From 50c14256818f1ea58e689868ae0b1e21afbb5578 Mon Sep 17 00:00:00 2001 From: JaromirK Date: Tue, 21 Nov 2023 15:14:24 +0100 Subject: [PATCH 1/3] simplified arc deployment --- .../Scenario.ps1 | 78 ++----------------- 1 file changed, 5 insertions(+), 73 deletions(-) diff --git a/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 b/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 index 879af2e3..fbbf0a7d 100644 --- a/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 +++ b/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 @@ -284,71 +284,11 @@ Install-Module -Name az.accounts -Force } -Credential $Credentials - #region Create AzADServicePrincipal for Arc Onboarding with custom permissions (jaromirk note: "Microsoft.Authorization/roleAssignments/write" needs to go away, however this is something that will as it's preview) - #Create Azure Stack HCI ARC Onboarding role https://learn.microsoft.com/en-us/azure-stack/hci/deploy/register-with-azure#assign-permissions-from-azure-portal - #https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#azure-connected-machine-onboarding - if (-not (Get-AzRoleDefinition -Name "Azure Stack HCI ARC Onboarding - Custom" -ErrorAction Ignore)){ - $Content=@" -{ - "Name": "Azure Stack HCI ARC Onboarding - Custom", - "Id": null, - "IsCustom": true, - "Description": "Custom Azure role to allow onboard Azure Stack HCI with azshci.arcinstaller", - "Actions": [ - "Microsoft.HybridCompute/machines/read", - "Microsoft.HybridCompute/machines/write", - "Microsoft.HybridCompute/privateLinkScopes/read", - "Microsoft.GuestConfiguration/guestConfigurationAssignments/read", - "Microsoft.HybridCompute/machines/extensions/write", - "Microsoft.Authorization/roleAssignments/write" - ], - "NotActions": [ - ], - "AssignableScopes": [ - "/subscriptions/$SubscriptionID" - ] - } -"@ - $Content | Out-File "$env:USERPROFILE\Downloads\customHCIRole.json" - New-AzRoleDefinition -InputFile "$env:USERPROFILE\Downloads\customHCIRole.json" - } - - #Create AzADServicePrincipal for Azure Stack HCI registration (if it does not exist) - $SP=Get-AZADServicePrincipal -DisplayName $ServicePrincipalName - if (-not $SP){ - $SP=New-AzADServicePrincipal -DisplayName $ServicePrincipalName -Role "Azure Stack HCI ARC Onboarding - Custom" - #remove default cred - Remove-AzADAppCredential -ApplicationId $SP.AppId - } - - #Create new SPN password - $credential = New-Object -TypeName "Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential" -Property @{ - "KeyID" = (new-guid).Guid ; - "EndDateTime" = [DateTime]::UtcNow.AddYears(1) - } - $Creds=New-AzADAppCredential -PasswordCredentials $credential -ApplicationID $SP.AppID - $SPNSecret=$Creds.SecretText - $SPAppID=$SP.AppID - $SecuredPassword = ConvertTo-SecureString $SPNSecret -AsPlainText -Force - $SPNCredentials= New-Object System.Management.Automation.PSCredential ($SPAppID,$SecuredPassword) - #endregion - - #deploy ARC Agent (It's failing, cant figure out why) + #deploy ARC Agent with device authentication + $ARMtoken = (Get-AzAccessToken).Token + $id = (Get-AzContext).Account.Id Invoke-Command -ComputerName $Servers -ScriptBlock { - Invoke-AzStackHciArcInitialization -SubscriptionID $using:SubscriptionID -ResourceGroup $using:ResourceGroupName -TenantID $using:TenantID -Cloud $using:Cloud -Region $Using:Location -SpnCredential $Using:SPNCredentials - } -Credential $Credentials - - #let's onboard ARC agent "manually" - Invoke-Command -ComputerName $Servers -ScriptBlock { - $machineName = [System.Net.Dns]::GetHostName() - $SPNCredentials=$using:SPNCredentials - $SPNpassword=$SPNCredentials.GetNetworkCredential().Password - & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --service-principal-id $using:SpnCredentials.UserName --service-principal-secret $SPNpassword --resource-group $using:ResourceGroupName --resource-name "$machineName" --tenant-id $using:TenantID --location $Using:Location --subscription-id $using:SubscriptionID --cloud $using:Cloud - } -Credential $Credentials - - #and let's run deployment again - Invoke-Command -ComputerName $Servers -ScriptBlock { - Invoke-AzStackHciArcInitialization -SubscriptionID $using:SubscriptionID -ResourceGroup $using:ResourceGroupName -TenantID $using:TenantID -Cloud $using:Cloud -Region $Using:Location -SpnCredential $Using:SPNCredentials + Invoke-AzStackHciArcInitialization -SubscriptionID $using:SubscriptionID -ResourceGroup $using:ResourceGroupName -TenantID $using:TenantID -Cloud $using:Cloud -Region $Using:Location -ArmAccessToken $using:ARMtoken -AccountID $using:id } -Credential $Credentials #endregion @@ -495,15 +435,8 @@ #make sure there is only one management NIC with IP address (setup is complaining about multiple gateways) Invoke-Command -ComputerName $servers -ScriptBlock { - $adapter=Get-NetIPConfiguration | Where-Object IPV4defaultGateway | Get-NetAdapter | Sort-Object Name | Select-Object -Skip 1 - #disable netbios (otherwise the apipa might be resolved instead of 10.x address) - $query="select * From Win32_NetworkAdapterConfiguration where Description = `'$($Adapter.Interfacedescription)`'" - $arguments = @{'TcpipNetbiosOptions' = [UInt32](2) } - Invoke-CimMethod -Query $query -Namespace Root/CIMV2 -MethodName SetTcpipNetbios -Arguments $arguments - #disable receiving address from dhcp - $adapter | Set-NetIPInterface -Dhcp Disabled + Get-NetIPConfiguration | Where-Object IPV4defaultGateway | Get-NetAdapter | Sort-Object Name | Select-Object -Skip 1 | Set-NetIPInterface -Dhcp Disabled } -Credential $Credentials - Clear-DnsClientCache #add key vault admin of current user to Resource Group $objectId = (Get-AzADUser -SignedIn).Id @@ -514,7 +447,6 @@ Set-LocalUser -Name Administrator -AccountNeverExpires -Password (ConvertTo-SecureString "LS1setup!LS1setup!" -AsPlainText -Force) } -Credential $Credentials - #endregion #region do the magic in azure portal From bb6120a37cb1d8e109efe75ecd98db4d946d5be0 Mon Sep 17 00:00:00 2001 From: JaromirK Date: Fri, 12 Jan 2024 10:37:00 +0100 Subject: [PATCH 2/3] updated DSC modules --- Scripts/1_Prereq.ps1 | 2 +- Scripts/2_CreateParentDisks.ps1 | 113 +++++++++++++++++++------------- 2 files changed, 70 insertions(+), 45 deletions(-) diff --git a/Scripts/1_Prereq.ps1 b/Scripts/1_Prereq.ps1 index 2d12aa26..a04140b1 100644 --- a/Scripts/1_Prereq.ps1 +++ b/Scripts/1_Prereq.ps1 @@ -171,7 +171,7 @@ If ( Test-Path -Path "$PSScriptRoot\Temp\Convert-WindowsImage.ps1" ) { #region Downloading required Posh Modules # Downloading modules into Temp folder if needed. - $modules=("xActiveDirectory","3.0.0.0"),("xDHCpServer","2.0.0.0"),("xDNSServer","1.15.0.0"),("NetworkingDSC","7.4.0.0"),("xPSDesiredStateConfiguration","8.10.0.0") + $modules=("ActiveDirectoryDsc","6.3.0"),("xDHCPServer","3.1.1"),("DnsServerDsc","3.0.0"),("NetworkingDSC","9.0.0"),("xPSDesiredStateConfiguration","9.1.0") foreach ($module in $modules){ WriteInfoHighlighted "Testing if modules are present" $modulename=$module[0] diff --git a/Scripts/2_CreateParentDisks.ps1 b/Scripts/2_CreateParentDisks.ps1 index fe4c1d05..a1a55deb 100644 --- a/Scripts/2_CreateParentDisks.ps1 +++ b/Scripts/2_CreateParentDisks.ps1 @@ -663,13 +663,14 @@ If (-not $isAdmin) { ) - Import-DscResource -ModuleName xActiveDirectory -ModuleVersion "3.0.0.0" - Import-DscResource -ModuleName xDNSServer -ModuleVersion "1.15.0.0" - Import-DSCResource -ModuleName NetworkingDSC -ModuleVersion "7.4.0.0" - Import-DSCResource -ModuleName xDHCPServer -ModuleVersion "2.0.0.0" - Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion "8.10.0.0" + Import-DscResource -ModuleName ActiveDirectoryDsc -ModuleVersion "6.3.0" + Import-DscResource -ModuleName DnsServerDsc -ModuleVersion "3.0.0" + Import-DSCResource -ModuleName NetworkingDSC -ModuleVersion "9.0.0" + Import-DSCResource -ModuleName xDHCPServer -ModuleVersion "3.1.1" + Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion "9.1.0" Import-DscResource -ModuleName PSDesiredStateConfiguration + Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename { @@ -714,115 +715,113 @@ If (-not $isAdmin) { DependsOn = "[WindowsFeature]ADDSInstall" } - xADDomain FirstDS + ADDomain FirstDS { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + Credential = $domainCred SafemodeAdministratorPassword = $safemodeAdministratorCred DomainNetbiosName = $node.DomainNetbiosName DependsOn = "[WindowsFeature]ADDSInstall" } - xWaitForADDomain DscForestWait + WaitForADDomain DscForestWait { DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = "[xADDomain]FirstDS" + Credential = $domainCred + DependsOn = "[ADDomain]FirstDS" } - xADOrganizationalUnit DefaultOU + ADOrganizationalUnit DefaultOU { Name = $Node.DefaultOUName Path = $Node.DomainDN ProtectedFromAccidentalDeletion = $true Description = 'Default OU for all user and computer accounts' Ensure = 'Present' - DependsOn = "[xADDomain]FirstDS" + DependsOn = "[ADDomain]FirstDS" } - xADUser SQL_SA + ADUser SQL_SA { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + Credential = $domainCred UserName = "SQL_SA" Password = $NewADUserCred Ensure = "Present" - DependsOn = "[xADOrganizationalUnit]DefaultOU" + DependsOn = "[ADOrganizationalUnit]DefaultOU" Description = "SQL Service Account" Path = "OU=$($Node.DefaultOUName),$($Node.DomainDN)" PasswordNeverExpires = $true } - xADUser SQL_Agent + ADUser SQL_Agent { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + Credential = $domainCred UserName = "SQL_Agent" Password = $NewADUserCred Ensure = "Present" - DependsOn = "[xADOrganizationalUnit]DefaultOU" + DependsOn = "[ADOrganizationalUnit]DefaultOU" Description = "SQL Agent Account" Path = "OU=$($Node.DefaultOUName),$($Node.DomainDN)" PasswordNeverExpires = $true } - xADUser Domain_Admin + ADUser Domain_Admin { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + Credential = $domainCred UserName = $Node.DomainAdminName Password = $NewADUserCred Ensure = "Present" - DependsOn = "[xADOrganizationalUnit]DefaultOU" + DependsOn = "[ADOrganizationalUnit]DefaultOU" Description = "DomainAdmin" Path = "OU=$($Node.DefaultOUName),$($Node.DomainDN)" PasswordNeverExpires = $true } - xADUser VMM_SA + ADUser VMM_SA { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + Credential = $domainCred UserName = "VMM_SA" Password = $NewADUserCred Ensure = "Present" - DependsOn = "[xADUser]Domain_Admin" + DependsOn = "[ADUser]Domain_Admin" Description = "VMM Service Account" Path = "OU=$($Node.DefaultOUName),$($Node.DomainDN)" PasswordNeverExpires = $true } - xADGroup DomainAdmins + ADGroup DomainAdmins { GroupName = "Domain Admins" - DependsOn = "[xADUser]VMM_SA" + DependsOn = "[ADUser]VMM_SA" MembersToInclude = "VMM_SA",$Node.DomainAdminName } - xADGroup SchemaAdmins + ADGroup SchemaAdmins { GroupName = "Schema Admins" GroupScope = "Universal" - DependsOn = "[xADUser]VMM_SA" + DependsOn = "[ADUser]VMM_SA" MembersToInclude = $Node.DomainAdminName } - xADGroup EntAdmins + ADGroup EntAdmins { GroupName = "Enterprise Admins" GroupScope = "Universal" - DependsOn = "[xADUser]VMM_SA" + DependsOn = "[ADUser]VMM_SA" MembersToInclude = $Node.DomainAdminName } - xADUser AdministratorNeverExpires + ADUser AdministratorNeverExpires { DomainName = $Node.DomainName UserName = "Administrator" Ensure = "Present" - DependsOn = "[xADDomain]FirstDS" + DependsOn = "[ADDomain]FirstDS" PasswordNeverExpires = $true } @@ -836,7 +835,7 @@ If (-not $isAdmin) { { Ensure = "Present" Name = "DHCP" - DependsOn = "[xADDomain]FirstDS" + DependsOn = "[ADDomain]FirstDS" } Service DHCPServer #since insider 17035 dhcpserver was not starting for some reason @@ -868,19 +867,45 @@ If (-not $isAdmin) { DependsOn = "[Service]DHCPServer" } - xDhcpServerOption MgmtScopeRouterOption + # Setting scope gateway + DhcpScopeOptionValue 'ScopeOptionGateway' { - Ensure = 'Present' - ScopeID = ($DHCPscope+"0") - DnsDomain = $Node.DomainName - DnsServerIPAddress = ($DHCPscope+"1") + OptionId = 3 + Value = ($DHCPscope+"1") + ScopeId = ($DHCPscope+"0") + VendorClass = '' + UserClass = '' AddressFamily = 'IPv4' - Router = ($DHCPscope+"1") - DependsOn = "[Service]DHCPServer" + DependsOn = "[xDhcpServerScope]ManagementScope" + } + + # Setting scope DNS servers + DhcpScopeOptionValue 'ScopeOptionDNS' + { + OptionId = 6 + Value = ($DHCPscope+"1") + ScopeId = ($DHCPscope+"0") + VendorClass = '' + UserClass = '' + AddressFamily = 'IPv4' + DependsOn = "[xDhcpServerScope]ManagementScope" + } + + # Setting scope DNS domain name + DhcpScopeOptionValue 'ScopeOptionDNSDomainName' + { + OptionId = 15 + Value = $Node.DomainName + ScopeId = ($DHCPscope+"0") + VendorClass = '' + UserClass = '' + AddressFamily = 