-
Notifications
You must be signed in to change notification settings - Fork 0
/
ADsetup_v1.ps1
executable file
·563 lines (410 loc) · 20.6 KB
/
ADsetup_v1.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
##
## Script created by Jeff Yana, August 6 2015, for Standard Vision LLC
##
## What this script does:
## On an existing Windows 2012 Server (R2) previously been promoted to Domain Controller and
## hosting a valid Windows 2102 Domain/Forest with supporting DNS services, this script does the following:
## adds the additional role of DHCP server; adds and configures all necessary networking (including a Teamed (virtual) interface)
## adds and configures the missing PTR (reverse) zone and select A and PTR Resource Records.
##
## This script will also add any number of users and groups the administrator prefers, but typically adds, via
## user-directed input, a common set of users and groups consistent across a typical Standard Vision customer site.
##
## Additional configuration tasks:
##
## System Requirements: It is assumed that the subject server has been previously promoted to the role of domain controller either
## manually using the Windows Server Essential 2012 Configuration Wizard (on Windows 2012 Essential systems), or DCPROMO mechanism on
## Windows Server Standard or Enterprise. The preferred and supported and tested method is by using the custom created Powershell script ( titled "start_wss_config_service")
## especially create for Standard Vision.
##
##
## REQUIRED FIXES:
##
## - Add a Scope Option for DNS Servers for DHCP
##
##
##
## TO DO:
##
## - Under "Add New Users To Groups", create loop to enable adding multiple users to a group at a time
## - Add logic to not create OUs if they exist
## - Add domain admin (xxx_admin) to custom Server Administrators, Network Administrators & Systems groups
## - Add logic to aggregate multiple group-adds when setting up new users using, for example, a comma separated list
## - Add A Records for all switches and network devices, players etc. Have a manual method to add them during initial setup instead of hard-coded. Same for PTR records.
## - Put the DHCP role add into a loop
## - Add additional A, PTR and alias DNS records (for devices that cannot join the domain,ex. mail, ccs-idrac, player1-idrac, player2-idrac, ups1, ups2 ... )
## - Automate setup of clocks, 1 clock for local time and the other for Los Angeles Time
## - Open ports firewall 8000-8002 for FSSO, In and Out
## - Add Telnet Client
##
Import-Module ActiveDirectory
Import-Module NetAdapter
####################################################################################
## (( BEGIN )) DEFINE FUNCTIONS ####################################################
####################################################################################
Function Password-Check{
param(
[string]$pwd = $(throw "Please specify password"),
[int]$minLength=12,
[int]$numUpper = 2,
[int]$numLower = 2,
[int]$numNumbers = 2,
[int]$numSpecial = 2
)
$upper = [regex]"[A-Z]"
$lower = [regex]"[a-z]"
$number = [regex]"[0-9]"
#Special is "none of the above"
$special = [regex]"[^a-zA-Z0-9]"
# Check the length.
if($pwd.length -lt $minLength) {$false; return}
# Check for minimum number of occurrences.
if($upper.Matches($pwd).Count -lt $numUpper ) {$false; return}
if($lower.Matches($pwd).Count -lt $numLower ) {$false; return}
if($number.Matches($pwd).Count -lt $numNumbers ) {$false; return}
if($special.Matches($pwd).Count -lt $numSpecial ) {$false; return}
# Passed all checks.
$true
}
####################################################################################
## (( END )) DEFINE FUNCTIONS ######################################################
####################################################################################
####################################################################################
## (( BEGIN )) DEFINE VARIABLES ####################################################
####################################################################################
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>> Dynamically Assigned Variables <<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Write-Host
Write-Host Preparing to setup the new system. We need to collect some information first . . .
Write-Host
Start-Sleep -s 2
#del Variable:\projCode
$projCode = Read-Host "`nPlease enter the Project Code for this install/site. `nExample: 1301"
Write-Host 'You selected:' $projCode
#del Variable:\fullNetID
$netID = Read-Host "`nPlease enter the IPv4 **Network Number** of your LAN. `nExample: 10.1.nn"
$fullNetID = $netID + '.0/25'
Write-Host ' You selected:' $fullNetID
#del Variable:\ccsIPv4addr
$ccsIPv4addr = Read-Host "`nPlease enter the IPv4 **Network Address** of this host. `nExample: $netID.nn"
Write-Host ' You selected:' $ccsIPv4addr
#del Variable:\subnetMask
$subnetMask = Read-Host "`nPlease enter the **Subnet Mask** for network address: $ccsIPv4addr . `nExample: 255.255.255.nnn"
Write-Host ' You selected:' $subnetMask
#del Variable:\router
$router = Read-Host "`nPlease enter the IPv4 **Gateway Address**. `nExample: $netID.1"
Write-Host ' You selected:' $router
#del Variable:\rDnsPrefix
$rDnsPrefix = Read-Host "`nPlease enter the **Reverse DNS Zone Prefix**.`nExample: nn.1.10"
Write-Host ' You entered:' $rDnsPrefix
#del Variable:\lan01
$lan01 = Read-Host "`nPlease enter the IPv4 Address for Lan01.`nExample: 10.1.NN.2"
Write-Host You entered: $lan01
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>>> Statically Assigned Variables <<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
$DomainName = -join ("domain",$projCode)
$allGroups = @()
$newUserOU = -join ("OU=Users,","OU=",$projCode,",","DC=",$DomainName,",","DC=lan")
$newGroupOU = -join ("OU=Groups,","OU=",$projCode,",","DC=",$DomainName,",","DC=lan")
$newCompOU = -join ("OU=Computers,","OU=",$projCode,",","DC=",$DomainName,",","DC=lan")
$rootDN = -join ("DC=",$DomainName,",","DC=lan")
$DnsSuffix = -join ($DomainName,".","lan")
$DnsDomain = -join (".",$DomainName,".","lan")
$OU = -join ("OU=",$projCode,",")
$fullDN = $OU += $rootDN
$dhcpServerName = -join ("CCS-", $projCode)
$DhcpServerFQDN = $dhcpServerName += $DnsDomain
$GTWYFQDN = -join ("gw",".",$DomainName,".","lan")
$LAN01FQDN = -join ("lan01",".",$DomainName,".","lan")
$rDnsSuffix = '.in-addr.arpa'
$revDnsZone = $rDnsPrefix
$revDnsZone += $rDnsSuffix
$gw = $router
$mySearchBase = $fullDN
## Network Variables
#$netadapter = Get-NetAdapter -Name Team1
####################################################################################
## (( END )) DEFINE VARIABLES ######################################################
####################################################################################
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Create New OUs <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Write-Host
Write-Host Please standby, creating new Organizational Units from newly inputted user data . . .
Write-Host
Start-Sleep -s 1
NEW-ADOrganizationalUnit -Name $projCode -Path $rootDN
NEW-ADOrganizationalUnit -Name Groups -Path $fullDN
NEW-ADOrganizationalUnit -Name Users -Path $fullDN
NEW-ADOrganizationalUnit -Name Computers -Path $fullDN
Start-Sleep -s 2
Write-Host
Write-Host . . . done . . .
Write-Host
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>> Define & Create New Security Groups <<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Write-Host
$Groups = @()
while(($inp = Read-Host -Prompt "Would you like to create new or additional security groups for ** $DomainName ** `n`nEnter 'Y' to Continue or 'N' to Exit.") -ne "N"){
switch($inp){
Y {Write-Host
$Groups += Read-Host -prompt "`nPlease enter the name(s) of the new security groups you would like to create. `nTo create more than one group at a time, use a comma-separated list of entries with no spaces.`n`nExample: Group1, Group2, My Groups. No quotes"
$AllGroups = $Groups.split(",")
if ($AllGroups -ne $null) {
Write-Host
Write-Host You entered:
Write-Host
foreach($Member in $AllGroups){ $Member }
Write-Host
Start-Sleep -s 3
Clear-Host
if(($inp = Read-Host -Prompt "Would you like to create new security groups? `n`nEnter 'Y' to Continue or 'N' to Exit") -ne "N"){
switch($inp){
Y {
Write-Host
## Loop through the $allGroups array, create new groups
foreach ($i in $AllGroups) {
New-ADGroup -Path $newGroupOU -Name $i -GroupScope Global -Whatif
}
Start-Sleep -s 1
Write-Host ... done ...
Start-Sleep -s 2
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Write-Host
} else { Write-Host `nYou entered a null value. Please try again`n
}
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Start-Sleep -s 1
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>>>> Define & Create New Users <<<<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Start-Sleep -s 1
Write-Host
while(($inp = Read-Host -Prompt "Would You Like to Create a NEW USER?`n`nEnter 'Y' to Continue or 'N' to Exit and commit any unsaved changes.") -ne "N"){
switch($inp){
Y {Write-Host `nCollecting important user information ...
$strDisplayName = Read-Host "`n Please Enter the 'Full Name' of the user (no quotes). Example: Joe Smith"
Write-Host "`n You entered:" $strDisplayName
Write-Host
$strUserName = Read-Host "Please Enter 'Log On' Name for the new user. Example: jsmith"
Write-Host "`n You entered:" $strUserName
$strPassword = Read-Host "`nPlease Enter a COMPLEX PASSWORD. A complex password consists of: `n`n - A minimum length of 12 apha-numeric characters `n - 2 upper case letters`n - 1 lower case letters`n - 2 numbers`n - 2 special characters`n`n"
"`nPassword '{0}'meets complexity requirements: {1}" -f $strPassword,(Password-Check $strPassword)
Write-Host
$pwdTest = $strPassword,(Password-Check $strPassword)
#Write-Host
#Write-Host $pwdTest
if ($pwdTest -eq "True" ) {" Password is valid ... Please re-enter Complex Password `n"
Start-Sleep -s 1
# Create Domain User Account
New-ADUser -Name $strUserName -UserPrincipalName $strUserName@$DnsSuffix -DisplayName $strDisplayName -Enabled $true -AccountPassword (Read-Host -AsSecureString $strPassword) -CannotChangePassword 1 -PasswordNeverExpires 1 -Path $newUserOU
Write-Host ' Please wait, adding new user ...'
Start-Sleep -s 2
}
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Write-Host ""
Write-Host . . . done . . .
Write-Host ""
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>>> Add New Users to New Groups <<<<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Start-Sleep -s 1
Write-Host
while(($inp = Read-Host -Prompt "Would you Like to add USERS to one or more GROUPS?`n`n Enter 'Y' to Continue or 'N' to Exit and commit any unsaved changes") -ne "N") {
switch($inp){
###
#### < ========== First Locate Existing Groups ========== >
###
Y{ Write-Host
Write-Host " Please Wait ... "
Start-Sleep -s 1
Write-Host
Write-Host " Locating Security Groups from domain ** $DomainName ** within Organization Unit: $MySearchBase"
Write-Host
Start-Sleep -s 3
Clear-Host
Get-ADGroup -Filter * -SearchBase $mySearchBase | Format-Table Name
$myGSelection = Read-Host "To continue, please select the desired Security Group from one the following 'Groups' (left column). No quotes."
Write-Host ""
Write-Host You selected: ** $myGSelection **
Start-Sleep -s 2
###
#### < ========== Next, Locate Existing Users ========== >
####
Clear-Host
Write-Host
Write-Host " Searching for existing users under OU:" $MySearchBase ...
Start-Sleep -s 2
## Get a list of all AD Users under specified Search Base
Get-AdUser -SearchBase $MySearchBase -Filter * -Properties Name | FT Name,samAccountName
$myUSelection = Read-Host `n"Please select the USER you would like to add to GROUP ** $myGSelection **. Choose either 'Name' or 'Log-In' (samAccountName)."
Write-Host
Write-Host " You selected user: **" $myUSelection **
Write-Host
Start-Sleep -s 2
Write-Host ... Adding User: $myUSelection to Group: $myGSelection
Write-Host
## Add AD User to AD Group
Add-ADGroupMember -identity $myGSelection -members $myUSelection
#$Error
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Write-Host
Write-Host . . . done . . .
Write-Host
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Setup Teamed Interface <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Start-Sleep -s 1
if(($inp = Read-Host -Prompt "Would You Like to setup NIC Teaming on your available, on-board network interfaces?`n`nEnter 'Y' to Continue or 'N' to Exit.") -ne "N"){
switch($inp){
Y {
New-NetLbfoTeam -Name Team1 -TeamMembers NIC1,NIC2 -TeamingMode SwitchIndependent
Write-Host
Write-Host . . . done . . .
Write-Host
Write-Host
Write-Host Configure Team1 Interface
Write-Host
Set-NetIPInterface -InterfaceAlias Team1 -dhcp Disabled
New-NetIPAddress -InterfaceAlias Team1 -AddressFamily IPV4 -IPaddress $ccsIPv4addr -PrefixLength 25 -Type Unicast -DefaultGateway $router
Set-DnsClientServerAddress -InterfaceAlias Team1 -ServerAddresses 127.0.0.1
Set-DnsClientGlobalSetting -SuffixSearchList $DnsSuffix
Start-Sleep -s 2
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Write-Host
Write-Host . . . done . . .
