My current adventure is providing guidance and coaching to 20+ Junior sys admins that have no experience with Active Directory.
I’ve had to do testing of some scripts for DNS setting from the command line, so I made up this little powershell script to use in the AWS user data section. The other advantage that this script has is that it’s a simpe cut and paste if you want to do it on an existing machine.. Just get rid of the <powershell> tags at the start and end of the file once you get a system up and running
As you can see the longest part of the script is writing the the unattend.txt file for the dcpromo.
<powershell> # This should be able to be pasted into an AWS system startup script, or use it # without the <powershell> tags on an existing system to make it a DC import-module ServerManager add-windowsfeature DNS, GPMC add-windowsfeature AD-Domain-Services, ADDS-Domain-Controller # create newforest-dcpromo.txt set Unattendfile "newforest-dcpromo.txt" add-content $Unattendfile "[DCINSTALL]" add-content $Unattendfile "InstallDNS=yes" add-content $Unattendfile "NewDomain=forest" add-content $Unattendfile "NewDomainDNSName=YOURDOMAIN.local" add-content $Unattendfile "DomainNetBiosName=YOURDOMAIN" add-content $Unattendfile "SiteName=Default-First-Site-Name" add-content $Unattendfile "ReplicaOrNewDomain=domain" add-content $Unattendfile "ForestLevel=3" add-content $Unattendfile "DomainLevel=3" add-content $Unattendfile "DatabasePath=""%systemroot%\NTDS""" add-content $Unattendfile "LogPath=""%systemroot%\NTDS""" add-content $Unattendfile "RebootOnCompletion=yes" add-content $Unattendfile "SYSVOLPath=""%systemroot%\SYSVOL""" add-content $Unattendfile "SafeModeAdminPassword=TheOopsPasswordGoesHere" add-content $Unattendfile "`n" #password of domain admin will be what administrator is dcpromo /unattend:newforest-dcpromo.txt </powershell>
So what’s next? Making this into a powershell script that I can run locally to do the entire server creation process.
The ever changing Sysadmin 