diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f78927e6..77bb69d4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -100,6 +100,9 @@ - Changes to WaitForADDomain - Added comment-based help ([issue #341](https://github.com/PowerShell/ActiveDirectoryDsc/issues/341)) - Changes to ADDomainController + - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential` + to `Credential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Add support for creating Read-Only Domain Controller (RODC) ([issue #40](https://github.com/PowerShell/ActiveDirectoryDsc/issues/40)). [Svilen @SSvilen](https://github.com/SSvilen) diff --git a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt index 6fc975377..952134665 100644 --- a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt +++ b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt @@ -106,7 +106,7 @@ Configuration ADComputer_AddComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -117,7 +117,7 @@ Configuration ADComputer_AddComputerAccount_Config { ComputerName = 'SQL01' - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } ADComputer 'CreateEnabled_SQL02' @@ -125,7 +125,7 @@ Configuration ADComputer_AddComputerAccount_Config ComputerName = 'SQL02' EnabledOnCreation = $true - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } } } @@ -142,7 +142,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -154,7 +154,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config ComputerName = 'CLU_CNO01' EnabledOnCreation = $false - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } } } @@ -172,7 +172,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -184,7 +184,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config DomainController = 'DC01' ComputerName = 'SQL01' Path = 'OU=Servers,DC=contoso,DC=com' - Credential = $UserCredential + Credential = $Credential } } } @@ -203,7 +203,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -216,7 +216,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config ComputerName = 'NANO-200' Path = 'OU=Servers,DC=contoso,DC=com' RequestFile = 'D:\ODJFiles\NANO-200.txt' - Credential = $UserCredential + Credential = $Credential } } } diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index e3a3bb484..259b875c3 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -13,7 +13,7 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -45,7 +45,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -72,7 +72,7 @@ function Get-TargetResource $getTargetResourceResult = @{ DomainName = $DomainName - DomainAdministratorCredential = $DomainAdministratorCredential + Credential = $Credential SafemodeAdministratorPassword = $SafemodeAdministratorPassword Ensure = $false IsGlobalCatalog = $false @@ -87,7 +87,7 @@ function Get-TargetResource try { - $domain = Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential + $domain = Get-ADDomain -Identity $DomainName -Credential $Credential } catch { @@ -99,7 +99,7 @@ function Get-TargetResource $script:localizedData.DomainPresent -f $DomainName ) - $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $DomainAdministratorCredential + $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $Credential if ($domainControllerObject) { Write-Verbose -Message ( @@ -143,7 +143,7 @@ function Get-TargetResource .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -203,7 +203,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -264,7 +264,7 @@ function Set-TargetResource $installADDSDomainControllerParameters = @{ DomainName = $DomainName SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password - Credential = $DomainAdministratorCredential + Credential = $Credential NoRebootOnCompletion = $true Force = $true } @@ -339,7 +339,7 @@ function Set-TargetResource $script:localizedData.IsDomainController -f $env:COMPUTERNAME, $DomainName ) - $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $DomainAdministratorCredential + $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $Credential # Check if Node Global Catalog state is correct if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $targetResource.IsGlobalCatalog -ne $IsGlobalCatalog) @@ -371,7 +371,7 @@ function Set-TargetResource # DC is not in correct site. Move it. Write-Verbose -Message ($script:localizedData.MovingDomainController -f $targetResource.SiteName, $SiteName) - Move-ADDirectoryServer -Identity $env:COMPUTERNAME -Site $SiteName -Credential $DomainAdministratorCredential + Move-ADDirectoryServer -Identity $env:COMPUTERNAME -Site $SiteName -Credential $Credential } if ($PSBoundParameters.ContainsKey('AllowPasswordReplicationAccountName')) @@ -478,7 +478,7 @@ function Set-TargetResource .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -528,7 +528,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -585,7 +585,7 @@ function Test-TargetResource if ($PSBoundParameters.ContainsKey('SiteName')) { - if (-not (Test-ADReplicationSite -SiteName $SiteName -DomainName $DomainName -Credential $DomainAdministratorCredential)) + if (-not (Test-ADReplicationSite -SiteName $SiteName -DomainName $DomainName -Credential $Credential)) { $errorMessage = $script:localizedData.FailedToFindSite -f $SiteName, $DomainName New-ObjectNotFoundException -Message $errorMessage diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index 2ed3e4f60..b443cc6cb 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -2,7 +2,7 @@ class MSFT_ADDomainController : OMI_BaseResource { [Key, Description("The fully qualified domain name (FQDN) of the domain the Domain Controller will be joining.")] String DomainName; - [Required, Description("The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Required, Description("The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String Credential; [Required, Description("The 'PSCredential' object containing the password to use for Directory Services Restore Mode (DSRM)."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; [Write, Description("The path where the database will be stored.")] String DatabasePath; [Write, Description("The path where the logs will be stored.")] String LogPath; diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 0e6114666..76b44ddad 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -22,7 +22,7 @@ Key - String The fully qualified domain name (FQDN) of the domain the Domain Controller will be joining. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Required - String The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain. @@ -82,7 +82,12 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -107,7 +112,7 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -117,8 +122,8 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config ADDomainController 'DomainControllerMinimal' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DependsOn = '[WaitForADDomain]WaitForestAvailability' } @@ -137,7 +142,12 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -162,7 +172,7 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -172,8 +182,8 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config ADDomainController 'DomainControllerAllProperties' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DatabasePath = 'C:\Windows\NTDS' LogPath = 'C:\Windows\Logs' SysvolPath = 'C:\Windows\SYSVOL' @@ -197,7 +207,12 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -222,7 +237,7 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -232,8 +247,8 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config ADDomainController 'DomainControllerWithIFM' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword InstallationMediaPath = 'F:\IFM' DependsOn = '[WaitForADDomain]WaitForestAvailability' @@ -253,7 +268,12 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -278,7 +298,7 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -288,8 +308,8 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config ADDomainController 'Read-OnlyDomainController(RODC)' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword ReadOnlyReplica = $true SiteName = 'Default-First-Site-Name' AllowPasswordReplicationAccountName = @('pvdi.test1', 'pvdi.test') diff --git a/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 b/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 index 622711984..d0f2604a9 100644 --- a/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 +++ b/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 @@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -40,7 +40,7 @@ Configuration ADComputer_AddComputerAccount_Config { ComputerName = 'SQL01' - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } ADComputer 'CreateEnabled_SQL02' @@ -48,7 +48,7 @@ Configuration ADComputer_AddComputerAccount_Config ComputerName = 'SQL02' EnabledOnCreation = $true - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } } } diff --git a/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 b/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 index 69bff2fe6..953b73b76 100644 --- a/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 +++ b/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 @@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -41,7 +41,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config ComputerName = 'CLU_CNO01' EnabledOnCreation = $false - PsDscRunAsCredential = $UserCredential + PsDscRunAsCredential = $Credential } } } diff --git a/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 b/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 index bd03b121f..b00ade1c4 100644 --- a/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 +++ b/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 @@ -30,7 +30,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -42,7 +42,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config DomainController = 'DC01' ComputerName = 'SQL01' Path = 'OU=Servers,DC=contoso,DC=com' - Credential = $UserCredential + Credential = $Credential } } } diff --git a/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 b/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 index 8e101aaab..427aec7c6 100644 --- a/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 +++ b/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 @@ -31,7 +31,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $UserCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -44,7 +44,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config ComputerName = 'NANO-200' Path = 'OU=Servers,DC=contoso,DC=com' RequestFile = 'D:\ODJFiles\NANO-200.txt' - Credential = $UserCredential + Credential = $Credential } } } diff --git a/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 b/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 index 20a8ba37b..eddf198c8 100644 --- a/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 +++ b/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config ADDomainController 'DomainControllerMinimal' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DependsOn = '[WaitForADDomain]WaitForestAvailability' } diff --git a/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 b/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 index 75e283431..da7f2649f 100644 --- a/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 +++ b/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config ADDomainController 'DomainControllerAllProperties' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DatabasePath = 'C:\Windows\NTDS' LogPath = 'C:\Windows\Logs' SysvolPath = 'C:\Windows\SYSVOL' diff --git a/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 b/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 index 87c7b9945..6709511e9 100644 --- a/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 +++ b/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config ADDomainController 'DomainControllerWithIFM' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword InstallationMediaPath = 'F:\IFM' DependsOn = '[WaitForADDomain]WaitForestAvailability' diff --git a/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 b/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 index 1f617c9b0..8bacbd6aa 100644 --- a/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 +++ b/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config ADDomainController 'Read-OnlyDomainController(RODC)' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword ReadOnlyReplica = $true SiteName = 'Default-First-Site-Name' AllowPasswordReplicationAccountName = @('pvdi.test1', 'pvdi.test') diff --git a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 index c574ce2cf..cd93c6120 100644 --- a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 @@ -62,14 +62,14 @@ try $deniedAccount = 'deniedAccount' $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential Verbose = $true } $testDefaultParamsRODC = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential Verbose = $true ReadOnlyReplica = $true SiteName = $correctSiteName