Write-Host
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>> Add DHCP Server Role & Configure <<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Write-Host
if(($inp = Read-Host -Prompt "Would You Like to setup DHCP Server on this system?`n`nEnter 'Y' to Continue or 'N' to Exit.") -ne "N"){
switch($inp){
Y {
$scopeID = Read-Host "`nThis systems will be shortly be promoted to the role of DHCP server.`n`nPlease enter the desired **DHCP Scope** for this server. `n`n Example: $netID.0"
Write-Host
Write-Host 'You selected:' $scopeID
$dhcpStart = Read-Host "`nPlease enter the **Starting** DHCP IP Address for Scope ID $scopeID.`n`n Example: $netID.nn"
Write-Host
Write-Host 'You selected:' $dhcpStart
$dhcpEnd = Read-Host "`nPlease enter the **Ending** DHCP IP Address for scope ID $scopeID.`n`n Example: $netID.nnn"
Write-Host
Write-Host 'You selected:' $dhcpEnd
Write-Host
Write-Host Adding DHCP Server Role, Please Wait ...
Add-WindowsFeature -IncludeManagementTools DHCP
Write-Host
Write-Host Restarting DHCP Server, Please Wait ...
Write-Host
restart-service dhcpserver
Write-Host
Write-Host Resuming DHCP Server Setup, Please Wait ...
Write-Host
Write-Host Running "Add-DhcpServerInDC" commandlet ...
Add-DhcpServerInDC -DnsName $dhcpServerName -IPAddress $ccsIPv4addr
Write-Host Running "Set-ItemProperty" commandlet ...
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ -Name ConfigurationState -Value 2
Write-Host Running "netsh" commandlet
netsh dhcp add securitygroups
Write-Host Running "Add-DhcpServerv4Scope" commandlet ...
Add-DhcpServerv4Scope -Name Production -Description "Production Network" -LeaseDuration 1:00:00:00 -StartRange $dhcpStart -EndRange $dhcpEnd -SubnetMask $subnetMask
Write-Host
Write-Host Running "Set-DhcpServerV4DnsSetting" commandlet ...
Set-DhcpServerV4DnsSetting -ComputerName $DhcpServerFQDN -DeleteDnsRROnLeaseExpiry 1 -DisableDnsPtrRRUpdate 1 -ScopeID $scopeID -DynamicUpdates OnClientRequest
Write-Host
Write-Host Running "Set-DhcpServerV4OptionValue" commandlet ...
Set-DhcpServerV4OptionValue -ComputerName $DhcpServerFQDN -ScopeID $scopeID -DnsDomain $DnsSuffix -DnsServer $ccsIPv4addr -Router $router
Write-Host
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
Q {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>>>> Enable Terminal Services & RDP <<<<<<<<<<<<<<<<<<<<<<<<
####################################################################################
Clear-Host
Write-Host
if(($inp = Read-Host -Prompt "Would you Like to setup Remote Access for Admin Users?`n`n Enter 'Y' to Continue or 'N' to Quit and Commit Changes.") -ne "N"){
switch($inp){
Y{
Write-Host
Write-Host " Enabling Remote Desktop Terminal Services"
Write-Host
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
}
#A {"Reserved for Future Options"}
#B {"Reserved for Future Options"}
N {"End"}
default {Write-Host 'Invalid entry. Please try again.'}
}
}
Write-Host
Write-Host . . . done . . .
Write-Host
####################################################################################
# >>>>>>>>>>>>>>>>>>>>>>> Add Reverse DNS Zone & A/PTR Records <<<<<<<<<<<<<<<<<<<<<
####################################################################################
Write-Host
Write-Host "Add Reverse DNS Zone and Populate with new A & PTR records"
Write-Host
## Add Reverse DNS Zone
Add-DnsServerPrimaryZone -NetworkID $fullNetID -ReplicationScope Forest
## Add Forward "A" Records
Write-Host ' Adding DNS 'CNAME' and 'A' Records for: dc1, gw, lan01'
Add-DnsServerResourceRecordCName -Name "dc1" -ZoneName $DnsSuffix -HostNameAlias $DhcpServerFQDN
Add-DnsServerResourceRecordA -Name "gw" -ZoneName $DnsSuffix -IPv4Address $router
Add-DnsServerResourceRecordA -Name "lan01" -ZoneName $DnsSuffix -IPv4Address $lan01
Write-Host
## Add Reverse "PTR" Records
Write-Host ' Adding DNS 'PTR' Records for: gw, lan01'
Add-DnsServerResourceRecordPtr -Name "1" -ZoneName 0.$revDnsZone -PtrDomainName $GTWYFQDN
Add-DnsServerResourceRecordPtr -Name "2" -ZoneName 0.$revDnsZone -PtrDomainName $LAN01FQDN
Write-Host
Write-Host
Write-Host ... Server Setup Complete ...
Write-Host