From 5e82d9fc6cb31a45488cb1ea002ce4cf0104f8e0 Mon Sep 17 00:00:00 2001 From: Raul Microsoft Date: Sat, 20 Jul 2019 11:23:43 +0200 Subject: [PATCH 01/17] Added InstallDns parameter to enable promotion without installing Dns server --- .../MSFT_ADDomainController.psm1 | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index f99cce00c..c21332338 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -32,6 +32,9 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController .PARAMETER SiteName Provide the name of the site you want the Domain Controller to be added to. + + .PARAMETER InstallDns + Specifies if the Dns service will be installed or not. Default value is true. #> function Get-TargetResource { @@ -65,7 +68,11 @@ function Get-TargetResource [Parameter()] [System.String] - $SiteName + $SiteName, + + [Parameter()] + [boolean] + $InstallDns ) Assert-Module -ModuleName 'ActiveDirectory' @@ -187,6 +194,9 @@ function Get-TargetResource Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed. + + .PARAMETER InstallDns + Specifies if the Dns service will be installed or not. Default value is true. #> function Set-TargetResource { @@ -257,7 +267,11 @@ function Set-TargetResource [Parameter()] [ValidateSet('DomainNamingMaster', 'SchemaMaster', 'InfrastructureMaster', 'PDCEmulator', 'RIDMaster')] [System.String[]] - $FlexibleSingleMasterOperationRole + $FlexibleSingleMasterOperationRole, + + [Parameter()] + [System.Boolean] + $InstallDns ) $getTargetResourceParameters = @{} + $PSBoundParameters @@ -329,6 +343,11 @@ function Set-TargetResource $installADDSDomainControllerParameters.Add('NoGlobalCatalog', $true) } + if ($PSBoundParameters.ContainsKey('InstallDns') -and $InstallDns -eq $false) + { + $installADDSDomainControllerParameters.Add('InstallDns', $false) + } + if (-not [System.String]::IsNullOrWhiteSpace($InstallationMediaPath)) { $installADDSDomainControllerParameters.Add('InstallationMediaPath', $InstallationMediaPath) @@ -577,6 +596,9 @@ function Set-TargetResource Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed. + + .PARAMETER InstallDns + Specifies if the Dns service will be installed or not. Default value is true. #> function Test-TargetResource { @@ -637,7 +659,11 @@ function Test-TargetResource [Parameter()] [ValidateSet('DomainNamingMaster', 'SchemaMaster', 'InfrastructureMaster', 'PDCEmulator', 'RIDMaster')] [System.String[]] - $FlexibleSingleMasterOperationRole + $FlexibleSingleMasterOperationRole, + + [Parameter()] + [System.Boolean] + $InstallDns ) Write-Verbose -Message ( From 62a8bb23252e951130481fcb02a0de4893747255 Mon Sep 17 00:00:00 2001 From: Raul Microsoft Date: Sat, 20 Jul 2019 11:59:28 +0200 Subject: [PATCH 02/17] Added InstallDns in the Schema --- .../MSFT_ADDomainController/MSFT_ADDomainController.psm1 | 8 ++++---- .../MSFT_ADDomainController.schema.mof | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index c21332338..33e4e6975 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -34,7 +34,7 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController Provide the name of the site you want the Domain Controller to be added to. .PARAMETER InstallDns - Specifies if the Dns service will be installed or not. Default value is true. + Specifies if the DNS service will be installed. Default value is $true. #> function Get-TargetResource { @@ -71,7 +71,7 @@ function Get-TargetResource $SiteName, [Parameter()] - [boolean] + [System.Boolean] $InstallDns ) @@ -196,7 +196,7 @@ function Get-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the Dns service will be installed or not. Default value is true. + Specifies if the DNS service will be installed. Default value is $true. #> function Set-TargetResource { @@ -598,7 +598,7 @@ function Set-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the Dns service will be installed or not. Default value is true. + Specifies if the DNS service will be installed. Default value is $true. #> function Test-TargetResource { diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index 09503a1a2..8c8574e8d 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -15,4 +15,5 @@ class MSFT_ADDomainController : OMI_BaseResource [Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC).")] String AllowPasswordReplicationAccountName[]; [Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC).")] String DenyPasswordReplicationAccountName[]; [Write, Description("Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed."), ValueMap{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}, Values{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}] String FlexibleSingleMasterOperationRole[]; + [Write, Description("Specifies if the DNS service will be installed. Default value is $true.")] Boolean InstallDns; }; From b70728c4e4a817a6f7b30201c1b3215b3dc24efa Mon Sep 17 00:00:00 2001 From: Raul Microsoft Date: Tue, 23 Jul 2019 21:26:34 +0200 Subject: [PATCH 03/17] Comments reviewed --- CHANGELOG.md | 3 + .../MSFT_ADDomainController.psm1 | 19 +++-- .../MSFT_ADDomainController.schema.mof | 2 +- .../MSFT_ADDomainController/README.md | 6 ++ ...eadOnlyDomainControllerUsingInstallDns.ps1 | 73 +++++++++++++++++++ 5 files changed, 97 insertions(+), 6 deletions(-) create mode 100644 Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d2c2a46c9..5ae1c351e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -62,6 +62,9 @@ the domain was found, or `$false` if it was not. - Changes to ADUser - Remove unused non-mandatory parameters from the Get-TargetResource ([issue #293](https://github.com/PowerShell/ActiveDirectoryDsc/issues/293)). +- Changes to ADDomainController + - Add InstallDns parameter to enable promotion without installing local + DNS Server Service ([issue #87](https://github.com/PowerShell/xActiveDirectory/issues/87)). ## 4.0.0.0 diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index 33e4e6975..ca01e0e28 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -34,7 +34,9 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController Provide the name of the site you want the Domain Controller to be added to. .PARAMETER InstallDns - Specifies if the DNS service will be installed. Default value is $true. + Specifies if the DNS Server service should be installed and configured on the domain controller. + If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] + (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. #> function Get-TargetResource { @@ -87,6 +89,7 @@ function Get-TargetResource AllowPasswordReplicationAccountName = $null DenyPasswordReplicationAccountName = $null FlexibleSingleMasterOperationRole = $null + InstallDns = $InstallDNs } Write-Verbose -Message ( @@ -196,7 +199,9 @@ function Get-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the DNS service will be installed. Default value is $true. + Specifies if the DNS Server service should be installed and configured on the domain controller. + If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] + (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. #> function Set-TargetResource { @@ -343,9 +348,9 @@ function Set-TargetResource $installADDSDomainControllerParameters.Add('NoGlobalCatalog', $true) } - if ($PSBoundParameters.ContainsKey('InstallDns') -and $InstallDns -eq $false) + if ($PSBoundParameters.ContainsKey('InstallDns')) { - $installADDSDomainControllerParameters.Add('InstallDns', $false) + $installADDSDomainControllerParameters.Add('InstallDns', $InstallDns) } if (-not [System.String]::IsNullOrWhiteSpace($InstallationMediaPath)) @@ -598,7 +603,11 @@ function Set-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the DNS service will be installed. Default value is $true. + Specifies if the DNS Server service should be installed and configured on the domain controller. + If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] + (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. + + Not used in Test-TargetResource. #> function Test-TargetResource { diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index 8c8574e8d..d05b89284 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -15,5 +15,5 @@ class MSFT_ADDomainController : OMI_BaseResource [Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC).")] String AllowPasswordReplicationAccountName[]; [Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC).")] String DenyPasswordReplicationAccountName[]; [Write, Description("Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed."), ValueMap{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}, Values{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}] String FlexibleSingleMasterOperationRole[]; - [Write, Description("Specifies if the DNS service will be installed. Default value is $true.")] Boolean InstallDns; + [Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] is used.")] Boolean InstallDns; }; diff --git a/DSCResources/MSFT_ADDomainController/README.md b/DSCResources/MSFT_ADDomainController/README.md index e67ef67ee..4caad63d9 100644 --- a/DSCResources/MSFT_ADDomainController/README.md +++ b/DSCResources/MSFT_ADDomainController/README.md @@ -4,6 +4,12 @@ The ADDomainController DSC resource will install and configure domain controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. +Promotion of a Domain Controller using an existing DNS is available using the InstallDns +parameter. The parameter specifies if the DNS Server service should be installed and configured +on the domain controller. If this is not set, the default for the parameter InstallDns of the cmdlet +[Install-ADDSDomainController](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) +is used. + >**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential >without the domain name, then the cmdlet `Install-ADDSDomainController` will diff --git a/Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 b/Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 new file mode 100644 index 000000000..bff5a4b3b --- /dev/null +++ b/Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 @@ -0,0 +1,73 @@ +<#PSScriptInfo +.VERSION 1.0.0 +.GUID ba30df50-0873-4c2c-872b-96f5c825910d +.AUTHOR Microsoft Corporation +.COMPANYNAME Microsoft Corporation +.COPYRIGHT (c) Microsoft Corporation. All rights reserved. +.TAGS DSCConfiguration +.LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE +.PROJECTURI https://github.com/PowerShell/xActiveDirectory +.ICONURI +.EXTERNALMODULEDEPENDENCIES +.REQUIREDSCRIPTS +.EXTERNALSCRIPTDEPENDENCIES +.RELEASENOTES First version. +.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core +#> + +#Requires -module xActiveDirectory + +<# + .DESCRIPTION + This configuration will add a domain controller to the domain contoso.com + without installing the local DNS server service and using the one in the existing domain. +#> +Configuration AddDomainControllerToDomainUsingExistingDNSServer +{ + param + ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $DomainAdministratorCredential + ) + + Import-DscResource -ModuleName PSDscResources + Import-DscResource -ModuleName xActiveDirectory + + node localhost + { + WindowsFeature 'InstallADDomainServicesFeature' + { + Ensure = 'Present' + Name = 'AD-Domain-Services' + } + + WindowsFeature 'RSATADPowerShell' + { + Ensure = 'Present' + Name = 'RSAT-AD-PowerShell' + + DependsOn = '[WindowsFeature]InstallADDomainServicesFeature' + } + + xWaitForADDomain 'WaitForestAvailability' + { + DomainName = 'contoso.com' + DomainUserCredential = $DomainAdministratorCredential + RetryCount = 10 + RetryIntervalSec = 120 + + DependsOn = '[WindowsFeature]RSATADPowerShell' + } + + xADDomainController 'DomainControllerUsingExistingDNSServer' + { + DomainName = 'contoso.com' + DomainAdministratorCredential = $DomainAdministratorCredential + SafemodeAdministratorPassword = $DomainAdministratorCredential + InstallDns = $false + DependsOn = '[xWaitForADDomain]WaitForestAvailability' + } + } +} From 58fa16c937f212d2861ffbc571dd3ecb4462ec76 Mon Sep 17 00:00:00 2001 From: Raul Microsoft Date: Tue, 23 Jul 2019 22:42:45 +0200 Subject: [PATCH 04/17] InstallDns Example Changed --- ...lDns.ps1 => 5-AddDomainControllerUsingInstallDns_Config.ps1} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename Examples/Resources/xADDomainController/{5-AddReadOnlyDomainControllerUsingInstallDns.ps1 => 5-AddDomainControllerUsingInstallDns_Config.ps1} (97%) diff --git a/Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 b/Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 similarity index 97% rename from Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 rename to Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 index bff5a4b3b..bf682d9fd 100644 --- a/Examples/Resources/xADDomainController/5-AddReadOnlyDomainControllerUsingInstallDns.ps1 +++ b/Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 @@ -22,7 +22,7 @@ This configuration will add a domain controller to the domain contoso.com without installing the local DNS server service and using the one in the existing domain. #> -Configuration AddDomainControllerToDomainUsingExistingDNSServer +Configuration AddDomainControllerUsingInstallDns_Config { param ( From d2f62b1b8f28595bbe57beb933c09738d41c1b15 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 13:20:01 +0200 Subject: [PATCH 05/17] Fix whitespace in WaitForADDomain --- .../MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt | 4 ++-- ...ForDomainControllerIgnoringAuthenticationErrors_Config.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt index 1b955f57c..45581e777 100644 --- a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt +++ b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt @@ -262,10 +262,10 @@ Configuration WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationError { WaitForADDomain 'contoso.com' { - DomainName = 'contoso.com' + DomainName = 'contoso.com' WaitForValidCredentials = $true - PsDscRunAsCredential = $Credential + PsDscRunAsCredential = $Credential } } } diff --git a/Examples/Resources/WaitForADDomain/7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1 b/Examples/Resources/WaitForADDomain/7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1 index 37af26ff0..f58bfaeb3 100644 --- a/Examples/Resources/WaitForADDomain/7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1 +++ b/Examples/Resources/WaitForADDomain/7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1 @@ -39,10 +39,10 @@ Configuration WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationError { WaitForADDomain 'contoso.com' { - DomainName = 'contoso.com' + DomainName = 'contoso.com' WaitForValidCredentials = $true - PsDscRunAsCredential = $Credential + PsDscRunAsCredential = $Credential } } } From 9ae1b68c8c07f181f63e40d50d22b5986240e385 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 13:21:24 +0200 Subject: [PATCH 06/17] Remove brackets around cmdlet in parameter description --- .../MSFT_ADDomainController.psm1 | 18 +++++++++--------- .../MSFT_ADDomainController.schema.mof | 2 +- .../en-US/about_ADDomainController.help.txt | 10 ++++++++++ 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index ca01e0e28..50b9204c8 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -34,9 +34,9 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController Provide the name of the site you want the Domain Controller to be added to. .PARAMETER InstallDns - Specifies if the DNS Server service should be installed and configured on the domain controller. - If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] - (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. + Specifies if the DNS Server service should be installed and configured on + the domain controller. If this is not set, the default for the parameter + InstallDns of the cmdlet Install-ADDSDomainController is used. #> function Get-TargetResource { @@ -199,9 +199,9 @@ function Get-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the DNS Server service should be installed and configured on the domain controller. - If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] - (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. + Specifies if the DNS Server service should be installed and configured on + the domain controller. If this is not set, the default for the parameter + InstallDns of the cmdlet Install-ADDSDomainController is used. #> function Set-TargetResource { @@ -603,9 +603,9 @@ function Set-TargetResource responding for the move to be allowed. .PARAMETER InstallDns - Specifies if the DNS Server service should be installed and configured on the domain controller. - If this is not set, the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] - (https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) is used. + Specifies if the DNS Server service should be installed and configured on + the domain controller. If this is not set, the default