No SCVMM? No problem!
In my day to day operations I deploy and migrate to/from Active Directory Domain Services, File servers, and RDS servers on a pretty frequent basis – Most of the time on a single server for the SMB market so using SCVMM is not possible.
Of course I created documentation and checklists to follow with each deployment so my fellow engineers made the exact same machines as I did. But as can be expected installing server 2012 R2, the correct roles, and configuring everything took too much time and felt fairly repetitive. That’s when I started creating simple Powershell scripts to make sure we could deploy servers in just minutes instead of hours.
First I created my Windows Server 2012 R2 Base VHDX file. On this VM I installed only Windows Updates and nothing else. Then I started building a Powershell script to make sure I would install all the necessary roles and enable the ADDS role. Please note that the example script should be regarded as just an example to be used in this lab – the script reads a plain-text password and does not install ADDS using the Microsoft best-practices.
The following script installs all roles required for a single DC, with DirectAccess/SSTP available, it also installs .NET for application support. After the script completes it will auto-logon using the credentials you have provided and start the second script to finish installation. When it does this it configures DHCP with the IP range of 192.168.111.30 – 200. the script assumes you have named your DC “ADSERVER”.
The example script does not include any form of error correction or checks, and as such should only be used if you know what you’re doing 😉
Example Script 1: C:\ExampleScript1.ps1
Write-Host “|————————————————————————————————————————-” -foregroundcolor “magenta”
Write-Host “|Script made by Kelvin Tegelaar – http://www.cyberdrain.com – Requests specific variables and then installs ADDS,DHCP,RRAS” -foregroundcolor “magenta”
Write-Host “|————————————————————————————————————————-” -foregroundcolor “magenta”$ScriptName = “Server Installation Script”
$pass = Read-host “enter the new domain admin password – Please note that the script will be shown in plaintext.”
$domain = Read-host “enter the domain name in NON-FQDN format e.g. Contoso”
net user Administrator $pass
Write-Host “Disabling User Account Control.”
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0
import-module ServerManagerWrite-Host “Installing File & Storage Services.” -foregroundcolor “magenta”
Install-WindowsFeature FileAndStorage-Services -IncludeManagementTools
Write-Host “Installing DHCP.” -foregroundcolor “magenta”
Install-WindowsFeature DHCP -IncludeManagementTools
Write-Host “Installing Windows Search Services.” -foregroundcolor “magenta”
Install-WindowsFeature Search-Service -IncludeManagementTools
Write-Host “Installing RRAS” -foregroundcolor “magenta”
Install-WindowsFeature Directaccess-VPN -IncludeManagementTools
Write-Host “Installing .NET” -foregroundcolor “magenta”
Install-WindowsFeature NET-Framework-45-Features
Write-Host “Installing .NET Core” -foregroundcolor “magenta”
Install-WindowsFeature NET-Framework-45-Core
Write-Host “Installing Telnet-Client” -foregroundcolor “magenta”
Install-WindowsFeature Telnet-Client
Write-Host “Installing Windows Server Backup” -foregroundcolor “magenta”
Install-WindowsFeature Windows-Server-Backup -IncludeManagementToolsWrite-Host “Installing ADDS.” -foregroundcolor “magenta”
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName “$domain.local” -SafeModeAdministratorPassword (convertto-securestring $pass -asplaintext -force) -NoRebootOnCompletion -forceWrite-Host “Changing runonce to the configuration script.” -foregroundcolor “magenta”
$RunOnceKey = “HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce”
set-itemproperty $RunOnceKey “ConfigureServer” (‘C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe -executionPolicy Unrestricted -File ‘ + “C:\ExampleScript2.PS1 $domain $pass”)
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name DefaultUserName -Value “$domain\Administrator”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name DefaultPassword -Value “$pass”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name AutoAdminLogon -Value “1”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name ForceAutoLogon -Value “1”Write-Host “Done! Moving to restart” -foregroundcolor “magenta”
