Summary: Preconfigure a virtual machine as a domain controller including Windows PowerShell Desired State Configuration and DHCP.
Hey, Scripting Guy!
I saw how we could build the virtual machines from a template. Were you teasing us about creating a new domain controller in this lab environment? I’d really love to see the script that would configure a domain controller in a lab virtual machine!
—RR
Hello RR,
Honorary Scripting Guy, Sean Kearney, about to release the Kraken of Knowledge. Yes my good friend, with our current setup, we can set up that virtual machine to autostart to the point that we have a domain controller automatically!
Note This post is the last in a five-part series. To catch up, read:
- Set Up a Lab with Windows PowerShell and Free Microsoft Software: Part 1
- Set Up a Lab with Windows PowerShell and Free Microsoft Software: Part 2
- Set Up a Lab with Windows PowerShell and Free Microsoft Software: Part 3
- Set Up a Lab with Windows PowerShell and Free Microsoft Software: Part 4
At this point, we are creating a Windows PowerShell script. If you remember last time, for part of our set up, we have a Windows PowerShell script with the same name as a virtual machine for automatic setup.
In this case, I’m going to create a script for a virtual machine called EOT-DC01 for a future domain controller. We’re not simply going to spin up the Windows PowerShell cmdlet and create a new Active Directory; we are actually going to prepopulate some server features.
First, our server will need to have a static IP address configured. We’re also going to leverage all the new built-in cmdlets in Windows Server 2012 R2 to make this easier. For our lab, we’ll use 192.168.1.5, a 24-bit subnet mask (also known as 255.255.255.0), and a gateway of 192.168.1.1.
We are using two variables for the subnet mask because:
- I’m lazy and I don’t want to write a cool function to convert the subnet.
- We need two types of values for two types of cmdlets (the second are the DHCP cmdlets)
$DCIPAddress="192.168.1.5"
$DCGateway="192.168.1.1"
$DCPrefix=24
$DCSubnet="255.255.255.0"
Next on the list, we’ll define our domain name, folders for Active Directory, and a password for the safe-mode recovery for our domain. I fully recognize the password is sitting in clear text, and by all rights, this breaks every security rule! But remember, this is intended as use for lab environment. There are many great techniques for storing the password in a more secure manner if you need to, and you could easily adapt this script to it if you like it.
We are going to call our domain Contoso.local with an older NetBIOS name of CONTOSO. We’ll add a super secure password of P@ssw0rd.
$DomainName="Contoso.local"
$Netbios="CONTOSO"
$DB="C:\Windows\NTDS"
$Log="C:\Windows\NTDS"
$Sysvol="C:\Windows\Sysvol"
$Password='P@ssw0rd'
$SecurePassword=CONVERTTO-SecureString $Password -asplaintext -force
Coming up next is to assign an IP address. To configure an IP address in Windows Server 2012 R2, leverage the Get-NetAdapter and New-NetIPAddress cmdlets. Because this is a very simple server configuration, we do not need to filter out additional adapters.
Get-NetAdapter | NEW-NetIPAddress -IPAddress $DCIPAddress -Defaultgateway $DCGateway -Prefixlength $DCPrefix
To continue on with our domain controller, we need to add in some features. We need the Active Directory Domain Services binaries. I will also preload the bits for a DHCP server and Windows PowerShell Desired State Configuration.
Install-Windowsfeature AD-Domain-Services -includeallsubfeature -IncludeManagementTools
Install-WindowsFeature DHCP -IncludeAllSubFeature -IncludeManagementTools
Install-WindowsFeature DSC-Service -IncludeAllSubFeature -IncludeManagementTools
Now we’re going to predefine the scope for our DHCP server. This will be a simple scope of 100 potential addresses, starting at 192.168.1.100 and ending at 192.168.1.200. We are going to name it Contoso Lab DHCP Scope.
Because our domain controller will also be the primary DNS server in our lab, we can reuse the server IP address in our DHCP scope configuration:
$ScopeStart="192.168.1.100"
$ScopeEnd="192.168.1.200"
$ScopeSubnet="255.255.255.0"
$ScopeName="Contoso Lab DHCP Scope"
Then we need only add the cmdlets to create a DHCP scope:
ADD-DhcpserverV4Scope -StartRange $Scopestart -EndRange $ScopeEnd -SubnetMask $ScopeSubnet -Name $ScopeName
SET-DHCPServerV4Optionvalue -OptionID 6 -value $DCIPAddress
The following part is taken directly from the Windows Server 2012 R2 wizard for creating a domain controller. I have the variables at the top of script earlier so you can tweak them for your own needs and desires.
Import-Module ADDSDeployment
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath $DB `
-DomainMode "Win2012R2" -DomainName $DomainName -DomainNetbiosName $NETBIOS `
-ForestMode "Win2012R2" -InstallDns:$true -LogPath $Log `
-NoRebootOnCompletion:$false -SysvolPath $Sysvol -Force:$true `
-SafeModeAdministratorPassword $SecurePassword
Let’s keep in mind you need to authorize your DHCP server for it to be functional. But the Catch 22 is that you can’t authorize it in Active Directory until you have an Active Directory. This won’t happen until the Windows Server reboots. To ensure that this happens, we’ll populate an entry under the RunOnce key of our server to authorize the DHCP server after the reboot.
NEW-ITEMPROPERTY "HKLM:Software\Microsoft\Windows\CurrentVersion\RunOnce\" -Name "PoshStart" -Value "PowerShell -command {ADD-DHCPServerInDC -DNSName EOT-DC01.contoso.local -IPAddress $DCIPAddress}"
Save this script in the C:\ISO folder as EOT-DC01.PS1, and then run the previous script for making a virtual machine from a template file like this:
NEW-VMFromTemplate –VMName EOT-DC01
In about 10 minutes (depending on your hard-drive speed and CPU), you should have a fully live and active domain controller for a domain called Contoso.local.
As a safety feature, the DHCP server is authorized, but the scope is not enabled should this inadvertently spin up on a production LAN.
At this point if you needed to add any newly created virtual machines to the domain, you can create a Windows PowerShell script with the Add-Computer cmdlet.
The cool part is that this method will work on the free Hyper-V Server 2012 R2 in addition to the licensed version and Windows 8.1.
If you’re feeling adventurous, you could try modifying it for earlier versions of Hyper-V, for example, Windows Server 2008 R2 and Hyper-V Server 2008 R2. You may have to parse DiskPart for the drive letters, or leverage a utility such as Virtual CloneDrive to mount the CDs.
Enjoy the Power, and let me know how it works out for you! If you’d like to save yourself from headaches from typing the scripts, you can download the main structure from the Script Center Repository: Deploy PreConfigured Virtual Machines in Hyper-V Server 2012 R2. Remember that to get this all running, you need to download Pronichkin’s Convert-WindowsImage.ps1 and the Windows Server 2012 R2 Evaluation Media.
I invite you to follow The Scripting Guys on Twitter and Facebook. If you have any questions, send an email to The Scripting Guys at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then remember eat your Cmdlets each and every day with a taste dash of Creativity.
Sean Kearney, Windows PowerShell MVP and Honorary Scripting Guy