for the parameter + InstallDns of the cmdlet Install-ADDSDomainController is used. Not used in Test-TargetResource. #> diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index d05b89284..e546c138c 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -15,5 +15,5 @@ class MSFT_ADDomainController : OMI_BaseResource [Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC).")] String AllowPasswordReplicationAccountName[]; [Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC).")] String DenyPasswordReplicationAccountName[]; [Write, Description("Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed."), ValueMap{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}, Values{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}] String FlexibleSingleMasterOperationRole[]; - [Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet [Install-ADDSDomainController] is used.")] Boolean InstallDns; + [Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet Install-ADDSDomainController is used.")] Boolean InstallDns; }; diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 2bfbbba7b..56cfb5e82 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -6,6 +6,12 @@ controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. + Promotion of a Domain Controller using an existing DNS is available using the InstallDns + parameter. The parameter specifies if the DNS Server service should be installed and configured + on the domain controller. If this is not set, the default for the parameter InstallDns of the cmdlet + [Install-ADDSDomainController](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) + is used. + >**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential >without the domain name, then the cmdlet `Install-ADDSDomainController` will @@ -84,6 +90,10 @@ Allowed values: DomainNamingMaster, SchemaMaster, InfrastructureMaster, PDCEmulator, RIDMaster Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed. +.PARAMETER InstallDns + Write - Boolean + Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet Install-ADDSDomainController is used. + .EXAMPLE 1 This configuration will add a domain controller to the domain From ea5ab4fc519103717944d121b19e345c7ac0b00e Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 13:33:23 +0200 Subject: [PATCH 07/17] Fix review comments --- .../MSFT_ADDomainController.psm1 | 15 ++++++++++++--- .../MSFT_ADDomainController.schema.mof | 2 +- DSCResources/MSFT_ADDomainController/README.md | 13 ++++++++----- ...ller_AddDomainControllerAndMoveRole_Config.ps1 | 2 +- 4 files changed, 22 insertions(+), 10 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index 50b9204c8..2cf76e874 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -35,8 +35,11 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController .PARAMETER InstallDns Specifies if the DNS Server service should be installed and configured on - the domain controller. If this is not set, the default for the parameter + the domain controller. If this is not set the default value of the parameter InstallDns of the cmdlet Install-ADDSDomainController is used. + The parameter `InstallDns` is only used during the provisioning of a domain + controller. The parameter cannot be used to install or uninstall the DNS + server on an already provisioned domain controller. #> function Get-TargetResource { @@ -200,8 +203,11 @@ function Get-TargetResource .PARAMETER InstallDns Specifies if the DNS Server service should be installed and configured on - the domain controller. If this is not set, the default for the parameter + the domain controller. If this is not set the default value of the parameter InstallDns of the cmdlet Install-ADDSDomainController is used. + The parameter `InstallDns` is only used during the provisioning of a domain + controller. The parameter cannot be used to install or uninstall the DNS + server on an already provisioned domain controller. #> function Set-TargetResource { @@ -604,8 +610,11 @@ function Set-TargetResource .PARAMETER InstallDns Specifies if the DNS Server service should be installed and configured on - the domain controller. If this is not set, the default for the parameter + the domain controller. If this is not set the default value of the parameter InstallDns of the cmdlet Install-ADDSDomainController is used. + The parameter `InstallDns` is only used during the provisioning of a domain + controller. The parameter cannot be used to install or uninstall the DNS + server on an already provisioned domain controller. Not used in Test-TargetResource. #> diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index e546c138c..e235028c6 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -15,5 +15,5 @@ class MSFT_ADDomainController : OMI_BaseResource [Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC).")] String AllowPasswordReplicationAccountName[]; [Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC).")] String DenyPasswordReplicationAccountName[]; [Write, Description("Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed."), ValueMap{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}, Values{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}] String FlexibleSingleMasterOperationRole[]; - [Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet Install-ADDSDomainController is used.")] Boolean InstallDns; + [Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default value of the parameter `InstallDns` of the cmdlet Install-ADDSDomainController is used. This parameter is only used during the provisioning of a domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned domain controller.")] Boolean InstallDns; }; diff --git a/DSCResources/MSFT_ADDomainController/README.md b/DSCResources/MSFT_ADDomainController/README.md index 4caad63d9..e82abc53e 100644 --- a/DSCResources/MSFT_ADDomainController/README.md +++ b/DSCResources/MSFT_ADDomainController/README.md @@ -4,11 +4,14 @@ The ADDomainController DSC resource will install and configure domain controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. -Promotion of a Domain Controller using an existing DNS is available using the InstallDns -parameter. The parameter specifies if the DNS Server service should be installed and configured -on the domain controller. If this is not set, the default for the parameter InstallDns of the cmdlet -[Install-ADDSDomainController](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) -is used. +Promotion of a Domain Controller using an existing DNS is available using +the `InstallDns` parameter. The parameter specifies if the DNS Server service +should be installed and configured on the domain controller. If this is +not set the default value of the parameter `InstallDns` of the cmdlet +[`Install-ADDSDomainController`](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) +is used. The parameter `InstallDns` is only used during the provisioning +of a domain controller. The parameter cannot be used to install or uninstall +the DNS server on an already provisioned domain controller. >**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential diff --git a/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 b/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 index 7a9c877fc..4f48f167f 100644 --- a/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 +++ b/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0.0 -.GUID 5ef6db28-ed7b-474e-aabf-7480d2730d36 +.GUID d817a83d-6450-4dff-9b39-9b184572c100 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. From 4329511ec8c9d5b6d2e0de7a3687ec0ddc359072 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 13:36:39 +0200 Subject: [PATCH 08/17] Move example file to correct folder after module rename --- .../en-US/about_ADDomainController.help.txt | 70 +++++++++++++++++-- ..._AddDomainControllerAndMoveRole_Config.ps1 | 2 +- ...omainControllerUsingInstallDns_Config.ps1} | 2 +- 3 files changed, 66 insertions(+), 8 deletions(-) rename Examples/Resources/{xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 => ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1} (98%) diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 56cfb5e82..2186b6470 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -6,11 +6,14 @@ controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. - Promotion of a Domain Controller using an existing DNS is available using the InstallDns - parameter. The parameter specifies if the DNS Server service should be installed and configured - on the domain controller. If this is not set, the default for the parameter InstallDns of the cmdlet - [Install-ADDSDomainController](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) - is used. + Promotion of a Domain Controller using an existing DNS is available using + the `InstallDns` parameter. The parameter specifies if the DNS Server service + should be installed and configured on the domain controller. If this is + not set the default value of the parameter `InstallDns` of the cmdlet + [`Install-ADDSDomainController`](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) + is used. The parameter `InstallDns` is only used during the provisioning + of a domain controller. The parameter cannot be used to install or uninstall + the DNS server on an already provisioned domain controller. >**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential @@ -92,7 +95,7 @@ .PARAMETER InstallDns Write - Boolean - Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default for the parameter InstallDns of the cmdlet Install-ADDSDomainController is used. + Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default value of the parameter `InstallDns` of the cmdlet Install-ADDSDomainController is used. This parameter is only used during the provisioning of a domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned domain controller. .EXAMPLE 1 @@ -397,4 +400,59 @@ Configuration ADDomainController_AddDomainControllerAndMoveRole_Config } } +.EXAMPLE 6 + +This configuration will add a domain controller to the domain contoso.com +without installing the local DNS server service and using the one in the existing domain. + +Configuration AddDomainControllerUsingInstallDns_Config +{ + param + ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $DomainAdministratorCredential + ) + + Import-DscResource -ModuleName PSDscResources + Import-DscResource -ModuleName xActiveDirectory + + node localhost + { + WindowsFeature 'InstallADDomainServicesFeature' + { + Ensure = 'Present' + Name = 'AD-Domain-Services' + } + + WindowsFeature 'RSATADPowerShell' + { + Ensure = 'Present' + Name = 'RSAT-AD-PowerShell' + + DependsOn = '[WindowsFeature]InstallADDomainServicesFeature' + } + + xWaitForADDomain 'WaitForestAvailability' + { + DomainName = 'contoso.com' + DomainUserCredential = $DomainAdministratorCredential + RetryCount = 10 + RetryIntervalSec = 120 + + DependsOn = '[WindowsFeature]RSATADPowerShell' + } + + xADDomainController 'DomainControllerUsingExistingDNSServer' + { + DomainName = 'contoso.com' + DomainAdministratorCredential = $DomainAdministratorCredential + SafemodeAdministratorPassword = $DomainAdministratorCredential + InstallDns = $false + DependsOn = '[xWaitForADDomain]WaitForestAvailability' + } + } +} + diff --git a/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 b/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 index 4f48f167f..7a9c877fc 100644 --- a/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 +++ b/Examples/Resources/ADDomainController/5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0.0 -.GUID d817a83d-6450-4dff-9b39-9b184572c100 +.GUID 5ef6db28-ed7b-474e-aabf-7480d2730d36 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. diff --git a/Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 similarity index 98% rename from Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 rename to Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 index bf682d9fd..9123cde6a 100644 --- a/Examples/Resources/xADDomainController/5-AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 @@ -1,6 +1,6 @@ <#PSScriptInfo .VERSION 1.0.0 -.GUID ba30df50-0873-4c2c-872b-96f5c825910d +.GUID d817a83d-6450-4dff-9b39-9b184572c100 .AUTHOR Microsoft Corporation .COMPANYNAME Microsoft Corporation .COPYRIGHT (c) Microsoft Corporation. All rights reserved. From 0b8790a09564e4c24c0ea55684def005f144460c Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 13:41:49 +0200 Subject: [PATCH 09/17] Prefix example file --- ...ainController_AddDomainControllerUsingInstallDns_Config.ps1} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename Examples/Resources/ADDomainController/{6-AddDomainControllerUsingInstallDns_Config.ps1 => 6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1} (96%) diff --git a/Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 similarity index 96% rename from Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 rename to Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index 9123cde6a..06957fc15 100644 --- a/Examples/Resources/ADDomainController/6-AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -22,7 +22,7 @@ This configuration will add a domain controller to the domain contoso.com without installing the local DNS server service and using the one in the existing domain. #> -Configuration AddDomainControllerUsingInstallDns_Config +Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config { param ( From 0ff9a21a343a7fbee8e2d3e43367b51dede19428 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:11:21 +0200 Subject: [PATCH 10/17] Add unit tests --- Tests/Unit/MSFT_ADDomainController.Tests.ps1 | 107 ++++++++++++++++++- 1 file changed, 104 insertions(+), 3 deletions(-) diff --git a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 index 003c5caeb..f45296ecd 100644 --- a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 @@ -130,7 +130,7 @@ try return $null } - New-Item -Path 'TestDrive:\' -ItemType Directory -Name IFM + New-Item -Path 'TestDrive:\' -ItemType Directory -Name 'IFM' } It 'Should returns current Domain Controller properties' { @@ -148,6 +148,7 @@ try $result.DenyPasswordReplicationAccountName | Should -BeNullOrEmpty $result.FlexibleSingleMasterOperationRole | Should -Contain 'DomainNamingMaster' $result.FlexibleSingleMasterOperationRole | Should -Contain 'RIDMaster' + $result.InstallDns | Should -BeFalse } } @@ -188,7 +189,7 @@ try } } - New-Item -Path 'TestDrive:\' -ItemType Directory -Name IFM + New-Item -Path 'TestDrive:\' -ItemType Directory -Name 'IFM' } It 'Returns current Domain Controller properties' { @@ -205,10 +206,89 @@ try $result.AllowPasswordReplicationAccountName | Should -HaveCount 1 $result.AllowPasswordReplicationAccountName | Should -Be $allowedAccount $result.DenyPasswordReplicationAccountName | Should -Be $deniedAccount + $result.InstallDns | Should -BeFalse } } - Context 'When the node is not a Domain Controller' { + Context 'When the node is a Domain Controller with DNS installed' { + BeforeAll { + Mock -CommandName Get-ADDomain -MockWith { return $true } + Mock -CommandName Get-DomainControllerObject { + $domainControllerObject = New-Object -TypeName Microsoft.ActiveDirectory.Management.ADDomainController + $domainControllerObject.Site = $correctSiteName + $domainControllerObject.Domain = $correctDomainName + $domainControllerObject.IsGlobalCatalog = $true + $domainControllerObject.IsReadOnly = $false + return $domainControllerObject + } + + Mock -CommandName Get-ItemProperty -ParameterFilter { $Path -eq 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters' } -MockWith { + return @{ + 'Database log files path' = 'C:\Windows\NTDS' + 'DSA Working Directory' = 'C:\Windows\NTDS' + } + } + + Mock -CommandName Get-ItemProperty -ParameterFilter { $Path -eq 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' } -MockWith { + return @{ + 'SysVol' = 'C:\Windows\SYSVOL\sysvol' + } + } + + Mock -CommandName Get-ADDomainControllerPasswordReplicationPolicy + Mock -CommandName Get-ADDomainControllerPasswordReplicationPolicy + + New-Item -Path 'TestDrive:\' -ItemType Directory -Name 'IFM' + } + + It 'Returns current Domain Controller properties' { + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName -InstallDns $true + + $result.DomainName | Should -Be $correctDomainName + $result.InstallDns | Should -BeTrue + } + } + + Context 'When the node is a Domain Controller and no DNS should be installed' { + BeforeAll { + Mock -CommandName Get-ADDomain -MockWith { return $true } + Mock -CommandName Get-DomainControllerObject { + $domainControllerObject = New-Object -TypeName Microsoft.ActiveDirectory.Management.ADDomainController + $domainControllerObject.Site = $correctSiteName + $domainControllerObject.Domain = $correctDomainName + $domainControllerObject.IsGlobalCatalog = $true + $domainControllerObject.IsReadOnly = $false + return $domainControllerObject + } + + Mock -CommandName Get-ItemProperty -ParameterFilter { $Path -eq 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters' } -MockWith { + return @{ + 'Database log files path' = 'C:\Windows\NTDS' + 'DSA Working Directory' = 'C:\Windows\NTDS' + } + } + + Mock -CommandName Get-ItemProperty -ParameterFilter { $Path -eq 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' } -MockWith { + return @{ + 'SysVol' = 'C:\Windows\SYSVOL\sysvol' + } + } + + Mock -CommandName Get-ADDomainControllerPasswordReplicationPolicy + Mock -CommandName Get-ADDomainControllerPasswordReplicationPolicy + + New-Item -Path 'TestDrive:\' -ItemType Directory -Name 'IFM' + } + + It 'Returns current Domain Controller properties' { + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName -InstallDns $false + + $result.DomainName | Should -Be $correctDomainName + $result.InstallDns | Should -BeFalse + } + } + + Context 'When the node should not be a Domain Controller' { BeforeAll { Mock -CommandName Get-ADDomain -MockWith { return $true } Mock -CommandName Get-DomainControllerObject -MockWith { @@ -231,6 +311,7 @@ try $result.AllowPasswordReplicationAccountName | Should -BeNullOrEmpty $result.DenyPasswordReplicationAccountName | Should -BeNullOrEmpty $result.FlexibleSingleMasterOperationRole | Should -BeNullOrEmpty + $result.InstallDns | Should -BeFalse } } } @@ -705,6 +786,26 @@ try } } + Context 'When the domain controller should have a DNS installed' { + It 'It should call the correct mocks' { + { Set-TargetResource @testDefaultParamsRODC -DomainName $correctDomainName -InstallDns $true } | Should -Not -Throw + + Assert-MockCalled -CommandName Install-ADDSDomainController -ParameterFilter { + $InstallDns -eq $true + } -Exactly -Times 1 -Scope It + } + } + + Context 'When the domain controller should not have a DNS installed' { + It 'It should call the correct mocks' { + { Set-TargetResource @testDefaultParamsRODC -DomainName $correctDomainName -InstallDns $false } | Should -Not -Throw + + Assert-MockCalled -CommandName Install-ADDSDomainController -ParameterFilter { + $InstallDns -eq $false + } -Exactly -Times 1 -Scope It + } + } + Context 'When a domain controller is in the wrong site' { BeforeAll { Mock -CommandName Move-ADDirectoryServer From 3570d86ce79ffd07c8d7adf341a93e1365154ee3 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:18:07 +0200 Subject: [PATCH 11/17] Fix example to import correct module --- ...mainController_AddDomainControllerUsingInstallDns_Config.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index 06957fc15..132971450 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -33,7 +33,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config ) Import-DscResource -ModuleName PSDscResources - Import-DscResource -ModuleName xActiveDirectory + Import-DscResource -ModuleName ActiveDirectoryDsc node localhost { From 0a56575f91a80a54ff22e9a79010f7c4daf20eb9 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:26:32 +0200 Subject: [PATCH 12/17] Fix requires in example --- ...mainController_AddDomainControllerUsingInstallDns_Config.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index 132971450..b3d7b368b 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -15,7 +15,7 @@ .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core #> -#Requires -module xActiveDirectory +#Requires -module ActiveDirectoryDsc <# .DESCRIPTION From f58e911067cf59f5c2f08e8985a03658ffd84d05 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:40:37 +0200 Subject: [PATCH 13/17] Fix resource names in example --- ...inController_AddDomainControllerUsingInstallDns_Config.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index b3d7b368b..eea351fd8 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -51,7 +51,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config DependsOn = '[WindowsFeature]InstallADDomainServicesFeature' } - xWaitForADDomain 'WaitForestAvailability' + WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' DomainUserCredential = $DomainAdministratorCredential @@ -61,7 +61,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config DependsOn = '[WindowsFeature]RSATADPowerShell' } - xADDomainController 'DomainControllerUsingExistingDNSServer' + ADDomainController 'DomainControllerUsingExistingDNSServer' { DomainName = 'contoso.com' DomainAdministratorCredential = $DomainAdministratorCredential From 98864bdd6cd87f4e3a0e7caed294203648784ea2 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:52:02 +0200 Subject: [PATCH 14/17] Update example to user correct resource parameters --- .../en-US/about_ADDomainController.help.txt | 22 +++++++++---------- ...DomainControllerUsingInstallDns_Config.ps1 | 14 ++++++------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 2186b6470..09735b1f0 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -405,7 +405,7 @@ Configuration ADDomainController_AddDomainControllerAndMoveRole_Config This configuration will add a domain controller to the domain contoso.com without installing the local DNS server service and using the one in the existing domain. -Configuration AddDomainControllerUsingInstallDns_Config +Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config { param ( @@ -416,7 +416,7 @@ Configuration AddDomainControllerUsingInstallDns_Config ) Import-DscResource -ModuleName PSDscResources - Import-DscResource -ModuleName xActiveDirectory + Import-DscResource -ModuleName ActiveDirectoryDsc node localhost { @@ -434,21 +434,21 @@ Configuration AddDomainControllerUsingInstallDns_Config DependsOn = '[WindowsFeature]InstallADDomainServicesFeature' } - xWaitForADDomain 'WaitForestAvailability' + WaitForADDomain 'WaitForestAvailability' { - DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential - RetryCount = 10 - RetryIntervalSec = 120 + DomainName = 'contoso.com' + Credential = $DomainAdministratorCredential + RetryCount = 10 + RetryIntervalSec = 120 - DependsOn = '[WindowsFeature]RSATADPowerShell' + DependsOn = '[WindowsFeature]RSATADPowerShell' } - xADDomainController 'DomainControllerUsingExistingDNSServer' + ADDomainController 'DomainControllerUsingExistingDNSServer' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $DomainAdministratorCredential + SafeModeAdministratorPassword = $DomainAdministratorCredential InstallDns = $false DependsOn = '[xWaitForADDomain]WaitForestAvailability' } diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index eea351fd8..0cbe0a46b 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -53,19 +53,19 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config WaitForADDomain 'WaitForestAvailability' { - DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential - RetryCount = 10 - RetryIntervalSec = 120 + DomainName = 'contoso.com' + Credential = $DomainAdministratorCredential + RetryCount = 10 + RetryIntervalSec = 120 - DependsOn = '[WindowsFeature]RSATADPowerShell' + DependsOn = '[WindowsFeature]RSATADPowerShell' } ADDomainController 'DomainControllerUsingExistingDNSServer' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $DomainAdministratorCredential + SafeModeAdministratorPassword = $DomainAdministratorCredential InstallDns = $false DependsOn = '[xWaitForADDomain]WaitForestAvailability' } From ce517ccb20a5dde829884493261ef566340513ac Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 14:52:57 +0200 Subject: [PATCH 15/17] Update example parameter name --- .../en-US/about_ADDomainController.help.txt | 8 ++++---- ...ntroller_AddDomainControllerUsingInstallDns_Config.ps1 | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 09735b1f0..66c34a4ca 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -412,7 +412,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName PSDscResources @@ -437,7 +437,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - Credential = $DomainAdministratorCredential + Credential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -447,8 +447,8 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config ADDomainController 'DomainControllerUsingExistingDNSServer' { DomainName = 'contoso.com' - Credential = $DomainAdministratorCredential - SafeModeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $Credential InstallDns = $false DependsOn = '[xWaitForADDomain]WaitForestAvailability' } diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index 0cbe0a46b..a96cf0ff6 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -29,7 +29,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +54,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - Credential = $DomainAdministratorCredential + Credential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +64,8 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config ADDomainController 'DomainControllerUsingExistingDNSServer' { DomainName = 'contoso.com' - Credential = $DomainAdministratorCredential - SafeModeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $Credential InstallDns = $false DependsOn = '[xWaitForADDomain]WaitForestAvailability' } From f02f133e478d58f838bb6a71dd90019dbb788a5c Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 15:09:44 +0200 Subject: [PATCH 16/17] Remove old properties from example --- .../en-US/about_ADDomainController.help.txt | 3 +-- ...ainController_AddDomainControllerUsingInstallDns_Config.ps1 | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 66c34a4ca..654dc22cb 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -438,8 +438,6 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config { DomainName = 'contoso.com' Credential = $Credential - RetryCount = 10 - RetryIntervalSec = 120 DependsOn = '[WindowsFeature]RSATADPowerShell' } @@ -450,6 +448,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config Credential = $Credential SafeModeAdministratorPassword = $Credential InstallDns = $false + DependsOn = '[xWaitForADDomain]WaitForestAvailability' } } diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index a96cf0ff6..8df184ac5 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -55,8 +55,6 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config { DomainName = 'contoso.com' Credential = $Credential - RetryCount = 10 - RetryIntervalSec = 120 DependsOn = '[WindowsFeature]RSATADPowerShell' } @@ -67,6 +65,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config Credential = $Credential SafeModeAdministratorPassword = $Credential InstallDns = $false + DependsOn = '[xWaitForADDomain]WaitForestAvailability' } } From 9d7f2d1c94bc5bb9194d0bbda370c9e83f790e63 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 25 Aug 2019 15:22:04 +0200 Subject: [PATCH 17/17] Fix depends in example --- ...mainController_AddDomainControllerUsingInstallDns_Config.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 index 8df184ac5..dc3fd4f0c 100644 --- a/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 +++ b/Examples/Resources/ADDomainController/6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 @@ -66,7 +66,7 @@ Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config SafeModeAdministratorPassword = $Credential InstallDns = $false - DependsOn = '[xWaitForADDomain]WaitForestAvailability' + DependsOn = '[WaitForADDomain]WaitForestAvailability' } } }