├── DomainControllerConfig.ps1 ├── LICENSE ├── README.md ├── SECURITY.md └── appveyor.yml /DomainControllerConfig.ps1: -------------------------------------------------------------------------------- 1 |  2 | <#PSScriptInfo 3 | 4 | .VERSION 0.3.1 5 | 6 | .GUID edd05043-2acc-48fa-b5b3-dab574621ba1 7 | 8 | .AUTHOR Michael Greene 9 | 10 | .COMPANYNAME Microsoft Corporation 11 | 12 | .COPYRIGHT 13 | 14 | .TAGS DSCConfiguration 15 | 16 | .LICENSEURI https://github.com/Microsoft/DomainControllerConfig/blob/master/LICENSE 17 | 18 | .PROJECTURI https://github.com/Microsoft/DomainControllerConfig 19 | 20 | .ICONURI 21 | 22 | .EXTERNALMODULEDEPENDENCIES 23 | 24 | .REQUIREDSCRIPTS 25 | 26 | .EXTERNALSCRIPTDEPENDENCIES 27 | 28 | .RELEASENOTES 29 | https://github.com/Microsoft/DomainControllerConfig/blob/master/README.md#versions 30 | 31 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 32 | 33 | #> 34 | 35 | #Requires -module @{ModuleName = 'xActiveDirectory';ModuleVersion = '2.17.0.0'} 36 | #Requires -module @{ModuleName = 'xStorage'; ModuleVersion = '3.4.0.0'} 37 | #Requires -module @{ModuleName = 'xPendingReboot'; ModuleVersion = '0.3.0.0'} 38 | 39 | <# 40 | 41 | .DESCRIPTION 42 | Demonstrates a minimally viable domain controller configuration script 43 | compatible with Azure Automation Desired State Configuration service. 44 | 45 | Required variables in Automation service: 46 | - Credential to use for AD domain admin 47 | - Credential to use for Safe Mode recovery 48 | 49 | Create these credential assets in Azure Automation, 50 | and set their names in lines 11 and 12 of the configuration script. 51 | 52 | Required modules in Automation service: 53 | - xActiveDirectory 54 | - xStorage 55 | - xPendingReboot 56 | 57 | #> 58 | 59 | configuration DomainControllerConfig 60 | { 61 | 62 | Import-DscResource -ModuleName @{ModuleName = 'xActiveDirectory'; ModuleVersion = '2.17.0.0'} 63 | Import-DscResource -ModuleName @{ModuleName = 'xStorage'; ModuleVersion = '3.4.0.0'} 64 | Import-DscResource -ModuleName @{ModuleName = 'xPendingReboot'; ModuleVersion = '0.3.0.0'} 65 | Import-DscResource -ModuleName 'PSDesiredStateConfiguration' 66 | 67 | # When using with Azure Automation, modify these values to match your stored credential names 68 | $domainCredential = Get-AutomationPSCredential 'Credential' 69 | $safeModeCredential = Get-AutomationPSCredential 'Credential' 70 | 71 | node localhost 72 | { 73 | WindowsFeature ADDSInstall 74 | { 75 | Ensure = 'Present' 76 | Name = 'AD-Domain-Services' 77 | } 78 | 79 | xWaitforDisk Disk2 80 | { 81 | DiskId = 2 82 | RetryIntervalSec = 10 83 | RetryCount = 30 84 | } 85 | 86 | xDisk DiskF 87 | { 88 | DiskId = 2 89 | DriveLetter = 'F' 90 | DependsOn = '[xWaitforDisk]Disk2' 91 | } 92 | 93 | xPendingReboot BeforeDC 94 | { 95 | Name = 'BeforeDC' 96 | SkipCcmClientSDK = $true 97 | DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF' 98 | } 99 | 100 | # Configure domain values here 101 | xADDomain Domain 102 | { 103 | DomainName = 'contoso.local' 104 | DomainAdministratorCredential = $domainCredential 105 | SafemodeAdministratorPassword = $safeModeCredential 106 | DatabasePath = 'F:\NTDS' 107 | LogPath = 'F:\NTDS' 108 | SysvolPath = 'F:\SYSVOL' 109 | DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF','[xPendingReboot]BeforeDC' 110 | } 111 | 112 | Registry