top of page
Writer's pictureTenaka

Deploy Domain Controllers with PowerShell and JSON (Part 1) - Domain Controllers

Updated: Apr 23

How to deploy Domain Controllers with PowerShell and JSON?


In my experience, while there are numerous Windows Server administration tasks suitable for automation, promoting Domain Controllers or deploying a new Forest is not typically among them.


Automating Dcpromo can raise the risk of inadvertently exposing plain-text credentials in scripts, which is far from an ideal situation. Furthermore, such tasks are not frequently performed on a daily basis or repeated regularly in standard bau tasks.


And now the Thousandath Time lets Lab a Domain

Recently I've been engaged in a fair amount of lab work, involving dismantling and rebuilding domains. One such lab involved using Cloudformation, AWS and deploying a domain via Desired State, pre-packaged code provided by AWS.


After going through the experience, I couldn't help but feel that I could deploy a Microsoft Domain setup far more effectively than relying on AWS and so we're here and I've a new PowerShell project to keep me amused... enjoy.


The First of Many

This is the first instalment of a two-part blog series.


In this post, we'll delve into the automated deployment of a Domain using PowerShell in tandem with a JSON configuration file. This setup encompasses installing essential features such as DNS and AD and automatic logins via scheduled tasks.


In the second blog, the focus will shift towards the deployment of Organizational Units (OUs) and Group Policy Objects (GPOs) with Restricted Groups, User Rights Assignments and implementing a comprehensive delegation model.


The Requirements

A standalone, not domain joined Windows 2022 with an active network is required, I'll be using a Hyper-V VM to host that VM. Testing has exclusively been carried out on Server 2022, the scripts should work with Server 2016 and 2019, it's important to note that I'm unable to provide any guarantees.


Download all the files from GitHub (here) to the server, and save them to the Administrator Desktop, the 2 zip files will unpack automatically via the script.


The Important Stuff

Update DCPromo.json, the hostname of the server must match the "PDCName" value.


"FirstDC":

{

"PDCName":"DC01",

"PDCRole":"true",

"IPAddress":"10.0.0.1",

"Subnet":"255.255.255.0",


Either update the passwords in the JSON file or update "PromptPw":"false" to "true". Once set to true the script will prompt for the password to be entered interactively. Regardless, the password is set in clear text into the Registry to allow autologin and later removed during the OU configuration.


"DRSM":"Password1234",

"DomAcct":"Administrator",

"DomPwd":"Password1234",

"PromptPw":"false"


Any subsequent Domain Controllers can be added, remember that the hostname is the key and the value referenced during deployment.

{

"DCName":"DC02",

"PDCRole":"false",

"IPAddress":"10.0.0.2",

"Subnet":"255.255.255.0",

"DefaultGate


way":"10.0.0.254",

"SiteName":"Default-First-Site-Name",

"DRSM":"Password1234"

},


Elevate PowerShell or ISE to execute DCPromo.ps1.


Installation of Roles and DCPROMO

As long as the above criteria are met, Windows Server will install AD-Domain-Services and DNS Windows Features, set the IP and DCPromo the server to become the first DC in the Forest and the PDC Emulator.


Auto-Restart

The newly promoted DC will auto-restart twice, this is required to correctly pass domain credentials to execute CreateOU.ps1 the final script.















283 views0 comments

Comentarios

Obtuvo 0 de 5 estrellas.
Aún no hay calificaciones

Agrega una calificación
bottom of page