Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ADDomainController: Added InstallDns to promote without installing DNS #439

Merged
merged 17 commits into from
Aug 25, 2019
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@
the domain was found, or `$false` if it was not.
- Changes to ADUser
- Remove unused non-mandatory parameters from the Get-TargetResource ([issue #293](https://github.com/PowerShell/ActiveDirectoryDsc/issues/293)).
- Changes to ADDomainController
- Add InstallDns parameter to enable promotion without installing local
DNS Server Service ([issue #87](https://github.com/PowerShell/xActiveDirectory/issues/87)).

## 4.0.0.0

Expand Down
50 changes: 47 additions & 3 deletions DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,14 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController

.PARAMETER SiteName
Provide the name of the site you want the Domain Controller to be added to.

.PARAMETER InstallDns
Specifies if the DNS Server service should be installed and configured on
the domain controller. If this is not set the default value of the parameter
InstallDns of the cmdlet Install-ADDSDomainController is used.
The parameter `InstallDns` is only used during the provisioning of a domain
controller. The parameter cannot be used to install or uninstall the DNS
server on an already provisioned domain controller.
#>
function Get-TargetResource
{
Expand Down Expand Up @@ -65,7 +73,11 @@ function Get-TargetResource

[Parameter()]
[System.String]
$SiteName
$SiteName,

[Parameter()]
[System.Boolean]
$InstallDns
)

Assert-Module -ModuleName 'ActiveDirectory'
Expand All @@ -80,6 +92,7 @@ function Get-TargetResource
AllowPasswordReplicationAccountName = $null
DenyPasswordReplicationAccountName = $null
FlexibleSingleMasterOperationRole = $null
InstallDns = $InstallDNs
}

Write-Verbose -Message (
Expand Down Expand Up @@ -187,6 +200,14 @@ function Get-TargetResource
Specifies one or more Flexible Single Master Operation (FSMO) roles to
move to this domain controller. The current owner must be online and
responding for the move to be allowed.

.PARAMETER InstallDns
Specifies if the DNS Server service should be installed and configured on
the domain controller. If this is not set the default value of the parameter
InstallDns of the cmdlet Install-ADDSDomainController is used.
The parameter `InstallDns` is only used during the provisioning of a domain
controller. The parameter cannot be used to install or uninstall the DNS
server on an already provisioned domain controller.
#>
function Set-TargetResource
{
Expand Down Expand Up @@ -257,7 +278,11 @@ function Set-TargetResource
[Parameter()]
[ValidateSet('DomainNamingMaster', 'SchemaMaster', 'InfrastructureMaster', 'PDCEmulator', 'RIDMaster')]
[System.String[]]
$FlexibleSingleMasterOperationRole
$FlexibleSingleMasterOperationRole,

[Parameter()]
[System.Boolean]
$InstallDns
)

$getTargetResourceParameters = @{} + $PSBoundParameters
Expand Down Expand Up @@ -329,6 +354,11 @@ function Set-TargetResource
$installADDSDomainControllerParameters.Add('NoGlobalCatalog', $true)
}

if ($PSBoundParameters.ContainsKey('InstallDns'))
{
$installADDSDomainControllerParameters.Add('InstallDns', $InstallDns)
}

if (-not [System.String]::IsNullOrWhiteSpace($InstallationMediaPath))
{
$installADDSDomainControllerParameters.Add('InstallationMediaPath', $InstallationMediaPath)
Expand Down Expand Up @@ -577,6 +607,16 @@ function Set-TargetResource
Specifies one or more Flexible Single Master Operation (FSMO) roles to
move to this domain controller. The current owner must be online and
responding for the move to be allowed.

.PARAMETER InstallDns
Specifies if the DNS Server service should be installed and configured on
the domain controller. If this is not set the default value of the parameter
InstallDns of the cmdlet Install-ADDSDomainController is used.
The parameter `InstallDns` is only used during the provisioning of a domain
controller. The parameter cannot be used to install or uninstall the DNS
server on an already provisioned domain controller.

Not used in Test-TargetResource.
#>
function Test-TargetResource
{
Expand Down Expand Up @@ -637,7 +677,11 @@ function Test-TargetResource
[Parameter()]
[ValidateSet('DomainNamingMaster', 'SchemaMaster', 'InfrastructureMaster', 'PDCEmulator', 'RIDMaster')]
[System.String[]]
$FlexibleSingleMasterOperationRole
$FlexibleSingleMasterOperationRole,

[Parameter()]
[System.Boolean]
$InstallDns
)

Write-Verbose -Message (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,5 @@ class MSFT_ADDomainController : OMI_BaseResource
[Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC).")] String AllowPasswordReplicationAccountName[];
[Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC).")] String DenyPasswordReplicationAccountName[];
[Write, Description("Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed."), ValueMap{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}, Values{"DomainNamingMaster", "SchemaMaster", "InfrastructureMaster", "PDCEmulator", "RIDMaster"}] String FlexibleSingleMasterOperationRole[];
[Write, Description("Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default value of the parameter `InstallDns` of the cmdlet Install-ADDSDomainController is used. This parameter is only used during the provisioning of a domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned domain controller.")] Boolean InstallDns;
};
9 changes: 9 additions & 0 deletions DSCResources/MSFT_ADDomainController/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,15 @@ The ADDomainController DSC resource will install and configure domain
controllers in Active Directory. Installation of Read-Only Domain Controllers
(RODC) is also supported.

Promotion of a Domain Controller using an existing DNS is available using
the `InstallDns` parameter. The parameter specifies if the DNS Server service
should be installed and configured on the domain controller. If this is
not set the default value of the parameter `InstallDns` of the cmdlet
[`Install-ADDSDomainController`](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller)
is used. The parameter `InstallDns` is only used during the provisioning
of a domain controller. The parameter cannot be used to install or uninstall
the DNS server on an already provisioned domain controller.

>**Note:** If the account used for the parameter `Credential`
>cannot connect to another domain controller, for example using a credential
>without the domain name, then the cmdlet `Install-ADDSDomainController` will
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,15 @@
controllers in Active Directory. Installation of Read-Only Domain Controllers
(RODC) is also supported.

Promotion of a Domain Controller using an existing DNS is available using
the `InstallDns` parameter. The parameter specifies if the DNS Server service
should be installed and configured on the domain controller. If this is
not set the default value of the parameter `InstallDns` of the cmdlet
[`Install-ADDSDomainController`](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller)
is used. The parameter `InstallDns` is only used during the provisioning
of a domain controller. The parameter cannot be used to install or uninstall
the DNS server on an already provisioned domain controller.

>**Note:** If the account used for the parameter `Credential`
>cannot connect to another domain controller, for example using a credential
>without the domain name, then the cmdlet `Install-ADDSDomainController` will
Expand Down Expand Up @@ -84,6 +93,10 @@
Allowed values: DomainNamingMaster, SchemaMaster, InfrastructureMaster, PDCEmulator, RIDMaster
Specifies one or more Flexible Single Master Operation (FSMO) roles to move to this domain controller. The current owner must be online and responding for the move to be allowed.

.PARAMETER InstallDns
Write - Boolean
Specifies if the DNS Server service should be installed and configured on the Domain Controller. If this is not set the default value of the parameter `InstallDns` of the cmdlet Install-ADDSDomainController is used. This parameter is only used during the provisioning of a domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned domain controller.

.EXAMPLE 1

This configuration will add a domain controller to the domain
Expand Down Expand Up @@ -387,4 +400,59 @@ Configuration ADDomainController_AddDomainControllerAndMoveRole_Config
}
}

.EXAMPLE 6

This configuration will add a domain controller to the domain contoso.com
without installing the local DNS server service and using the one in the existing domain.

Configuration AddDomainControllerUsingInstallDns_Config
{
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
)

Import-DscResource -ModuleName PSDscResources
Import-DscResource -ModuleName xActiveDirectory

node localhost
{
WindowsFeature 'InstallADDomainServicesFeature'
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
}

WindowsFeature 'RSATADPowerShell'
{
Ensure = 'Present'
Name = 'RSAT-AD-PowerShell'

DependsOn = '[WindowsFeature]InstallADDomainServicesFeature'
}

xWaitForADDomain 'WaitForestAvailability'
{
DomainName = 'contoso.com'
DomainUserCredential = $DomainAdministratorCredential
RetryCount = 10
RetryIntervalSec = 120

DependsOn = '[WindowsFeature]RSATADPowerShell'
}

xADDomainController 'DomainControllerUsingExistingDNSServer'
{
DomainName = 'contoso.com'
DomainAdministratorCredential = $DomainAdministratorCredential
SafemodeAdministratorPassword = $DomainAdministratorCredential
InstallDns = $false
DependsOn = '[xWaitForADDomain]WaitForestAvailability'
}
}
}


Original file line number Diff line number Diff line change
Expand Up @@ -262,10 +262,10 @@ Configuration WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationError
{
WaitForADDomain 'contoso.com'
{
DomainName = 'contoso.com'
DomainName = 'contoso.com'
WaitForValidCredentials = $true

PsDscRunAsCredential = $Credential
PsDscRunAsCredential = $Credential
}
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
<#PSScriptInfo
.VERSION 1.0.0
.GUID d817a83d-6450-4dff-9b39-9b184572c100
.AUTHOR Microsoft Corporation
.COMPANYNAME Microsoft Corporation
.COPYRIGHT (c) Microsoft Corporation. All rights reserved.
.TAGS DSCConfiguration
.LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE
.PROJECTURI https://github.com/PowerShell/xActiveDirectory
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES First version.
.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core
#>

#Requires -module xActiveDirectory

<#
.DESCRIPTION
This configuration will add a domain controller to the domain contoso.com
without installing the local DNS server service and using the one in the existing domain.
#>
Configuration ADDomainController_AddDomainControllerUsingInstallDns_Config
{
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
)

Import-DscResource -ModuleName PSDscResources
Import-DscResource -ModuleName xActiveDirectory

node localhost
{
WindowsFeature 'InstallADDomainServicesFeature'
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
}

WindowsFeature 'RSATADPowerShell'
{
Ensure = 'Present'
Name = 'RSAT-AD-PowerShell'

DependsOn = '[WindowsFeature]InstallADDomainServicesFeature'
}

xWaitForADDomain 'WaitForestAvailability'
{
DomainName = 'contoso.com'
DomainUserCredential = $DomainAdministratorCredential
RetryCount = 10
RetryIntervalSec = 120

DependsOn = '[WindowsFeature]RSATADPowerShell'
}

xADDomainController 'DomainControllerUsingExistingDNSServer'
{
DomainName = 'contoso.com'
DomainAdministratorCredential = $DomainAdministratorCredential
SafemodeAdministratorPassword = $DomainAdministratorCredential
InstallDns = $false
DependsOn = '[xWaitForADDomain]WaitForestAvailability'
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,10 @@ Configuration WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationError
{
WaitForADDomain 'contoso.com'
{
DomainName = 'contoso.com'
DomainName = 'contoso.com'
WaitForValidCredentials = $true

PsDscRunAsCredential = $Credential
PsDscRunAsCredential = $Credential
}
}
}