Skip to content

Instantly share code, notes, and snippets.

@koduki

koduki/AADS.ps1

Last active August 21, 2021 17:47
Show Gist options
  • Save koduki/eaabf4a57306dd9c11d7dc2e2cc0164c to your computer and use it in GitHub Desktop.
Save koduki/eaabf4a57306dd9c11d7dc2e2cc0164c to your computer and use it in GitHub Desktop.
Download ZIP
Example for Active Directory Provisioning with Azure DSC
Raw
AADS.ps1
Configuration ADDS
{
$DomainName = "nklab.dev" #Get-AutomationVariable -Name "DomainName"
$DomainDN = "dc=nklab,dc=dev" #Get-AutomationVariable -Name "DomainDN"
# $default_username = "nklab\koduki"
# $default_password = "ここにパスワード" | ConvertTo-SecureString -asPlainText -Force
# [PSCredential]$default_creds = New-Object System.Management.Automation.PSCredential($default_username,$default_password)
# Import the modules needed to run the DSC script
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DScResource -ModuleName 'ComputerManagementDsc'
Import-DscResource -ModuleName 'ActiveDirectoryDsc'
Node "Localhost"
{
Computer NewComputerName
{
Name = "adds01"
}
WindowsFeature ADDSInstall
{
Ensure = "Present"
Name = "AD-Domain-Services"
DependsOn = "[Computer]NewComputerName"
}
WindowsFeature ADDSTools
{
Ensure = "Present"
Name = "RSAT-ADDS"
}
WindowsFeature InstallRSAT-AD-PowerShell
{
Ensure = "Present"
Name = "RSAT-AD-PowerShell"
}
ADDomain $DomainName
{
DomainName = $DomainName
Credential = $default_creds
SafemodeAdministratorPassword = $default_creds
ForestMode = 'WinThreshold'
DependsOn = "[WindowsFeature]ADDSInstall"
}
WaitForADDomain $DomainName
{
DomainName = $DomainName
WaitTimeout = 600
RestartCount = 2
# PsDscRunAsCredential = $default_creds
}
ADOrganizationalUnit 'NKLab'
{
Name = "NKLab"
Path = "$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "TopLevel OU"
Ensure = 'Present'
}
ADOrganizationalUnit 'WebServers'
{
Name = "WebServers"
Path = "OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "WebServers OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]NKLab"
}
ADOrganizationalUnit 'Administration'
{
Name = "Administration"
Path = "OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Administration OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]NKLab"
}
ADOrganizationalUnit 'PrivilegedGroups'
{
Name = "PrivilegedGroups"
Path = "OU=Administration,OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Privileged Groups"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Administration"
}
ADOrganizationalUnit 'ServiceAccounts'
{
Name = "ServiceAccounts"
Path = "OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "ServiceAccounts"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]NKLab"
}
ADOrganizationalUnit 'Users'
{
Name = "Users"
Path = "OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Users"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]NKLab"
}
ADOrganizationalUnit 'Servers'
{
Name = "Servers"
Path = "OU=NKLab,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Servers"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]NKLab"
}
# ADUser 'svc_sql'
# {
# UserName = 'svc_sql'
# Description = "Service account for SQL"
# Credential = $default_creds
# PasswordNotRequired = $true
# DomainName = 'demo.com'
# Path = "OU=ServiceAccounts,OU=Demo,$domainDN"
# Ensure = 'Present'
# DependsOn = "[ADOrganizationalUnit]ServiceAccounts"
# Enabled = $true
# UserPrincipalName = "svc_sql@demo.com"
# PasswordNeverExpires = $true
# ChangePasswordAtLogon = $false
# }
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment