################# # Set Variables # ################# [Reflection.Assembly]::LoadWithPartialName(“System.Web”) ## Used to create random passwords [void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') Import-Module ActiveDirectory $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name #Get AD Domain (lightweight & fast method) $Computer = $env:ComputerName $CurrentUserName = $env:UserName $ADSite = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite() $DCPromoAnswerFile="c:\temp\dcpromo.ini" ## Set AD DB (NTDS) path $LocationNTDS = "e:\NTDS" ## Set AD DB Transaction Logs path $LocationNTDSLogs = "f:\NTDS" ## Set AD SYSVOL path $LocationSYSVOL = "f:\SYSVOL" ## Install DC From Media (requires IFM media set) $InstallFromMedia = "No" ## Set IFM media set path $DefaultIFMPath = "c:\temp\IFM" ## Reboot server after DCPromo completes $DCPromoReboot = "Yes" ## Install Domain Controller as Read-ONly Domain Controller (RODC) $ISRODC = "No" ## Install Domain Controller as a Global Catalog $ISGC = "No" ## Install Domain Controller as a DNS Server $DNSInstallSwitch = "Yes" ## Install Domain Controller as a WINS Server $InstallWINSServer ############################## # Enable Powershell Remoting # ############################## write-output "Enabling Powershell remoting... `r " Enable-PSRemoting -force ###################################################### # Configure Windows 2008 R2 Server Roles & Features # ###################################################### Write-Verbose "Server Core needs to use OCSetup to add roles and features `r " write-output "Configuring the server with the appropriate roles and features... `r " import-module servermanager Write-Verbose "Install Common Windows roles and features `r " add-windowsfeature GPMC, Backup-Features, Backup, Backup-Tools # add-windowsfeature AD-Domain-Services ##Not necessary to install - will be installed as part of DCPROMO - DO NOT PRE-INSTALL AD DS on Server Core Write-Verbose "Install Custom windows roles and features `r " IF ($DNSInstallSwitch -match "Yes") { add-windowsfeature DNS } IF ($InstallWINSServer -match "Yes") { add-windowsfeature WINS-Server } ################################## # DSRM SafeMode Password Config # ################################## Write-output "Configuring DSRM password... `r " Write-Verbose "Generate a random password 30 characters in length `r " $RandPassLength = [int] 30 Write-Output "Generating $RandPassLength Character Random Password for AD DSRM Account... `r " $DSRMPass = [System.Web.Security.Membership]::GeneratePassword($RandPassLength,2) $SafeModePWD = $DSRMPass Write-Output "DSRM is $DSRMPass `r " ######################################### # Specify DCPRomo Replication Source DC # ######################################### Write-Verbose "Specify DCPRomo Replication Source DC `r " Write-Verbose "This enables override cpaability in the standard DCPromo process of replicating with a local DC `r " write-output "You can specify the replication source DC for use during DCPromo. `r " write-output "This DC has to be available during the DCPromo process or DC promotion will fail. `r " write-output " `r " Write-Output "Prompt to specify explicit replication source DC `r " $Response = [Microsoft.VisualBasic.Interaction]::InputBox("Specify the replication source DC for use during DCPromo? ",` "Specify DCPromo Replication Source DC?","No") Switch ($Response) { ## OPEN Switch Response "Y" { $ExplicitSourceDC = "Yes" } "Yes" { $ExplicitSourceDC = "Yes" } DEFAULT { $ExplicitSourceDC = "No" } } ## CLOSE Switch Response IF ($ExplicitSourceDC -eq "Yes") { ## OPEN IF ExplicitSourceDC Yes write-output "By default, the script will autodiscover a 2008 R2 DC in the site. `r " write-output "You can specify a different replication source DC by entering the DC's FQDN. `r " Write-Verbose "Discover 2008 DC `r " $DiscoveredSourceDC = Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS $DefaultSourceDC = $DiscoveredSourceDC.HostName $SourceDC = Get-ADDomainController -identity "$DefaultSourceDC" $SourceDCOS = $SourceDC.OperatingSystem $SourceDCRO = $SourceDC.IsReadOnly IF ($SourceDCOS -like "*2003*") { ## OPEN IF The discovered DC is running Windows Server 2003 * write-output "Native autodiscover found a 2003 DC: $DefaultSourceDC `r " write-output "Please manually specify a 2008 R2 DC. `r " } ## CLOSE IF The discovered DC is running Windows Server 2003 * IF ($SourceDCOS -like "*2008 R2*") { ## OPEN IF The discovered DC is running Windows Server 2008 R2 write-output "Native autodiscover found the 2008 R2 DC: $DefaultSourceDC `r " } ## CLOSE IF The discovered DC is running Windows Server 2008 R2 IF ($SourceDCRO -eq $True) { ## OPEN IF The discovered DC is running Windows Server 2003 * write-output "Native autodiscover found a Read Only DC: $DefaultSourceDC `r " write-output "Please manually specify a 2008 R2 DC. `r " } ## CLOSE IF The discovered DC is running Windows Server 2003 * Write-Verbose "Specify explicit replication source DC `r " $ReplSourceDC = [Microsoft.VisualBasic.Interaction]::InputBox("Please enter the hostname of the DC you want to use as the DCPromo replication source DC",` "Specify DCPromo Replication Source DC?","$DefaultSourceDC") $ReplSourceDC = $ReplSourceDC.Replace(" ", "") IF (!$ReplSourceDC ) { $ReplSourceDC = $DefaultSourceDC } $ReplSourceDCInfo = Get-ADDomainController -identity "$ReplSourceDC" $ReplSourceDCOS = $ReplSourceDCInfo.OperatingSystem IF ($ReplSourceDCOS -like "*2003*") { ## OPEN IF The discovered DC is running Windows Server 2003 * write-output "You have selected the DC $ReplSourceDC which is running Windows Server 2003. `r " write-output "This DC is now set as the replication source DC. `r " } ## CLOSE IF The discovered DC is running Windows Server 2003 * IF ($ReplSourceDCOS -like "*2008 R2*") { ## OPEN IF The discovered DC is running Windows Server 2008 R2 write-output "$ReplSourceDC is a 2008 R2 DC. This DC is now set as the replication source DC. Continuing.. `r " } ## CLOSE IF The discovered DC is running Windows Server 2008 R2 } ## CLOSE IF ExplicitSourceDC Yes ####################################### # Final Prompt before running DCPromo # ####################################### Write-Verbose "Final Prompt before running DCPromo `r " IF ($DCPromoReboot = "Yes") { write-output "The server will reboot automatically upon DCPromo completion. Please review the $FinalTasksFile file for additional configuration items. `r " } IF ($DCPromoReboot = "No") { write-output "The server will NOT reboot automatically upon DCPromo completion. Please review the $FinalTasksFile file for additional configuration items. This file will automatically display. `r " } Write-Output "Once DCPromo starts, all data displayed on screen is logged to the DCPromo log file. `r " Write-Host "If there are any problems with the DCPromo process, please reference the DCPromo log files located in C:\Windows\Debug" -backgroundcolor DarkGreen `r Write-Output "If you receive a TCP error please doublecheck to ensure that all unused NICs are disabled (the issue arises when there is a NIC that is unplugged `r" ############################## # Build DCPromo Answer File # ############################## write-output "Building DCPromo answer file for automated DC Promotion... `r " Write-Verbose "If the DC will be an RODC, set config data here `r " IF ($ISRODC -match "Yes") { ## OPEN IF Bracket RODC is YES $DCInstallType = "ReadOnlyReplica" $CriticalReplication = "Yes" } ## CLOSE IF Bracket RODC is YES ELSE { ## OPEN IF Bracket RODC is NO $DCInstallType = "Replica" $CriticalReplication = "No" } ## CLOSE IF Bracket RODC is NO Write-Verbose "Build DCPROMO unattend file for Full DC `r " Write-Output "Building the DCPromo answer file for promotion to Domain Controller... `r " $DCPromoFile = @" [DCINSTALL] UserName=* UserDomain=$Domain Password=* SiteName=$ADSite ReplicaOrNewDomain=$DCInstallType ReplicaDomainDNSName=$Domain DatabasePath=$LocationNTDS LogPath=$LocationNTDSLogs SYSVOLPath=$LocationSYSVOL CriticalReplicationOnly=$CriticalReplication ConfirmGc=$ISGC RebootOnCompletion=$DCPromoReboot SafeModeAdminPassword=$SafeModePWD "@ $DCPromoFile | out-file c:\temp\dcpromo.ini -force Write-Verbose "Add ReplicationSourceDC to DCPROMO Unattend file `r " IF ($ExplicitSourceDC -match "Yes") { ## OPEN IF ISRODC Yes Write-output @" ReplicationSourceDC=$ReplSourceDC "@ | out-file c:\temp\dcpromo.ini -append } ## CLOSE IF ISRODC Yes Write-Verbose "Build DCPROMO unattend file for RODC `r " IF ($ISRODC -match "Yes") { ## OPEN IF ISRODC Yes Write-output @" PasswordReplicationDenied=Administrators PasswordReplicationAllowed="Allowed RODC Password Replication Group" DelegatedAdmin= "@ | out-file c:\temp\dcpromo.ini -append } ## CLOSE IF ISRODC Yes ###################################### # DCPromo Install From Media Option # ###################################### Write-Verbose "Install From Media? `r " IF ($InstallFromMedia -eq "No") { ## OPEN IF Statement for Install from Media (NO) Write-Verbose "Prompt to DCpromo `r " $title = "Promote Server $Computer to Domain Controller" $message = "Do you want to promote $Computer to Domain Controller Now?" $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Promotes server to DC." $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Exits the script." $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no) $result = $host.ui.PromptForChoice($title, $message, $options, 0) switch ($result) { ## OPEN Switch for DCPromo Prompt 0 { Write-Output "You selected Yes. Running DCPromo now. Review the DCPromo log file in c:\Windows\Debug for results. `r " ; dcpromo /unattend:$DCPromoAnswerFile} 1 { Write-Output "You selected No. `r " ; break} } ## CLOSE Switch for DCPromo Prompt } ## CLOSE IF Statement for Install from Media (NO) ELSE { ## OPEN ELSE Statement for Install from Media (YES) #Prompt to DCpromo $title = "Promote Server $Computer to Domain Controller using Install From Media (IFM) option. $Computer is flagged for IFM install." $message = "Do you want to promote $Computer to Domain Controller using Install From Media (IFM) option Now?" $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", ` "Promotes server to DC with Install From Media (IFM) option." $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", ` "Exits the script." $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no) $result = $host.ui.PromptForChoice($title, $message, $options, 0) SWITCH ($result) { ## OPEN Switch for DCPromo Prompt 0 { Write-Output "You selected Yes. Running DCPromo using IFM Switch `r " ; dcpromo /ADV /ReplicationSourcePath:$IFMPath /unattend:$DCPromoAnswerFile} 1 { Write-Output "You selected No. `r " ; break} } ## CLOSE Switch for DCPromo Prompt } ## CLOSE IF Statement for Install from Media (YES)