Puppet Class: active_directory::domain_controller

Defined in:
manifests/domain_controller.pp

Summary

This class manages Forest and child domain controllers. It can also manage AD users.

Overview

active_directory::domain_controller

This class manages Forest and child domain controllers.

active_directory::domain_controller { ‘first_AD’:

domain_name              => 'puppet.local',
domain_credential_user   => 'Administrator',
domain_credential_passwd => 'THis_should_be_nbetter',
safe_mode_passwd         => 'safe_P@ssw0rd',

}

Examples:

Create a new Forest domain controller.

Parameters:

  • domain_credential_user (String)

    The username for a user that has/will have domain administrator rights.

  • domain_credential_passwd (Sensitive[String[1]])

    The password for the user that has/will have domain admininstrator rights.

  • safe_mode_passwd (Sensitive[String[1]])

    The password for safe mode. The user for this is set to ‘Admininstrator’.

  • domain_name (String)

    The name of he domain to be managed.

  • ad_creation_retry_attempts (String)

    The number of times a non-Forest domain controller will attempt to contact the Forest controller to attempt domain creation.

  • ad_creation_retry_interval (String)

    The interval between attempts that the non-Forest domain controller will attempt to contact the Forest controller.

  • ad_db_path (Stdlib::AbsolutePath)

    The path where the Active Directory Database will be created/managed.

  • ad_log_path (Stdlib::AbsolutePath)

    The log path for Active Directory logs.

  • ad_users (Optional[Hash])

    A hash of Active Directory users to create. Must bw of the type ‘dsc_xaduser`.

  • parent_dns_addr (Optional[String])

    IP address of parent DNS server.

  • parent_domain_name (Optional[String])

    The name of the parent domain this domain will belong to. Not required for a new Forest.

  • sysvol_path (Stdlib::AbsolutePath)

    The system volumne path for Active Directory.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'manifests/domain_controller.pp', line 31

class active_directory::domain_controller (
  Sensitive[String[1]] $domain_credential_passwd,
  String               $domain_credential_user,
  String               $domain_name,
  Sensitive[String[1]] $safe_mode_passwd,

  # Uses hiera for defaults
  Optional[Hash]       $ad_users,
  Optional[String]     $parent_dns_addr,
  Optional[String]     $parent_domain_name,
  String               $ad_creation_retry_attempts,
  String               $ad_creation_retry_interval,
  Stdlib::AbsolutePath $ad_db_path,
  Stdlib::AbsolutePath $ad_log_path,
  Stdlib::AbsolutePath $sysvol_path,
) {

  if !($facts['os']['family'] == 'windows' and $facts['os']['release']['major'] =~ /2012 R2|2016|2019/) {
    fail("This class is for Windows 2012 R2, 2016 and 2019, not ${facts['os']['family']} and ${facts['os']['release']['major']}")
  }

  require active_directory::rsat_ad

  $_domain_credentials = {
    'user'     => $domain_credential_user,
    'password' => $domain_credential_passwd,
  }

  $_safemode_credentials = {
    'user'     => 'Administrator',
    'password' => $safe_mode_passwd,
  }

  if $parent_domain_name {

    if $facts['domain'] == $domain_name {
      $dns_array = ['127.0.0.1',$parent_dns_addr]
    } else {
      $dns_array = $parent_dns_addr
    }

    dsc_windowsfeature { 'dns':
      dsc_ensure => present,
      dsc_name   => 'dns',
    }

    dsc_dnsserveraddress { 'dnsserveraddress':
      dsc_address        => $dns_array,
      dsc_interfacealias => 'ethernet',
      dsc_addressfamily  => 'ipv4',
      require            => Dsc_windowsfeature['dns'],
    }

    dsc_xwaitforaddomain { $parent_domain_name:
      dsc_domainname           => $parent_domain_name,
      dsc_domainusercredential => $_domain_credentials,
      dsc_retryintervalsec     => $ad_creation_retry_interval,
      dsc_retrycount           => $ad_creation_retry_attempts,
      before                   => Dsc_xaddomain[$domain_name],
    }
  }

  dsc_windowsfeature { 'ADDSInstall':
    dsc_ensure => present,
    dsc_name   => 'AD-Domain-Services',
  }

  dsc_xaddomain { $domain_name:
    dsc_domainname                    => $domain_name,
    dsc_parentdomainname              => $parent_domain_name,
    dsc_domainadministratorcredential => $_domain_credentials,
    dsc_safemodeadministratorpassword => $_safemode_credentials,
    dsc_databasepath                  => $ad_db_path,
    dsc_sysvolpath                    => $sysvol_path,
    dsc_logpath                       => $ad_log_path,
    require                           => Dsc_windowsfeature['ADDSInstall'],
  }

  if $ad_users and !empty($ad_users) {
    $ad_users.each |String $ad_user,Hash $ad_user_data| {
      dsc_xaduser { $ad_user:
        *                                   => $ad_user_data,;
        default:
          dsc_domainname                    => $domain_name,
          dsc_domainadministratorcredential => $_domain_credentials,
          dsc_username                      => $ad_user,
          require                           => Dsc_xaddomain[$domain_name];
      }
    }
  }
}