'IPv4' + DependsOn = "[xDhcpServerScope]ManagementScope" } xDhcpServerAuthorization LocalServerActivation { + IsSingleInstance = 'Yes' Ensure = 'Present' } @@ -890,13 +915,13 @@ If (-not $isAdmin) { Name = "DSC-Service" } - xDnsServerADZone addReverseADZone + DnsServerADZone addReverseADZone { Name = $ReverseDNSrecord DynamicUpdate = "Secure" ReplicationScope = "Forest" Ensure = "Present" - DependsOn = "[xDhcpServerOption]MgmtScopeRouterOption" + DependsOn = "[DhcpScopeOptionValue]ScopeOptionGateway" } If ($LabConfig.PullServerDC){ From ab1c69fc1f300d8b1dc17fe11284c4bbcc56bf28 Mon Sep 17 00:00:00 2001 From: JaromirK Date: Fri, 12 Jan 2024 11:38:36 +0100 Subject: [PATCH 3/3] removed trailing space chars --- Scripts/2_CreateParentDisks.ps1 | 106 ++++++++++++++++---------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/Scripts/2_CreateParentDisks.ps1 b/Scripts/2_CreateParentDisks.ps1 index a1a55deb..b5a3bd5b 100644 --- a/Scripts/2_CreateParentDisks.ps1 +++ b/Scripts/2_CreateParentDisks.ps1 @@ -4,9 +4,9 @@ If (-not $isAdmin) { Write-Host "-- Restarting as Administrator" -ForegroundColor Cyan ; Start-Sleep -Seconds 1 if($PSVersionTable.PSEdition -eq "Core") { - Start-Process pwsh.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs + Start-Process pwsh.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs } else { - Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs + Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs } exit @@ -15,7 +15,7 @@ If (-not $isAdmin) { #region Functions . $PSScriptRoot\0_Shared.ps1 # [!build-include-inline] - #Create Unattend for VHD + #Create Unattend for VHD Function CreateUnattendFileVHD{ param ( [parameter(Mandatory=$true)] @@ -72,8 +72,8 @@ If (-not $isAdmin) { true - true - true + true + true $TimeZone @@ -85,7 +85,7 @@ If (-not $isAdmin) { Set-Content -path $unattendFile -value $fileContent #return the file object - Return $unattendFile + Return $unattendFile } #endregion @@ -158,7 +158,7 @@ If (-not $isAdmin) { #DCHP scope $DHCPscope = $LabConfig.DHCPscope $ReverseDNSrecord = $DHCPscope -replace '^(\d+)\.(\d+)\.\d+\.(\d+)$','$3.$2.$1.in-addr.arpa' - $DHCPscope = $DHCPscope.Substring(0,$DHCPscope.Length-1) + $DHCPscope = $DHCPscope.Substring(0,$DHCPscope.Length-1) #endregion @@ -245,7 +245,7 @@ If (-not $isAdmin) { WriteInfoHighlighted "Checking if volume filesystem is NTFS or ReFS" $driveletter=$PSScriptRoot -split ":" | Select-Object -First 1 if ($PSScriptRoot -like "c:\ClusterStorage*"){ - WriteSuccess "`t Volume Cluster Shared Volume. Mountdir will be $env:Temp\MSLabMountdir" + WriteSuccess "`t Volume Cluster Shared Volume. Mountdir will be $env:Temp\MSLabMountdir" $mountdir="$env:Temp\MSLabMountdir" $VolumeFileSystem="CSVFS" }else{ @@ -279,7 +279,7 @@ If (-not $isAdmin) { $openFile = New-Object System.Windows.Forms.OpenFileDialog -Property @{ Title="Please select ISO image with Windows Server 2016, 2019, 2022 or Server Insider" } - $openFile.Filter = "iso files (*.iso)|*.iso|All files (*.*)|*.*" + $openFile.Filter = "iso files (*.iso)|*.iso|All files (*.*)|*.