Skip to content

Commit

Permalink
- Changes to xAdDomainController
Browse files Browse the repository at this point in the history
  - Added new parameter to disable or enable the Global Catalog (GC) (issue dsccommunity#75).
  • Loading branch information
johlju committed Apr 19, 2019
1 parent 86745b5 commit 0c004f1
Show file tree
Hide file tree
Showing 4 changed files with 265 additions and 64 deletions.
124 changes: 98 additions & 26 deletions DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,10 @@ function Get-TargetResource
)

$returnValue = @{
DomainName = $DomainName
Ensure = $false
DomainName = $DomainName
Ensure = $false
IsGlobalCatalog = $false
NtdsSettingsObjectDn = $null
}

try
Expand All @@ -89,26 +91,34 @@ function Get-TargetResource
{
Write-Verbose -Message "Current node '$($dc.Name)' is already a domain controller for domain '$($dc.Domain)'."

$serviceNTDS = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters'
$serviceNTDS = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters'
$serviceNETLOGON = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters'

$returnValue.Ensure = $true
$returnValue.Ensure = $true
$returnValue.DatabasePath = $serviceNTDS.'DSA Working Directory'
$returnValue.LogPath = $serviceNTDS.'Database log files path'
$returnValue.SysvolPath = $serviceNETLOGON.SysVol -replace '\\sysvol$', ''
$returnValue.SiteName = $dc.Site
$returnValue.LogPath = $serviceNTDS.'Database log files path'
$returnValue.SysvolPath = $serviceNETLOGON.SysVol -replace '\\sysvol$', ''
$returnValue.SiteName = $dc.Site
$returnValue.IsGlobalCatalog = $dc.IsGlobalCatalog
$returnValue.NtdsSettingsObjectDn = $dc.NTDSSettingsObjectDN
}
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}
Write-Verbose -Message "Current node does not host a domain controller."
}
}
}
catch [System.Management.Automation.CommandNotFoundException]
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}
Write-Verbose -Message "Current node is not running AD WS, and hence is not a domain controller."
}
$returnValue
Expand Down Expand Up @@ -142,6 +152,9 @@ function Get-TargetResource
.PARAMETER InstallationMediaPath
Provide the path for the IFM folder that was created with ntdsutil.
This should not be on a share but locally to the Domain Controller being promoted.
.PARAMETER IsGlobalCatalog
Specifies if the domain controller will be a Global Catalog (GC).
#>
function Set-TargetResource
{
Expand Down Expand Up @@ -178,53 +191,75 @@ function Set-TargetResource

[Parameter()]
[System.String]
$InstallationMediaPath
$InstallationMediaPath,

[Parameter()]
[System.Boolean]
$IsGlobalCatalog
)

# Debug can pause Install-ADDSDomainController, so we remove it.
$parameters = $PSBoundParameters.Remove("Debug")
$parameters = $PSBoundParameters.Remove('InstallationMediaPath')
$targetResource = Get-TargetResource @PSBoundParameters
$getTargetResourceParameters = @{} + $PSBoundParameters
$getTargetResourceParameters.Remove('Debug')
$getTargetResourceParameters.Remove('InstallationMediaPath')
$getTargetResourceParameters.Remove('IsGlobalCatalog')
$targetResource = Get-TargetResource @getTargetResourceParameters

if ($targetResource.Ensure -eq $false)
{
## Node is not a domain controllr so we promote it
## Node is not a domain controller so we promote it
Write-Verbose -Message "Checking if domain '$($DomainName)' is present ..."

$domain = $null;

try
{
$domain = Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}

throw (New-Object -TypeName System.InvalidOperationException -ArgumentList "Domain '$($DomainName)' could not be found.")
}

Write-Verbose -Message "Verified that domain '$($DomainName)' is present, continuing ..."
$params = @{
DomainName = $DomainName
DomainName = $DomainName
SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password
Credential = $DomainAdministratorCredential
NoRebootOnCompletion = $true
Force = $true
Credential = $DomainAdministratorCredential
NoRebootOnCompletion = $true
Force = $true
}

if ($DatabasePath -ne $null)
{
$params.Add("DatabasePath", $DatabasePath)
}

if ($LogPath -ne $null)
{
$params.Add("LogPath", $LogPath)
}

if ($SysvolPath -ne $null)
{
$params.Add("SysvolPath", $SysvolPath)
}

if ($SiteName -ne $null -and $SiteName -ne "")
{
$params.Add("SiteName", $SiteName)
}

if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $IsGlobalCatalog -eq $false)
{
$params.Add("NoGlobalCatalog", $true)
}

if (-not [string]::IsNullOrWhiteSpace($InstallationMediaPath))
{
$params.Add("InstallationMediaPath", $InstallationMediaPath)
Expand All @@ -239,6 +274,25 @@ function Set-TargetResource
}
elseif ($targetResource.Ensure)
{
## Check if Node Global Catalog state is correct
if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $targetResource.IsGlobalCatalog -ne $IsGlobalCatalog)
{
## DC is not in the expected Global Catalog state
Write-Verbose "Setting the Global Catalog state to '$IsGlobalCatalog'"
if ($IsGlobalCatalog)
{
$value = 1
}
else
{
$value = 0
}

Set-ADObject $targetResource.NtdsSettingsObjectDn -replace @{
options = $value
}
}

## Node is a domain controller. We check if other properties are in desired state
if ($PSBoundParameters["SiteName"] -and $targetResource.SiteName -ne $SiteName)
{
Expand Down Expand Up @@ -277,6 +331,9 @@ function Set-TargetResource
.PARAMETER InstallationMediaPath
Provide the path for the IFM folder that was created with ntdsutil.
This should not be on a share but locally to the Domain Controller being promoted.
.PARAMETER IsGlobalCatalog
Specifies if the domain controller will be a Global Catalog (GC).
#>
function Test-TargetResource
{
Expand Down Expand Up @@ -314,7 +371,11 @@ function Test-TargetResource

[Parameter()]
[System.String]
$InstallationMediaPath
$InstallationMediaPath,

[Parameter()]
[System.Boolean]
$IsGlobalCatalog
)

if ($PSBoundParameters.SiteName)
Expand All @@ -329,30 +390,41 @@ function Test-TargetResource

try
{
$parameters = $PSBoundParameters.Remove("Debug")
$parameters = $PSBoundParameters.Remove('InstallationMediaPath')
$existingResource = Get-TargetResource @PSBoundParameters
$getTargetResourceParameters = @{} + $PSBoundParameters
$getTargetResourceParameters.Remove('Debug')
$getTargetResourceParameters.Remove('InstallationMediaPath')
$getTargetResourceParameters.Remove('IsGlobalCatalog')
$targetResource = Get-TargetResource @getTargetResourceParameters
$isCompliant = $existingResource.Ensure

if ([System.String]::IsNullOrEmpty($SiteName))
{
#If SiteName is not specified confgiuration is compliant
#If SiteName is not specified configuration is compliant
}
elseif ($existingResource.SiteName -ne $SiteName)
{
Write-Verbose "Domain Controller Site is not in a desired state. Expected '$SiteName', actual '$($existingResource.SiteName)'"
$isCompliant = $false
}

## Check Global Catalog Config
if ($existingResource.IsGlobalCatalog -ne $IsGlobalCatalog)
{
$isCompliant = $false
}
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}

Write-Verbose -Message "Domain '$($DomainName)' is NOT present on the current node."
$isCompliant = $false
}

$isCompliant

}

Export-ModuleMember -Function *-TargetResource
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,7 @@ class MSFT_xADDomainController : OMI_BaseResource
[Write, Description("The path where the Sysvol will be stored.")] String SysvolPath;
[Write, Description("The name of the site this Domain Controller will be added to.")] String SiteName;
[Write, Description("The path of the media you want to use install the Domain Controller.")] String InstallationMediaPath;
[Write, Description("Specifies if the domain controller will be a Global Catalog (GC).")] Boolean IsGlobalCatalog;
[Read, Description("The state of the Domain Controller.")] String Ensure;
[Read, Description("Returns the distinguished name of the NTDSSettingsObject directory object that represents this domain controller.")] String NtdsSettingsObjectDn;
};
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,9 @@ The xADDomainController DSC resource will install and configure domain controlle
* **`[String]` SysvolPath** _(Write)_: Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the Sysvol file will be written.
* **`[String]` SiteName** _(Write)_: Specify the name of an existing site where new domain controller will be placed.
* **`[String]` InstallationMediaPath** _(Write)_: Specify the path of the folder containg the Installation Media created in NTDSutil.
* **`[String]` IsGlobalCatalog** _(Write)_: Specifies if the domain controller will be a Global Catalog (GC).
* **`[String]` Ensure** _(Read)_: The state of the Domain Controller, returned with Get.
* **`[String]` NtdsSettingsObjectDn** _(Read)_: Returns the distinguished name of the NTDSSettingsObject directory object that represents this domain controller.

### **xADDomainDefaultPasswordPolicy**

Expand Down Expand Up @@ -402,6 +404,12 @@ The xADForestProperties DSC resource will manage User Principal Name (UPN) suffi
### Unreleased

* Added xADManagedServiceAccount resource to manage Managed Service Accounts (MSAs). [@awickham10](https://github.com/awickham10) and [@kungfu71186](https://github.com/kungfu71186)
* Changes to xAdDomainController
* Added new parameter to disable or enable the Global Catalog (GC)
([issue #75](https://github.com/PowerShell/xActiveDirectory/issues/75)). [Eric Foskett @Merto410](https://github.com/Merto410)
* Fixed a bug with the parameter `InstallationMediaPath` that it would
not be added if it was specified in a configuration. Now the parameter
`InstallationMediaPath` is correctly passed to `Install-ADDSDomainController`.

### 2.25.0.0

Expand Down
Loading

0 comments on commit 0c004f1

Please sign in to comment.