Skip to content

Instantly share code, notes, and snippets.

@robdyke

robdyke/dsc.ps1

Created November 18, 2021 00:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save robdyke/a1405a2f0ddd5726b50e5d5daf2abd8c to your computer and use it in GitHub Desktop.
Save robdyke/a1405a2f0ddd5726b50e5d5daf2abd8c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dsc.ps1
Configuration DC
{
$domainCred = Get-AutomationPSCredential -Name "DomainAdmin"
$DomainName = Get-AutomationVariable -Name "DomainName"
$DomainDN = Get-AutomationVariable -Name "DomainDN"
# Import the modules needed to run the DSC script
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DScResource -ModuleName 'ComputerManagementDsc'
Import-DscResource -ModuleName 'ActiveDirectoryDsc'
Node "Localhost"
{
Computer NewComputerName
{
Name = "DC"
}
WindowsFeature ADDSInstall
{
Ensure = "Present"
Name = "AD-Domain-Services"
DependsOn = "[Computer]NewComputerName"
}
WindowsFeature ADDSTools
{
Ensure = "Present"
Name = "RSAT-ADDS"
}
WindowsFeature InstallRSAT-AD-PowerShell
{
Ensure = "Present"
Name = "RSAT-AD-PowerShell"
}
ADDomain $DomainName
{
DomainName = $DomainName
Credential = $domainCred
SafemodeAdministratorPassword = $domainCred
ForestMode = 'WinThreshold'
DependsOn = "[WindowsFeature]ADDSInstall"
}
WaitForADDomain $DomainName
{
DomainName = $DomainName
WaitTimeout = 600
RestartCount = 2
PsDscRunAsCredential = $domainCred
}
ADOrganizationalUnit 'Demo'
{
Name = "Demo"
Path = "$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "TopLevel OU"
Ensure = 'Present'
}
ADOrganizationalUnit 'WebServers'
{
Name = "WebServers"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "WebServers OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADOrganizationalUnit 'Administration'
{
Name = "Administration"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Administration OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADOrganizationalUnit 'AdminUsers'
{
Name = "AdminUsers"
Path = "OU=Administration,OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Administration OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Administration"
}
ADOrganizationalUnit 'ServiceAccounts'
{
Name = "ServiceAccounts"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "ServiceAccounts OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADOrganizationalUnit 'Citrix'
{
Name = "Citrix"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Citrix OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADOrganizationalUnit 'Users'
{
Name = "Users"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Users OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADOrganizationalUnit 'Servers'
{
Name = "Servers"
Path = "OU=Demo,$domainDN"
ProtectedFromAccidentalDeletion = $true
Description = "Servers OU"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]Demo"
}
ADUser 'svc_sql'
{
UserName = 'svc_sql'
Description = "Service account for SQL"
Credential = $Cred
PasswordNotRequired = $true
DomainName = 'MTH-Consulting.dk'
Path = "OU=ServiceAccounts,OU=Demo,$domainDN"
Ensure = 'Present'
DependsOn = "[ADOrganizationalUnit]ServiceAccounts"
Enabled = $true
UserPrincipalName = "svc_sql@MTH-Consulting.dk"
PasswordNeverExpires = $true
ChangePasswordAtLogon = $false
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment