forked from dsccommunity/ActiveDirectoryDsc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Assert-ParentChildDomains.ps1
92 lines (77 loc) · 3.3 KB
/
Assert-ParentChildDomains.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingComputerNameHardcoded', '')]
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')]
param()
$secpasswd = ConvertTo-SecureString "Adrumble@6" -AsPlainText -Force
$domainCred = New-Object System.Management.Automation.PSCredential ("sva-dscdom\Administrator", $secpasswd)
$safemodeAdministratorCred = New-Object System.Management.Automation.PSCredential ("sva-dscdom\Administrator", $secpasswd)
$localcred = New-Object System.Management.Automation.PSCredential ("Administrator", $secpasswd)
$redmondCred = Get-Credential -Message "Enter Credentials for DNS Delegation: "
$newpasswd = ConvertTo-SecureString "Adrumble@7" -AsPlainText -Force
$userCred = New-Object System.Management.Automation.PSCredential ("sva-dscdom\Administrator", $newpasswd)
configuration AssertParentChildDomains
{
Import-DscResource -ModuleName xActiveDirectory
Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename
{
WindowsFeature ADDSInstall
{
Ensure = "Present"
Name = "AD-Domain-Services"
}
xADDomain FirstDS
{
DomainName = $Node.DomainName
DomainAdministratorCredential = $domaincred
SafemodeAdministratorPassword = $safemodeAdministratorCred
DnsDelegationCredential = $redmondCred
DependsOn = "[WindowsFeature]ADDSInstall"
}
xWaitForADDomain DscForestWait
{
DomainName = $Node.DomainName
DomainUserCredential = $domaincred
RetryCount = $Node.RetryCount
RetryIntervalSec = $Node.RetryIntervalSec
DependsOn = "[xADDomain]FirstDS"
}
xADUser FirstUser
{
DomainName = $Node.DomainName
DomainAdministratorCredential = $domaincred
UserName = "dummy"
Password = $userCred
Ensure = "Present"
DependsOn = "[xWaitForADDomain]DscForestWait"
}
}
Node $AllNodes.Where{$_.Role -eq "Child DC"}.Nodename
{
WindowsFeature ADDSInstall
{
Ensure = "Present"
Name = "AD-Domain-Services"
}
xWaitForADDomain DscForestWait
{
DomainName = $Node.ParentDomainName
DomainUserCredential = $domaincred
RetryCount = $Node.RetryCount
RetryIntervalSec = $Node.RetryIntervalSec
DependsOn = "[WindowsFeature]ADDSInstall"
}
xADDomain ChildDS
{
DomainName = $Node.DomainName
ParentDomainName = $Node.ParentDomainName
DomainAdministratorCredential = $domaincred
SafemodeAdministratorPassword = $safemodeAdministratorCred
DependsOn = "[xWaitForADDomain]DscForestWait"
}
}
}
$config = Invoke-Expression (Get-content $PSScriptRoot\ParentChildconfig.psd1 -Raw)
AssertParentChildDomains -configurationData $config
$computerName1 = "sva-dsc1"
$computerName2 = "sva-dsc2"
Start-DscConfiguration -Wait -Force -Verbose -ComputerName $computerName1 -Path $PSScriptRoot\AssertParentChildDomains -Credential $localcred
Start-DscConfiguration -Wait -Force -Verbose -ComputerName $computerName2 -Path $PSScriptRoot\AssertParentChildDomains -Credential $localcred