DisableRDPNLA 113 | { 114 | Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' 115 | ValueName = 'UserAuthentication' 116 | ValueData = 0 117 | ValueType = 'Dword' 118 | Ensure = 'Present' 119 | DependsOn = '[xADDomain]Domain' 120 | } 121 | } 122 | } 123 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Domain Controller Configuration 2 | 3 | [![Build status](https://ci.appveyor.com/api/projects/status/etckoqaotkdh4s3s/branch/master?svg=true)](https://ci.appveyor.com/project/PowerShell/domaincontrollerconfig/branch/master) 4 | 5 | This DSC Configuration script is in PREVIEW 6 | as a minimal viable product. 7 | The work remaining for this script includes: 8 | 9 | - Documentation including release notes 10 | - Integration/Acceptance tests specific to the scenario 11 | 12 | ## Contributing 13 | 14 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 15 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 16 | the rights to use your contribution. For details, visit https://cla.microsoft.com. 17 | 18 | When you submit a pull request, a CLA-bot will automatically determine whether you need to provide 19 | a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions 20 | provided by the bot. You will only need to do this once across all repos using our CLA. 21 | 22 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 23 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 24 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 25 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | version: 0.3.1.{build} 2 | clone_folder: c:\projects\$(APPVEYOR_PROJECT_NAME) 3 | environment: 4 | DiagnoseRg: $True 5 | RequiredModules: xActiveDirectory,xStorage,xPendingReboot 6 | TestResultsUploadURI: https://ci.appveyor.com/api/testresults/nunit/$(APPVEYOR_JOB_ID) 7 | ApplicationID: 8 | secure: mHB9K9ItLkpdxUR7WgBnuBiBOl3qgJT1yizvFZDOgkRxvTV5KoZJ8QuAp+F+EbV0 9 | SubscriptionID: 10 | secure: fhB5mHXLFRRc1/iwqCA9ibCqwg7qKqkayknhebLsM+FdlrmL80HCRm1vJYafomei 11 | TenantID: 12 | secure: J/my7xsOE9jewR0DDhD+EU5jeo5Bp83/nmIK8a8QI0QLoZXStCOtk1vUjVsKylW2 13 | ApplicationPassword: 14 | secure: zV3r4bwG65rWRfF1L23RYLj7GXVxsMdZtasCsX0+pYA= 15 | BuildFolder: $(APPVEYOR_BUILD_FOLDER) 16 | ProjectName: $(APPVEYOR_PROJECT_NAME) 17 | ProjectID: $(APPVEYOR_POJECT_ID) 18 | BuildID: $(APPVEYOR_BUILD_ID) 19 | matrix: 20 | fast_finish: true 21 | install: 22 | - git clone https://github.com/PowerShell/DscConfiguration.Tests 23 | - ps: | 24 | $null = Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.208 -Scope CurrentUser -Force 25 | Install-Module -Name PowerShellGet -MinimumVersion 1.6.0 -Scope CurrentUser -Repository PSGallery -AllowClobber -Force 26 | Install-Module InvokeBuild,Pester,PSScriptAnalyzer -Scope CurrentUser -SkipPublisherCheck -Repository PSGallery -Force 27 | 28 | # Load required modules from gallery 29 | foreach ($module in $env:RequiredModules.split(',')) { 30 | Install-Module $module -Repository PSGallery -Scope CurrentUser -Force 31 | } 32 | build_script: 33 | - ps: | 34 | Import-Module -Global -Name PowerShellGet -MinimumVersion 1.6.0 -Force 35 | if (Test-Path -Path .\.build.ps1) { 36 | Invoke-Build -Summary 37 | } 38 | else { 39 | Invoke-Build -File .\DscConfiguration.Tests\.build.ps1 -Summary 40 | } 41 | --------------------------------------------------------------------------------