en-us/about_AutomatedLab_activedirectory.help.txt
|
TOPIC
about_automatedlab_activedirectory SHORT DESCRIPTION Generic help about the Role 'activedirectory' in AutomatedLab LONG DESCRIPTION Active Directory For Active Directory AutomatedLab provides three roles: RootDC, FirstChildDC and DC. AL knows about standard parameters for all roles but allows a fair amount of customization. AL supports multi-forest and / or multi-domain environments in a single lab. AL will try to get the number of domains to add from the definition of domain controllers. AL auto-detects domains in a simple environment. If your lab is more complex, it is recommended to define the domains manually using the cmdlet Add-LabDomainDefinition. Some more documentation on the parameters is down below. ROOT DOMAIN CONTROLLERS (ROOTDC) Each forest starts with a Root Domain Controller. The number of forests in your lab is defined by the number of machines with the role RootDC and by the domains you are assigning these machines to. Having two Root Domain Controllers in a domain results in an error. The role RootDC supports the following parameters for customizations: SiteName, SiteSubnet, DomainFunctionalLevel and ForestFunctionalLevel. ROLE ASSIGNMENT The simple assignment that takes the default settings: Add-LabMachineDefinition -Name DC1 -OperatingSystem 'Windows 2016 SERVERDATACENTER' -Roles RootDC The next example demonstrates the usage of all available parameters: $role = Get-LabMachineRoleDefinition -Role RootDC @{ ForestFunctionalLevel = 'Win2012R2' DomainFunctionalLevel = 'Win2012R2' SiteName = 'Frankfurt' SiteSubnet = '192.168.10.0/24' } Add-LabMachineDefinition -Name T3RDC1 -IpAddress 192.168.10.10 -DomainName contoso.com -Roles $role FIRST CHILD DOMAIN CONTROLLER (FIRSTCHILDDC) If you need a child domain or a new tree in your forest, you start with assigning this role to a machine. Like for the RootDC role AL tries to auto-detect missing data, like the root domain. If you assign a role FirstChildDC to a machine which is in the domain child.contoso.com, AL take contoso.com as the parent domain. If you are running more than one forest in a lab, this cannot work anymore and some more data is required. This role needs to know about the name of the new child domain or domain tree and the parent domain name. If this cannot be retrieved automatically, an error is thrown. ROLE ASSIGNMENT The simple example for this role looks identical with the one for the role RootDC. The next example demonstrates all available parameters: $role = Get-LabMachineRoleDefinition -Role FirstChildDC @{ ParentDomain = 'contoso.com' NewDomain = 'emea' DomainFunctionalLevel = 'Win2012R2' SiteName = 'London' SiteSubnet = '192.168.50.0/24' } Add-LabMachineDefinition -Name LDC1 -IpAddress 192.168.50.10 -DomainName emea.contoso.com -Roles $role DOMAIN CONTROLLER (DC) This role can be assigned to a machine to become an additional domain controller in a root or child domain defined earlier. You cannot have the role DC without having also the role RootDC or FirstChildDC. This role supports the parameters SiteName, SiteSubnet and ReadOnly ROLE ASSIGNMENT Using all these parameters looks like this: $role = Get-LabMachineRoleDefinition -Role DC @{ SiteName = 'Milano' SiteSubnet = '192.168.60.0/24' IsReadOnly = 'true' } Add-LabMachineDefinition -Name RODC1 -IpAddress 192.168.60.10 -DomainName emea.contoso.com -Roles $role INSTALLATION PROCESS The installation is done when calling 'Install-Lab' without using additional parameters. To start only the Active Directory installation, you can use 'Install-Lab -Domains'. REQUIREMENTS This role cannot be assigned to a client OS. The only additional requirement is to provide the correct data if AL cannot discover your intended setup automatically. PARAMETERS FORESTFUNCTIONALLEVEL (ROOTDC) This value is only available for the RootDC role and takes the Forest Functional Level. Valid values are - Win2008R2 - Win2012 - Win2012R2 - WinThreshold (Win2016) DOMAINFUNCTIONALLEVEL (ROOTDC AND FIRSTCHILDDC) This value is available on the roles RootDC and FirstChildDC and controls the Domain Functional Level. Valid values are - Win2008R2 - Win2012 - Win2012R2 - WinThreshold (Win2016) SITENAME When defined, AL creates the given site after promoting the domain controller and moves the domain controller into that site. DATABASEPATH Stores the AD database files in the given folder. LOGPATH Stores the AD log files in the given folder. SYSVOLPATH Stores the Sysvol folder in the given folder DSRMPASSWORD When defined, set the Directory Services Restore Mode password to something different than the lab's install user's password. SITESUBNET When defined, AL creates a new Active Directory Replication subnet and assigns it to the site creates previously. The parameter SiteSubnet requires SiteName to be defined. ISREADONLY (DC) This string parameter makes the domain controller a read-only domain controller. Use 'true' to enable the ReadOnly DC role. NEWDOMAIN (FIRSTCHILDDC) Defines the new domain name for the FirstChildDC. If this value is a FQDN, AL creates a new domain tree, in case of a short name a child domain is created. PARENTDOMAIN (FIRSTCHILDDC) This specifies the root domain the new domain should be located in. The parameter takes the full FQDN. |