*" If($openFile.ShowDialog() -eq "OK"){ WriteInfo "File $($openfile.FileName) selected" } @@ -332,7 +332,7 @@ If (-not $isAdmin) { Multiselect = $true; Title = "Please select Windows Server Updates (*.msu). Click Cancel if you don't want any." } - $msupackages.Filter = "msu files (*.msu)|*.msu|All files (*.*)|*.*" + $msupackages.Filter = "msu files (*.msu)|*.msu|All files (*.*)|*.*" If($msupackages.ShowDialog() -eq "OK"){ WriteInfoHighlighted "Following patches selected:" WriteInfo "`t $($msupackages.filenames)" @@ -352,13 +352,13 @@ If (-not $isAdmin) { #Windows Server 2016 $ServerVHDs += @{ Kind = "Full" - Edition="4" + Edition="4" VHDName="Win2016_G2.vhdx" Size=127GB } $ServerVHDs += @{ Kind = "Core" - Edition="3" + Edition="3" VHDName="Win2016Core_G2.vhdx" Size=127GB } @@ -374,13 +374,13 @@ If (-not $isAdmin) { #Windows Server 2019 $ServerVHDs += @{ Kind = "Full" - Edition="4" + Edition="4" VHDName="Win2019_G2.vhdx" Size=127GB } $ServerVHDs += @{ Kind = "Core" - Edition="3" + Edition="3" VHDName="Win2019Core_G2.vhdx" Size=127GB } @@ -388,20 +388,20 @@ If (-not $isAdmin) { #Windows Server 2022 $ServerVHDs += @{ Kind = "Full" - Edition="4" + Edition="4" VHDName="Win2022_G2.vhdx" Size=127GB } $ServerVHDs += @{ Kind = "Core" - Edition="3" + Edition="3" VHDName="Win2022Core_G2.vhdx" Size=127GB } }elseif ($BuildNumber -gt 20348 -and $SAC){ $ServerVHDs += @{ Kind = "Core" - Edition="2" + Edition="2" VHDName="WinSrvInsiderCore_$BuildNumber.vhdx" Size=127GB } @@ -413,13 +413,13 @@ If (-not $isAdmin) { #Windows Sever Insider $ServerVHDs += @{ Kind = "Full" - Edition="4" + Edition="4" VHDName="WinSrvInsider_$BuildNumber.vhdx" Size=127GB } $ServerVHDs += @{ Kind = "Core" - Edition="3" + Edition="3" VHDName="WinSrvInsiderCore_$BuildNumber.vhdx" Size=127GB } @@ -450,7 +450,7 @@ If (-not $isAdmin) { 'ParentDisks','Temp','Temp\mountdir' | ForEach-Object { if (!( Test-Path "$PSScriptRoot\$_" )) { WriteInfoHighlighted "Creating Directory $_" - New-Item -Type Directory -Path "$PSScriptRoot\$_" + New-Item -Type Directory -Path "$PSScriptRoot\$_" } } @@ -528,8 +528,8 @@ If (-not $isAdmin) { $toolsVHD=New-VHD -Path "$PSScriptRoot\ParentDisks\tools.vhdx" -SizeBytes 300GB -Dynamic #mount and format VHD $VHDMount = Mount-VHD $toolsVHD.Path -Passthru - $vhddisk = $VHDMount| get-disk - $vhddiskpart = $vhddisk | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -AssignDriveLetter |Format-Volume -FileSystem NTFS -AllocationUnitSize 8kb -NewFileSystemLabel ToolsDisk + $vhddisk = $VHDMount| get-disk + $vhddiskpart = $vhddisk | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -AssignDriveLetter |Format-Volume -FileSystem NTFS -AllocationUnitSize 8kb -NewFileSystemLabel ToolsDisk $VHDPathTest=Test-Path -Path "$PSScriptRoot\Temp\ToolsVHD\" if (!