Script to install whole environment (is it possible)

Welcome Forums General PowerShell Q&A Script to install whole environment (is it possible)

This topic contains 8 replies, has 6 voices, and was last updated by

 
Inactive
2 months, 3 weeks ago.

  • Author
    Posts
  • #111697

    Inactive
    Points: 0
    Rank: Member

    Hi Guys,
    Before I start I would like to point that I am not a beginner in powershell. One of my friends was on Microsoft Techdays and there was people from Microsoft and few MVP's. Interesting thing was that they had a script that install complete environment with domain controllers, memeber servers, rds whatever you name it. I am installing everything through powershell and I know how to use it but I don't want to have many scripts that install peace by peace – one for dc installation, second one for rds etc... I know that there are Lab Builders but if I am not wrong they are used just for labs and not the production. My question is how can I create a script that will install DC, create desired ad groups and OU structure add member servers to domain etc. Is there a way to do it with minimal administrative action or not? Please give me some advice. One more time I know how to use powershell and install all parts manually but not from a single script where we have domain controller reboots, rds environemnt (with collections etc) and things like that. I am not asking that you guys create a script just advice how to start and what I need to think in scenarios like this
     

  • #111706

    Participant
    Points: 884
    Helping Hand
    Rank: Major Contributor

    Have you heard about PowerShell DSC ? if not please go through belo docs, its awesome.

    https://docs.microsoft.com/en-us/powershell/dsc/overview

    • #112027

      Inactive
      Points: 0
      Rank: Member

      Thank you so much guys. DSC is that what I need. Now when I am reading the documents every person both on mva and on blogs are talking like you can use DSC  to get your demo environment up and running very fast. "DEMO" environment? I don't want to use this only in demo. Is the configuration same for testing and live or there are changes?

      Questions:

      Shall I configure LCM to Apply only when configuring DC in production? I need config only once, right?

      If I apply config only once does that mean that server will not have connection with the mof anymore.

      Do I need to clear dnscache on the machines that will join to domain? Would be good to automate this so that I don't need to clearcache on all member hosts under the process or this will not cause the issue?

      What is the real-scenario shall we use pull server or shall we stick to the push method?

      I am asking this because I want to use this solution for hosting, I want to create many configs so when we get new client that I have config that will install everything for me.

      Thank you in advance everyone for help

  • #111709

    Participant
    Points: 1
    Rank: Member

    Define environment!

    Installing an OS onto a desktop or server? (yea probably DSC is the best bet)

    Installing an entire platform as a base for a private cloud?

    Yes it is possible and has already been done, but you have to have all the licenses and pieces to really put it into practice.

    https://blogs.technet.microsoft.com/privatecloud/2014/02/13/deploymentpdt-2-6-is-now-available-on-the-technet-gallery/

  • #112040

    Participant
    Points: 28
    Rank: Member

    DSC is a big topic.  There are many ways to do things – basically, you need to define how you want your environment to work first and then pick the DSC settings which will make it work the way you want.

    Shall I configure LCM to Apply only when configuring DC in production?
    Do you want your server to only take the initial config or do you want it to be able to autocorrect/report on changes which take the server outside of the configuration?

    When I've used DSC in the past, I've used a pull server.  It has some drawbacks, as does push, but pull fit for what we were doing (multiple servers, apply/repair not just apply once, configs updated a few times a year) at the time.

    It might be a good to get and read the DSC book which may help answer some of your questions more.

    https://leanpub.com/the-dsc-book

  • #112570

    Inactive
    Points: 0
    Rank: Member

    Thank you Paul,

    I have started with DSC and it is working good. I understand how things are working. Now I want to create DSC config to install DC and join few machines to a domain. I am struggling with certs. I don't understand this part of protecting password with cert.If I need to do this on 1 workstation that is not a problem. I have 4 machines that will join to a domain and do I need to create cert for each workgroup machine and copy those certs to my management machine. I checked MVA with Don Jones and he spoke about this scenario but I don't know what to do here. This is important because I am going to implement it in production and it is important to understand how to protect password when I need to join multiple servers to a domain. I was not able to find this on Internet when we need to create domain and join multiple workstations to that domain. what to do with cred and certificate?

    I hope that someone can help me with this?

  • #112580

    Participant
    Points: 10
    Rank: Member

    To secure the DSC credential password, you can create the cert on the authoring node, export it along with the private key and copy it to the target nodes.

    https://docs.microsoft.com/en-us/powershell/dsc/securemof

     

  • #112676

    Participant
    Points: 87
    Helping Hand
    Rank: Member

    Also check out Getting Started with PowerShell Desired State Configuration (DSC)

    Easy to follow and presented by the inventor of PowerShell and Jason

  • #112756

    Inactive
    Points: 0
    Rank: Member

    Hi Guys,

    I have configured DC without issues. Everything is working. Now I add user, group etc. Last part I cannot make work (Don Jones said that he has home environment where his vms are waiting on domain to get ready to join computers but I don't know how to configure that part. It is complaining on dependson and it skip the domain join of my member servers. I would really appreciate if someone can help me with this one.

    Here is the example code

    
    configuration DomainInstallation {
    
     
    
     
    
    param (
    
     
    
    [Parameter(Mandatory=$true)]
    
    [pscredential]$DomainAdministratorCredential,
    
     
    
    [Parameter(Mandatory=$true)]
    
    [pscredential]$SafemodeAdministratorCredential,
    
     
    
    [Parameter(Mandatory=$true)]
    
    [pscredential]$ADUserCredential
    
     
    
     
    
    )
    
     
    
     
    
    #OBS!!! Be sure that the modules exist on the destination host servers
    
     
    
    Import-DscResource -ModuleName xActiveDirectory, xPSDesiredStateConfiguration, xComputerManagement,PSDesiredStateConfiguration
    
     
    
    node $AllNodes.Where{$_.Role -eq 'DC'}.NodeName {
    
     
    
    $DCData = $Data.DCData
    
     
    
    # Install the Windows Feature for AD DS
    
    WindowsFeature ADDSInstall {
    
     
    
    Ensure = $DCData.Ensure
    
    Name   = $DCData.Feature
    
    }
    
     
    
    # Make sure the Active Directory GUI Management tools are installed
    
    WindowsFeature ADDSRSATTools {
    
     
    
    Name = 'RSAT-AD-Tools'
    
    Ensure = $DCData.Ensure
    
    IncludeAllSubFeature = $DCData.IncludeAllSubFeature
    
    DependsOn = "[windowsFeature]ADDSInstall"
    
    }
    
     
    
     
    
    xADDomain FirstDC {
    
     
    
    DomainName = $DCData.DomainName
    
    DomainAdministratorCredential = $DomainAdministratorCredential
    
    SafemodeAdministratorPassword = $SafemodeAdministratorCredential
    
    DependsOn = "[windowsFeature]ADDSInstall","[WindowsFeature]ADDSRSATTools"
    
    }
    
     
    
    xWaitForADDomain DomainWait {
    
     
    
    DomainName           = $DCData.DomainName
    
    DomainUserCredential = $DomainAdministratorCredential
    
    RetryCount           = $Node.RetryCount
    
    RetryIntervalSec     = $Node.RetryIntervalSec
    
    DependsOn            = '[xADDomain]FirstDC'
    
    }
    
     
    
     
    
     
    
    xADUser AdUser {
    
     
    
    UserName                      = 'N'
    
    Password                      = $ADUserCredential
    
    DomainName                    = $DCData.DomainName
    
    DisplayName                   = 'N'
    
    DomainAdministratorCredential = $DomainAdministratorCredential
    
    DependsOn                     = '[xWaitForADDomain]DomainWait'
    
    }
    
     
    
     
    
    xADGroup AddAdminToDomainAdminsGroup {
    
     
    
    GroupName = 'Domain Admins'
    
    GroupScope = 'Global'
    
    Category = 'Security'
    
    MembersToInclude = 'N'
    
    Credential = $DomainAdministratorCredential
    
    DependsOn = '[xADUser]AdUser'
    
    }
    
     
    
     
    
    node $AllNodes.Where{$_.Role -eq 'Member Server'}.NodeName {
    
     
    
    $MemberData = $Data.MemberData
    
     
    
     
    
    xComputer Add_domain
    
     
    
    {
    
     
    
    Name       = 'S1'
    
    DomainName = $MemberData.DomainName
    
    Credential = $DomainAdministratorCredential
    
    Dependson  = "[WindowsFeature]ADDSInstall"
    
     
    
    }
    
     
    
    xComputer Add_domain
    
     
    
    {
    
     
    
    Name       = 'S2'
    
    DomainName = $MemberData.DomainName
    
    Credential = $DomainAdministratorCredential
    
    Dependson  = "[WindowsFeature]ADDSInstall"
    
     
    
    }
    
     
    
     
    
    }
    
    }
    
    }
    
    

You must be logged in to reply to this topic.