Skip to content

Commit

Permalink
- Changes to xAdDomainController
Browse files Browse the repository at this point in the history
  - Added new parameter to disable or enable the Global Catalog (GC) (issue dsccommunity#75).
  • Loading branch information
johlju committed Apr 19, 2019
1 parent 86745b5 commit 211f4be
Show file tree
Hide file tree
Showing 4 changed files with 253 additions and 58 deletions.
109 changes: 89 additions & 20 deletions DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,10 @@ function Get-TargetResource
)

$returnValue = @{
DomainName = $DomainName
Ensure = $false
DomainName = $DomainName
Ensure = $false
IsGlobalCatalog = $false
NtdsSettingsObjectDn = $null
}

try
Expand All @@ -89,26 +91,34 @@ function Get-TargetResource
{
Write-Verbose -Message "Current node '$($dc.Name)' is already a domain controller for domain '$($dc.Domain)'."

$serviceNTDS = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters'
$serviceNTDS = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters'
$serviceNETLOGON = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters'

$returnValue.Ensure = $true
$returnValue.Ensure = $true
$returnValue.DatabasePath = $serviceNTDS.'DSA Working Directory'
$returnValue.LogPath = $serviceNTDS.'Database log files path'
$returnValue.SysvolPath = $serviceNETLOGON.SysVol -replace '\\sysvol$', ''
$returnValue.SiteName = $dc.Site
$returnValue.LogPath = $serviceNTDS.'Database log files path'
$returnValue.SysvolPath = $serviceNETLOGON.SysVol -replace '\\sysvol$', ''
$returnValue.SiteName = $dc.Site
$returnValue.IsGlobalCatalog = $dc.IsGlobalCatalog
$returnValue.NtdsSettingsObjectDn = $dc.NTDSSettingsObjectDN
}
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}
Write-Verbose -Message "Current node does not host a domain controller."
}
}
}
catch [System.Management.Automation.CommandNotFoundException]
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}
Write-Verbose -Message "Current node is not running AD WS, and hence is not a domain controller."
}
$returnValue
Expand Down Expand Up @@ -142,6 +152,9 @@ function Get-TargetResource
.PARAMETER InstallationMediaPath
Provide the path for the IFM folder that was created with ntdsutil.
This should not be on a share but locally to the Domain Controller being promoted.
.PARAMETER IsGlobalCatalog
Specifies if the domain controller will be a Global Catalog (GC).
#>
function Set-TargetResource
{
Expand Down Expand Up @@ -178,7 +191,11 @@ function Set-TargetResource

[Parameter()]
[System.String]
$InstallationMediaPath
$InstallationMediaPath,

[Parameter()]
[System.Boolean]
$IsGlobalCatalog
)

# Debug can pause Install-ADDSDomainController, so we remove it.
Expand All @@ -188,43 +205,59 @@ function Set-TargetResource

if ($targetResource.Ensure -eq $false)
{
## Node is not a domain controllr so we promote it
## Node is not a domain controller so we promote it
Write-Verbose -Message "Checking if domain '$($DomainName)' is present ..."

$domain = $null;

try
{
$domain = Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}

throw (New-Object -TypeName System.InvalidOperationException -ArgumentList "Domain '$($DomainName)' could not be found.")
}

Write-Verbose -Message "Verified that domain '$($DomainName)' is present, continuing ..."
$params = @{
DomainName = $DomainName
DomainName = $DomainName
SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password
Credential = $DomainAdministratorCredential
NoRebootOnCompletion = $true
Force = $true
Credential = $DomainAdministratorCredential
NoRebootOnCompletion = $true
Force = $true
}

if ($DatabasePath -ne $null)
{
$params.Add("DatabasePath", $DatabasePath)
}

if ($LogPath -ne $null)
{
$params.Add("LogPath", $LogPath)
}

if ($SysvolPath -ne $null)
{
$params.Add("SysvolPath", $SysvolPath)
}

if ($SiteName -ne $null -and $SiteName -ne "")
{
$params.Add("SiteName", $SiteName)
}

if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $IsGlobalCatalog -eq $false)
{
$params.Add("NoGlobalCatalog", $true)
}

if (-not [string]::IsNullOrWhiteSpace($InstallationMediaPath))
{
$params.Add("InstallationMediaPath", $InstallationMediaPath)
Expand All @@ -239,6 +272,25 @@ function Set-TargetResource
}
elseif ($targetResource.Ensure)
{
## Check if Node Global Catalog state is correct
if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $targetResource.IsGlobalCatalog -ne $IsGlobalCatalog)
{
## DC is not in the expected Global Catalog state
Write-Verbose "Setting the Global Catalog state to '$IsGlobalCatalog'"
if ($IsGlobalCatalog)
{
$value = 1
}
else
{
$value = 0
}

Set-ADObject $targetResource.NtdsSettingsObjectDn -replace @{
options = $value
}
}

## Node is a domain controller. We check if other properties are in desired state
if ($PSBoundParameters["SiteName"] -and $targetResource.SiteName -ne $SiteName)
{
Expand Down Expand Up @@ -277,6 +329,9 @@ function Set-TargetResource
.PARAMETER InstallationMediaPath
Provide the path for the IFM folder that was created with ntdsutil.
This should not be on a share but locally to the Domain Controller being promoted.
.PARAMETER IsGlobalCatalog
Specifies if the domain controller will be a Global Catalog (GC).
#>
function Test-TargetResource
{
Expand Down Expand Up @@ -314,7 +369,11 @@ function Test-TargetResource

[Parameter()]
[System.String]
$InstallationMediaPath
$InstallationMediaPath,

[Parameter()]
[System.Boolean]
$IsGlobalCatalog
)

if ($PSBoundParameters.SiteName)
Expand All @@ -331,28 +390,38 @@ function Test-TargetResource
{
$parameters = $PSBoundParameters.Remove("Debug")
$parameters = $PSBoundParameters.Remove('InstallationMediaPath')
$parameters = $PSBoundParameters.Remove('IsGlobalCatalog')
$existingResource = Get-TargetResource @PSBoundParameters
$isCompliant = $existingResource.Ensure

if ([System.String]::IsNullOrEmpty($SiteName))
{
#If SiteName is not specified confgiuration is compliant
#If SiteName is not specified configuration is compliant
}
elseif ($existingResource.SiteName -ne $SiteName)
{
Write-Verbose "Domain Controller Site is not in a desired state. Expected '$SiteName', actual '$($existingResource.SiteName)'"
$isCompliant = $false
}

## Check Global Catalog Config
if ($existingResource.IsGlobalCatalog -ne $IsGlobalCatalog)
{
$isCompliant = $false
}
}
catch
{
if ($error[0]) {Write-Verbose $error[0].Exception}
if ($error[0])
{
Write-Verbose $error[0].Exception
}

Write-Verbose -Message "Domain '$($DomainName)' is NOT present on the current node."
$isCompliant = $false
}

$isCompliant

}

Export-ModuleMember -Function *-TargetResource
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,7 @@ class MSFT_xADDomainController : OMI_BaseResource
[Write, Description("The path where the Sysvol will be stored.")] String SysvolPath;
[Write, Description("The name of the site this Domain Controller will be added to.")] String SiteName;
[Write, Description("The path of the media you want to use install the Domain Controller.")] String InstallationMediaPath;
[Write, Description("Specifies if the domain controller will be a Global Catalog (GC).")] Boolean IsGlobalCatalog;
[Read, Description("The state of the Domain Controller.")] String Ensure;
[Read, Description("Returns the distinguished name of the NTDSSettingsObject directory object that represents this domain controller.")] String NtdsSettingsObjectDn;
};
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,9 @@ The xADDomainController DSC resource will install and configure domain controlle
* **`[String]` SysvolPath** _(Write)_: Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the Sysvol file will be written.
* **`[String]` SiteName** _(Write)_: Specify the name of an existing site where new domain controller will be placed.
* **`[String]` InstallationMediaPath** _(Write)_: Specify the path of the folder containg the Installation Media created in NTDSutil.
* **`[String]` IsGlobalCatalog** _(Write)_: Specifies if the domain controller will be a Global Catalog (GC).
* **`[String]` Ensure** _(Read)_: The state of the Domain Controller, returned with Get.
* **`[String]` NtdsSettingsObjectDn** _(Read)_: Returns the distinguished name of the NTDSSettingsObject directory object that represents this domain controller.

### **xADDomainDefaultPasswordPolicy**

Expand Down Expand Up @@ -402,6 +404,8 @@ The xADForestProperties DSC resource will manage User Principal Name (UPN) suffi
### Unreleased

* Added xADManagedServiceAccount resource to manage Managed Service Accounts (MSAs). [@awickham10](https://github.com/awickham10) and [@kungfu71186](https://github.com/kungfu71186)
* Changes to xAdDomainController
* Added new parameter to disable or enable the Global Catalog (GC) ([issue #75](https://github.com/PowerShell/xActiveDirectory/issues/75)).

### 2.25.0.0

Expand Down
Loading

0 comments on commit 211f4be

Please sign in to comment.