Restart-Computer
After the reboot the next script will be launched; Example script 2: C:\ExampleScript2.ps1
Write-Host “|————————————————————————————————————————-” -foregroundcolor “magenta”
Write-Host “|Script made by Kelvin Tegelaar – http://www.cyberdrain.com – Requests specific variables and then installs ADDS,DHCP,RRAS” -foregroundcolor “magenta”
Write-Host “|————————————————————————————————————————-” -foregroundcolor “magenta”
$ScriptName = “Configuration Script”
$domain = $args[0]
$pass = $args[1]Import-Module Servermanager
Write-Host “Creating OUs and Sub OU’s” -foregroundcolor “magenta”
Import-Module -Name ActiveDirectory
New-ADOrganizationalUnit -Name $domain -Path “dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Administrators” -Path “ou=$domain,dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Computers” -Path “ou=$domain,dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Distribution Groups” -Path “ou=$domain,dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Security Groups” -Path “ou=$domain,dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Servers” -Path “ou=$domain,dc=$domain,dc=local”
New-ADOrganizationalUnit -Name “Users” -Path “ou=$domain,dc=$domain,dc=local”Write-Host “Create Security Groups” -foregroundcolor “magenta”
New-ADGroup –name “VPN Users” –groupscope Global -Path “ou=Security Groups,ou=$domain,dc=$domain,dc=local”
ADD-ADGroupMember “VPN Users” –members AdministratorWrite-Host “Configuring DHCP.” -foregroundcolor “magenta”
Add-DhcpServerv4Scope -name “Network Range” -StartRange 192.168.111.30 -EndRange 192.168.111.200 -SubnetMask 255.255.255.0
Set-DhcpServerv4OptionValue -DnsDomain “$domain.local” -DnsServer 192.168.111.2 -Router 192.168.111.1
Add-DhcpServerInDC -DnsName “ADSERVER.$domain.local”Write-Host “Redirect OU’s” -foregroundcolor “magenta”
REDIRUSR “ou=Users,ou=$domain,DC=$domain,dc=LOCAL”
REDIRCMP “ou=COMPUTERS,ou=$domain,DC=$domain,dc=LOCAL”Write-Host “————————————————————————————————————————-” -foregroundcolor “magenta”
Write-Host “|Installation is completed. Please run Windows Updates” -foregroundcolor “magenta”
Write-Host “|REMINDER: Please change the following to ensure consistent deployment.” -foregroundcolor “magenta”
Write-Host “|Default User Group Policy: FolderRedirection.” -foregroundcolor “magenta”
Write-Host “|Default User Group Policy: Network mapping.” -foregroundcolor “magenta”
Write-Host “|Default Domain Group Policy: No password Policy.” -foregroundcolor “magenta”
Write-Host “|NPS Console: Allow VPN Users Group.” -foregroundcolor “magenta”
Write-Host “————————————————————————————————————————-” -foregroundcolor “magenta”
Pause
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name DefaultUserName -Value “0”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name DefaultPassword -Value “0”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name AutoAdminLogon -Value “0”
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name ForceAutoLogon -Value “0”
del C:\Examplescript1.ps1
del C:\Examplescript2.ps1
Of course this is not enough to automate the installation all the way – Someone will still have to launch the script and enter the variables. To make sure the installation would be completely automated we add C:\ExampleScript1.ps1 to the RunOnce key:
Write-Host “Changing RunOnce script.” -foregroundcolor “magenta”
$RunOnceKey = “HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce”
set-itemproperty $RunOnceKey “NextRun” (‘C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe -executionPolicy Unrestricted -File ‘ + “C:\ExampleScript1.ps1″)
After editing the RunOnce key you can shutdown the VM and make an export using the Hyperv console. The next time you import and start this VM all you have to do is enter the variables and the script takes care of the rest. Easy automated server installations that are consistent across all clients 🙂 The next blog will be about trying to launch remote scripts using PSExec and creating multiple exports and merging them to have an easy ready to use lab or even production environment.