In previous posts over the past few weeks I've explained how I've installed the Active Directory Domain Services role and provisioned the first domain controller in a root domain using Configuration Manager OSD task sequences and some Windows PowerShell code. The next thing I need to do is install the first domain controller in a subordinate child domain in the new forest. The child domain will hold all my computing resources and users.
The following script:
- Installs a new domain controller in a child domain, creating that new domain.
- Gets the variables you will see in the script from Configuration Manager.
- Creates the new domain within the previously created forest
- Ensures DNS delegations are created
#-------------------------------------------------------------------
# | File : NewChildDomain.ps1
# |
# | Purpose : Installs the first Domain Controller in a child domain,
# | thus creating the new domain
# | - Designed to be run from a Configuration Manager OSD
# | task sequence
# | - Designed for Windows Server 2012 environments
# | - Reboot handled by task sequence
# |
# | Usage : PowerShell.exe -FILE .\NewChildDomain.ps1
#-------------------------------------------------------------------
# |
# | Author: JustAnotherTechnicalBlog
# | Creation Date: 23 April 2013
# |
# |
# | Maintenance History
# | -------------------
# |
# | Version: 1.00 2013-04-23 Initial Version JustAnotherTechnicalBlog
# |
# |
#-------------------------------------------------------------------
# Clear the error variable
#-------------------------------------------------------------------
$error.clear()
# Import the ActiveDirectory PowerShell Module if required
#-------------------------------------------------------------------
if (-not (Get-Module ActiveDirectory))
{
Import-Module ActiveDirectory
}
# Here we get access to the Task Sequence variables
#-------------------------------------------------------------------
$objTSenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
# Grab the data we need from the task sequence variables
#-------------------------------------------------------------------
$strTSNetBIOSName = $objTSenv.Value("RoleVariable1")
$strTSDomainName = $objTSenv.Value("RoleVariable2")
$strTSPrntNBName = $objTSenv.Value("RoleVariable3")
$strTSPrntDmnName = $objTSenv.Value("RoleVariable4")
$strTSPrntDmnAcct = "$strTSPrntNBName\" + $objTSenv.Value("RoleAccount2")
$strTSDNSAccount = "$strTSPrntNBName\" + $objTSenv.Value("RoleAccount3")
# Convert our password to the data type required by Install-ADDSDomain
#-------------------------------------------------------------------
$secstrSafeModePassword = $objTSenv.Value("RoleAccountPassword1") | `
ConvertTo-SecureString -asPlainText -Force
# Convert our accounts and passwords strings to the data type required
# by Install-ADDSDomain
#-------------------------------------------------------------------
$secstrDomainPassword = $objTSenv.Value("RoleAccountPassword2") | `
ConvertTo-SecureString -asPlainText -Force
$DomainCreds = New-Object `
System.Management.Automation.PSCredential("$strTSPrntDmnAcct",$secstrDomainPassword)
$secstrDNSPassword = $objTSenv.Value("RoleAccountPassword3") | `
ConvertTo-SecureString -asPlainText -Force
$DNSCreds = New-Object `
System.Management.Automation.PSCredential("$strTSDNSAccount",$secstrDNSPassword)
# Install our first forest Domain Controller, creating a new forest
#-------------------------------------------------------------------
Install-ADDSDomain `
-Force `
-NoRebootOnCompletion `
-CreateDNSDelegation `
-DomainType Child `
-DomainMode Win2012 `
-ParentDomainName "$strTSPrntDmnName" `
-NewDomainNetBIOSName "$strTSNetBIOSName" `
-NewDomainName "$strTSDomainName" `
-SafeModeAdministratorPassword $secstrSafeModePassword `
-DNSDelegationCredential $DNSCreds `
-Credential $DomainCreds
# Basic error handling
#-------------------------------------------------------------------
If ($error)
{
Write-Host "Child domain creation failed"
Exit 1001
}
Else
{
Write-Host "Child domain created successfully"
 |
| Task Sequence Snippet: Active Directory Installation |
 |
| Installing an Active Directory Child Domain with Windows PowerShell |
No comments:
Post a Comment