Friday, August 3, 2018
SCVMM Service Template for the first DC in a Forest – part 2
SCVMM Service Template for the first DC in a Forest – part 2
Okay, so I posted the traditional way of handling this, with a BATCH file.
But, in reality all I did was sue a BATCH file to in turn process a PowerShell script. I considered this silly. There must be a way to process the PowerShell script without having to use the BATCH script.
I mean, come on. This is Server 2012 I am using and PowerShell v3. Yes, I know there are some advanced things that ca be done with BATCH scripting (I have done some in my history), but think out of the box here.
So, I spent bunches of time playing around with this (so you wouldn�t have to (if you stumbled on my post)).
In the end, it wasn�t that difficult, just had to think about things a bit differently.
Oh, and one important thing I left out of my previous post. Use a local administrator Run As account for adding the local administrator admin credentials to the OS and the same Run As account a second time to process the scripts.
So, here is the script the PowerShell way:
param (
[string]$domainName,
[string]$netbiosName,
[string]$safeModePass
)# Build a domain controller and the test domain.
# Add the RSAT tools
Add-WindowsFeature RSAT-AD-Tools# Add the features
Add-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
Add-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools
Add-WindowsFeature GPMC -IncludeAllSubFeature -IncludeManagementTools# convert the password to a secure string as required
$secPass = ConvertTo-SecureString -String $safeModePass -AsPlainText -Force# Create the Forest and Domain
Install-ADDSForest -CreateDnsDelegation:$false -DomainMode Win2012 -DomainName $domainName -DomainNetbiosName $netbiosName -ForestMode Win2012 -InstallDns -Force -SafeModeAdministratorPassword $secPass
I know what you are thinking, that can be shortened. And my reply; yes, it can. And you advanced folks, go right ahead.
Now, in the Application Configuration of the Tier in the Service. Two pre-install scripts.
The first pre-install script is to set script execution to RemoteSigned:
The executable program is: %WINDIR%System32WindowsPowerShellv1.0PowerShell.exe
And the Parameters are: -command set-executionpolicy remotesigned �force
(I don�t have a Run As account defined BTW).
The second pre-install script is everything above. But those are included in the Custom Resource Package as a .ps1 file.
The executable program is the same. The Parameters are different: -file .DomainController.ps1 @DomainName@ @DomainNetbiosName@ @SafeModeAdministratorPassword@
And the Run As account is my local admin run as account profile. And the timeout needs to be turned up to about 600 seconds.
That is it. I tried it a few times. It works.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.