From fe41d427b8ace893263ebc6b17d0a94c2f20591c Mon Sep 17 00:00:00 2001 From: Dominic Robinson Date: Mon, 11 Mar 2024 11:28:30 +0000 Subject: [PATCH 1/2] DSOS-2635: fixes to AD DomainController powershell --- .../Install-ModPlatformADDomainController.ps1 | 18 ++++++++++++++++-- ...Uninstall-ModPlatformADDomainController.ps1 | 3 ++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 index 8d3e77062..7ef2bcf2c 100644 --- a/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 +++ b/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 @@ -39,12 +39,26 @@ if (Add-ModPlatformADComputer -ModPlatformADConfig $ADConfig -ModPlatformADCrede $DFSReplicationStatus = Get-Service "DFS Replication" -ErrorAction SilentlyContinue if ($DFSReplicationStatus -eq $null) { + Import-Module ADDSDeployment $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools - Install-ADDSDomainController -DomainName $ADConfig.DomainNameFQDN -InstallDns:$true -Credential $ADAdminCredential -SafeModeAdministratorPassword $ADSafeModeAdministratorPassword -NoRebootOnCompletion -Force + Install-ADDSDomainController ` + -DomainName $ADConfig.DomainNameFQDN ` + -InstallDns:$true ` + -Credential $ADAdminCredential ` + -SafeModeAdministratorPassword $ADSafeModeAdministratorPassword ` + -NoRebootOnCompletion ` + -NoGlobalCatalog:$false ` + -CreateDnsDelegation:$false ` + -CriticalReplicationOnly:$false ` + -DatabasePath "C:\Windows\NTDS" ` + -LogPath "C:\Windows\NTDS" ` + -SysvolPath "C:\Windows\SYSVOL" ` + -SiteName "Default-First-Site-Name" ` + -Force Exit 3010 # triggers reboot if running from SSM Doc } else { - $Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon',’Active Directory Domain Services’ + $Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon','Active Directory Domain Services' ForEach ($Service in $Services) {Get-Service $Service | Select-Object Name, Status} } diff --git a/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 index c14b44826..a246576af 100644 --- a/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 +++ b/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 @@ -34,8 +34,9 @@ $ADSecret = Get-ModPlatformADSecret -ModPlatformADConfig $ADConfig $DFSReplicationStatus = Get-Service "DFS Replication" -ErrorAction SilentlyContinue if ($DFSReplicationStatus -ne $null) { + Import-Module ADDSDeployment $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret - Uninstall-ADDSDomainController -Credential $ADAdminCredential -NoRebootOnCompletion -Force + Uninstall-ADDSDomainController -Credential $ADAdminCredential -NoRebootOnCompletion -DemoteOperationMasterRole -ForceRemoval -Force Exit 3010 # triggers reboot if running from SSM Doc } From f3400ed07ea34c216fcaf25fcf5a6c939118b649 Mon Sep 17 00:00:00 2001 From: Dominic Robinson Date: Mon, 11 Mar 2024 11:53:51 +0000 Subject: [PATCH 2/2] fix --- .../ModPlatformAD/Install-ModPlatformADDomainController.ps1 | 1 - .../ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 | 1 - 2 files changed, 2 deletions(-) diff --git a/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 index 7ef2bcf2c..442476377 100644 --- a/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 +++ b/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 @@ -39,7 +39,6 @@ if (Add-ModPlatformADComputer -ModPlatformADConfig $ADConfig -ModPlatformADCrede $DFSReplicationStatus = Get-Service "DFS Replication" -ErrorAction SilentlyContinue if ($DFSReplicationStatus -eq $null) { - Import-Module ADDSDeployment $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools diff --git a/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 index a246576af..b28981f1e 100644 --- a/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 +++ b/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 @@ -34,7 +34,6 @@ $ADSecret = Get-ModPlatformADSecret -ModPlatformADConfig $ADConfig $DFSReplicationStatus = Get-Service "DFS Replication" -ErrorAction SilentlyContinue if ($DFSReplicationStatus -ne $null) { - Import-Module ADDSDeployment $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret Uninstall-ADDSDomainController -Credential $ADAdminCredential -NoRebootOnCompletion -DemoteOperationMasterRole -ForceRemoval -Force