$VHDPathTest){ @@ -632,7 +632,7 @@ If (-not $isAdmin) { New-item -type directory -Path $mountdir -force [System.Version]$VMVersion=(Get-WindowsImage -ImagePath $VHDPath -Index 1).Version Mount-WindowsImage -Path $mountdir -ImagePath $VHDPath -Index 1 - Use-WindowsUnattend -Path $mountdir -UnattendPath $unattendFile + Use-WindowsUnattend -Path $mountdir -UnattendPath $unattendFile #&"$PSScriptRoot\Temp\dism\dism" /mount-image /imagefile:$vhdpath /index:1 /MountDir:$mountdir #&"$PSScriptRoot\Temp\dism\dism" /image:$mountdir /Apply-Unattend:$unattendfile New-item -type directory -Path "$mountdir\Windows\Panther" -force @@ -650,12 +650,12 @@ If (-not $isAdmin) { #Create DSC configuration configuration DCHydration { - param + param ( - [Parameter(Mandatory)] - [pscredential]$safemodeAdministratorCred, + [Parameter(Mandatory)] + [pscredential]$safemodeAdministratorCred, - [Parameter(Mandatory)] + [Parameter(Mandatory)] [pscredential]$domainCred, [Parameter(Mandatory)] @@ -671,12 +671,12 @@ If (-not $isAdmin) { Import-DscResource -ModuleName PSDesiredStateConfiguration - Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename + Node $AllNodes.Where{$_.Role -eq "Parent DC"}.Nodename { - WindowsFeature ADDSInstall + WindowsFeature ADDSInstall { - Ensure = "Present" + Ensure = "Present" Name = "AD-Domain-Services" } @@ -717,18 +717,18 @@ If (-not $isAdmin) { ADDomain FirstDS { - DomainName = $Node.DomainName - Credential = $domainCred + DomainName = $Node.DomainName + Credential = $domainCred SafemodeAdministratorPassword = $safemodeAdministratorCred DomainNetbiosName = $node.DomainNetbiosName DependsOn = "[WindowsFeature]ADDSInstall" } - WaitForADDomain DscForestWait + WaitForADDomain DscForestWait { - DomainName = $Node.DomainName - Credential = $domainCred - DependsOn = "[ADDomain]FirstDS" + DomainName = $Node.DomainName + Credential = $domainCred + DependsOn = "[ADDomain]FirstDS" } ADOrganizationalUnit DefaultOU @@ -738,7 +738,7 @@ If (-not $isAdmin) { ProtectedFromAccidentalDeletion = $true Description = 'Default OU for all user and computer accounts' Ensure = 'Present' - DependsOn = "[ADDomain]FirstDS" + DependsOn = "[ADDomain]FirstDS" } ADUser SQL_SA @@ -954,8 +954,8 @@ If (-not $isAdmin) { AllNodes = @( @{ - Nodename = $DCName - Role = "Parent DC" + Nodename = $DCName + Role = "Parent DC" DomainAdminName=$LabConfig.DomainAdminName DomainName = $LabConfig.DomainName DomainNetbiosName = $LabConfig.DomainNetbiosName @@ -963,15 +963,15 @@ If (-not $isAdmin) { DefaultOUName=$LabConfig.DefaultOUName RegistrationKey='14fc8e72-5036-4e79-9f89-5382160053aa' PSDscAllowPlainTextPassword = $true - PsDscAllowDomainUser= $true - RetryCount = 50 - RetryIntervalSec = 30 + PsDscAllowDomainUser= $true + RetryCount = 50 + RetryIntervalSec = 30 } ) } #create LCM config - [DSCLocalConfigurationManager()] + [DSCLocalConfigurationManager()] configuration LCMConfig { Node DC @@ -979,7 +979,7 @@ If (-not $isAdmin) { Settings { RebootNodeIfNeeded = $true - ActionAfterReboot = 'ContinueConfiguration' + ActionAfterReboot = 'ContinueConfiguration' } } } @@ -1004,7 +1004,7 @@ If (-not $isAdmin) { WriteInfoHighlighted "`t Starting DC" $DC | Start-VM - $VMStartupTime = 250 + $VMStartupTime = 250 WriteInfoHighlighted "`t Configuring DC using DSC takes a while." WriteInfo "`t `t Initial configuration in progress. Sleeping $VMStartupTime seconds" Start-Sleep $VMStartupTime @@ -1016,7 +1016,7 @@ If (-not $isAdmin) { Start-Sleep 10 }elseif ($test.status -ne "Success" -and $i -eq 1) { WriteInfo "`t `t Current DSC state: $($test.status), ResourncesNotInDesiredState: $($test.resourcesNotInDesiredState.count), ResourncesInDesiredState: $($test.resourcesInDesiredState.count)." - WriteInfoHighlighted "`t `t Invoking DSC Configuration again" + WriteInfoHighlighted "`t `t Invoking DSC Configuration again" Invoke-Command -VMGuid $DC.id -ScriptBlock {Start-DscConfiguration -UseExisting} -Credential $cred $i++ }elseif ($test.status -ne "Success" -and $i -gt 1) { @@ -1025,7 +1025,7 @@ If (-not $isAdmin) { Invoke-Command -VMGuid $DC.id -ScriptBlock {Restart-Computer} -Credential $cred }elseif ($test.status -eq "Success" ) { WriteInfo "`t `t Current DSC state: $($test.status), ResourncesNotInDesiredState: $($test.resourcesNotInDesiredState.count), ResourncesInDesiredState: $($test.resourcesInDesiredState.count)." - WriteInfoHighlighted "`t `t DSC Configured DC Successfully" + WriteInfoHighlighted "`t `t DSC Configured DC Successfully" } }until ($test.Status -eq 'Success' -and $test.rebootrequested -eq $false) $test @@ -1035,7 +1035,7 @@ If (-not $isAdmin) { Param($LabConfig); redircmp "OU=$($LabConfig.DefaultOUName),$($LabConfig.DN)" Add-DnsServerPrimaryZone -NetworkID ($DHCPscope+"/24") -ReplicationScope "Forest" - } + } #install SCVMM or its prereqs if specified so if (($LabConfig.InstallSCVMM -eq "Yes") -or ($LabConfig.InstallSCVMM -eq "SQL") -or ($LabConfig.InstallSCVMM -eq "ADK") -or ($LabConfig.InstallSCVMM -eq "Prereqs")){ $DC | Add-VMHardDiskDrive -Path $toolsVHD.Path @@ -1068,7 +1068,7 @@ If (-not $isAdmin) { Start-Sleep 30 #Wait as sometimes VMM failed to install without this. Invoke-Command -VMGuid $DC.id -Credential $cred -ScriptBlock { Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force - d:\scvmm\3_SCVMM_Install.ps1 + d:\scvmm\3_SCVMM_Install.ps1 } } @@ -1076,7 +1076,7 @@ If (-not $isAdmin) { WriteInfoHighlighted "Installing SQL" Invoke-Command -VMGuid $DC.id -Credential $cred -ScriptBlock { Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force - d:\scvmm\1_SQL_Install.ps1 + d:\scvmm\1_SQL_Install.ps1 } } @@ -1159,7 +1159,7 @@ If (-not $isAdmin) { }else{ $renamed = $true WriteInfo "`t `t Cleaning unnecessary items" - Remove-Item -Path "$PSScriptRoot\temp" -Force -Recurse + Remove-Item -Path "$PSScriptRoot\temp" -Force -Recurse "$PSScriptRoot\Temp","$PSScriptRoot\1_Prereq.ps1","$PSScriptRoot\2_CreateParentDisks.ps1" | ForEach-Object { WriteInfo "`t `t `t Removing $_" Remove-Item -Path $_ -Force -Recurse -ErrorAction SilentlyContinue @@ -1223,11 +1223,11 @@ If (-not $isAdmin) { $vhdProperties['vhd.os.language'] = $OSLanguage } } - $events += New-TelemetryEvent -Event "CreateParentDisks.Vhd" -Metrics $vhdMetrics -Properties $vhdProperties -NickName $LabConfig.TelemetryNickName + $events += New-TelemetryEvent -Event "CreateParentDisks.Vhd" -Metrics $vhdMetrics -Properties $vhdProperties -NickName $LabConfig.TelemetryNickName } # and one overall - $events += New-TelemetryEvent -Event "CreateParentDisks.End" -Metrics $metrics -Properties $properties -NickName $LabConfig.TelemetryNickName + $events += New-TelemetryEvent -Event "CreateParentDisks.End" -Metrics $metrics -Properties $properties -NickName $LabConfig.TelemetryNickName Send-TelemetryEvents -Events $events | Out-Null }