - xADUser FirstUser - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domaincred - UserName = "dummy" - Password = $NewADUserCred - Ensure = "Present" - DependsOn = "[xWaitForADDomain]DscForestWait" - } - - } - - Node $AllNodes.Where{$_.Role -eq "Child DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xADDomain ChildDS - { - DomainName = $Node.DomainName - ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DependsOn = "[xWaitForADDomain]DscForestWait" - } - } -} - -$ConfigData = @{ - - AllNodes = @( - @{ - Nodename = "dsc-testNode1" - Role = "Parent DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 50 - RetryIntervalSec = 30 - }, - - @{ - Nodename = "dsc-testNode2" - Role = "Child DC" - DomainName = "dsc-child" - ParentDomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 50 - RetryIntervalSec = 30 - } - ) -} - -AssertParentChildDomains -configurationData $ConfigData ` --safemodeAdministratorCred (Get-Credential -Message "New Domain Safe Mode Admin Credentials") ` --domainCred (Get-Credential -Message "New Domain Admin Credentials") ` --DNSDelegationCred (Get-Credential -Message "Credentials to Setup DNS Delegation") ` --NewADUserCred (Get-Credential -Message "New AD User Credentials") - - -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode1" -Path $PSScriptRoot\AssertParentChildDomains ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode2" -Path $PSScriptRoot\AssertParentChildDomains ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") - --
In this example, we setup one-way trust between two domains
--
-configuration Sample_xADDomainTrust_OneWayTrust -{ - param - ( - [Parameter(Mandatory)] - [String]$SourceDomain, - [Parameter(Mandatory)] - [String]$TargetDomain, - - [Parameter(Mandatory)] - [PSCredential]$TargetDomainAdminCred, - [Parameter(Mandatory)] - [String]$TrustDirection - ) - Import-DscResource -module xActiveDirectory - Node $AllNodes.Where{$_.Role -eq 'DomainController'}.NodeName - { - xADDomainTrust trust - { - Ensure = 'Present' - SourceDomainName = $SourceDomain - TargetDomainName = $TargetDomain - TargetDomainAdministratorCredential = $TargetDomainAdminCred - TrustDirection = $TrustDirection - TrustType = 'External' - } - } -} -$config = @{ - AllNodes = @( - @{ - NodeName = 'localhost' - Role = 'DomainController' - # Certificate Thumbprint that is used to encrypt/decrypt the credential - CertificateID = 'B9192121495A307A492A19F6344E8752B51AC4A6' - } - ) -} -Sample_xADDomainTrust_OneWayTrust -configurationdata $config ` - -SourceDomain safeharbor.contoso.com ` - -TargetDomain corporate.contoso.com ` - -TargetDomainAdminCred (get-credential) ` - -TrustDirection 'Inbound' --
# Configuration to Setup Parent Child Domains - -configuration AssertParentChildDomains -{ - param - ( - [Parameter(Mandatory)] - [pscredential]$safemodeAdministratorCred, - - [Parameter(Mandatory)] - [pscredential]$domainCred, - - [Parameter(Mandatory)] - [pscredential]$DNSDelegationCred, - - [Parameter(Mandatory)] - [pscredential]$NewADUserCred - ) - - Import-DscResource -ModuleName xActiveDirectory - - Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xADDomain FirstDS - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[xADDomain]FirstDS" - } - - xADUser FirstUser - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domaincred - UserName = "dummy" - Password = $NewADUserCred - Ensure = "Present" - DependsOn = "[xWaitForADDomain]DscForestWait" - } - - } - - Node $AllNodes.Where{$_.Role -eq "Child DC"}.Nodename - { - WindowsFeature ADDSInstall - { - Ensure = "Present" - Name = "AD-Domain-Services" - } - - xWaitForADDomain DscForestWait - { - DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[WindowsFeature]ADDSInstall" - } - - xADDomain ChildDS - { - DomainName = $Node.DomainName - ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $safemodeAdministratorCred - DependsOn = "[xWaitForADDomain]DscForestWait" - } - } -} - -$ConfigData = @{ - - AllNodes = @( - @{ - Nodename = "dsc-testNode1" - Role = "Parent DC" - DomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 50 - RetryIntervalSec = 30 - }, - - @{ - Nodename = "dsc-testNode2" - Role = "Child DC" - DomainName = "dsc-child" - ParentDomainName = "dsc-test.contoso.com" - CertificateFile = "C:\publicKeys\targetNode.cer" - Thumbprint = "AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8" - RetryCount = 50 - RetryIntervalSec = 30 - } - ) -} - -AssertParentChildDomains -configurationData $ConfigData ` --safemodeAdministratorCred (Get-Credential -Message "New Domain Safe Mode Admin Credentials") ` --domainCred (Get-Credential -Message "New Domain Admin Credentials") ` --DNSDelegationCred (Get-Credential -Message "Credentials to Setup DNS Delegation") ` --NewADUserCred (Get-Credential -Message "New AD User Credentials") - - -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode1" -Path $PSScriptRoot\AssertParentChildDomains ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") -Start-DscConfiguration -Wait -Force -Verbose -ComputerName "dsc-testNode2" -Path $PSScriptRoot\AssertParentChildDomains ` --Credential (Get-Credential -Message "Local Admin Credentials on Remote Machine") - --