From 09f36ea66a76935673e424b191e9dbc03dedffba Mon Sep 17 00:00:00 2001 From: djpbessems Date: Wed, 27 Jan 2021 12:12:44 +0100 Subject: [PATCH] Payloadscripts act on 'deployment.type' --- scripts/ADDS/payload/Apply-OVFProperties.ps1 | 42 ++++++++++++++----- .../scripts/01.Organizational units.ps1 | 4 +- scripts/ADDS/payload/scripts/02.Groups.ps1 | 4 +- scripts/ADDS/payload/scripts/03.Users.ps1 | 4 +- .../scripts/04.Delegation of Control.ps1 | 4 +- scripts/ADDS/payload/scripts/05.Firewall.ps1 | 4 +- .../ADDS/payload/scripts/07.DHCP scopes.ps1 | 4 +- .../ADDS/payload/scripts/08.DHCP failover.ps1 | 2 +- .../ADDS/payload/scripts/09.DNS records.ps1 | 4 +- .../scripts/10.Group Policy WMI Filters.ps1 | 4 +- scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 | 4 +- .../scripts/12.Restrict OU Permissions.ps1 | 4 +- .../13.Default Domain Password Policy.ps1 | 4 +- 13 files changed, 55 insertions(+), 33 deletions(-) diff --git a/scripts/ADDS/payload/Apply-OVFProperties.ps1 b/scripts/ADDS/payload/Apply-OVFProperties.ps1 index fb0dc71..0fadc11 100644 --- a/scripts/ADDS/payload/Apply-OVFProperties.ps1 +++ b/scripts/ADDS/payload/Apply-OVFProperties.ps1 @@ -30,22 +30,44 @@ foreach ($ovfProperty in $ovfProperties) { } # Check for mandatory values -If (!($ovfPropertyValues['guestinfo.hostname'] -and - $ovfPropertyValues['guestinfo.ipaddress'] -and - $ovfPropertyValues['guestinfo.dnsserver'] -and - $ovfPropertyValues['guestinfo.prefixlength'] -and - $ovfPropertyValues['guestinfo.gateway'] -and - $ovfPropertyValues['addsconfig.domainname'] -and - $ovfPropertyValues['addsconfig.netbiosname'] -and - $ovfPropertyValues['addsconfig.administratorpw'] -and - $ovfPropertyValues['addsconfig.safemodepw'])) { +Switch ($ovfPropertyValues['deployment.type']) { + 'primary' { + $MandatoryProperties, $MissingProperties = @('guestinfo.hostname', 'guestinfo.ipaddress', 'guestinfo.prefixlength', 'guestinfo.gateway', 'addsconfig.domainname', 'addsconfig.netbiosname', 'addsconfig.administratorpw', 'addsconfig.safemodepw', 'addsconfig.ntpserver'), @() + } + 'secondary' { + $MandatoryProperties, $MissingProperties = @('guestinfo.hostname', 'guestinfo.ipaddress', 'guestinfo.prefixlength', 'guestinfo.dnsserver', 'guestinfo.gateway', 'addsconfig.domainname', 'addsconfig.netbiosname', 'addsconfig.administratorpw', 'addsconfig.safemodepw', 'dhcpconfig.startip', 'dhcpconfig.endip', 'dhcpconfig.subnetmask', 'dhcpconfig.gateway', 'dhcpconfig.leaseduration'), @() + } + 'standalone' { + $MandatoryProperties, $MissingProperties = @('guestinfo.hostname', 'guestinfo.ipaddress', 'guestinfo.prefixlength', 'guestinfo.gateway', 'addsconfig.domainname', 'addsconfig.netbiosname', 'addsconfig.administratorpw', 'addsconfig.safemodepw', 'addsconfig.ntpserver', 'dhcpconfig.startip', 'dhcpconfig.endip', 'dhcpconfig.subnetmask', 'dhcpconfig.gateway', 'dhcpconfig.leaseduration'), @() + } + default { # Mandatory values missing, cannot provision. $WriteEventLogSplat = @{ LogName = 'Application' Source = 'OVF-Properties' EntryType = 'Error' EventID = 66 - Message = 'Mandatory values missing, cannot provision.' + Message = "Unexpected or no value set for property 'deployment.type', cannot provision." + } + Write-EventLog @WriteEventLogSplat + & schtasks.exe /Change /TN 'OVF-Properties' /DISABLE + Stop-Computer -Force + Exit + } +} +ForEach ($Property in $MandatoryProperties) { + If (!$ovfPropertyValues[$Property]) { + $MissingProperties += $Property + } +} +If ($MissingProperties.Length -gt 0) { + # Mandatory values missing, cannot provision. + $WriteEventLogSplat = @{ + LogName = 'Application' + Source = 'OVF-Properties' + EntryType = 'Error' + EventID = 66 + Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {'{0}' -f $_}) -join ', '), cannot provision." } Write-EventLog @WriteEventLogSplat & schtasks.exe /Change /TN 'OVF-Properties' /DISABLE diff --git a/scripts/ADDS/payload/scripts/01.Organizational units.ps1 b/scripts/ADDS/payload/scripts/01.Organizational units.ps1 index 692ef1c..08693a1 100644 --- a/scripts/ADDS/payload/scripts/01.Organizational units.ps1 +++ b/scripts/ADDS/payload/scripts/01.Organizational units.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".csv") } diff --git a/scripts/ADDS/payload/scripts/02.Groups.ps1 b/scripts/ADDS/payload/scripts/02.Groups.ps1 index 0525525..603511a 100644 --- a/scripts/ADDS/payload/scripts/02.Groups.ps1 +++ b/scripts/ADDS/payload/scripts/02.Groups.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".csv") } diff --git a/scripts/ADDS/payload/scripts/03.Users.ps1 b/scripts/ADDS/payload/scripts/03.Users.ps1 index ff2eed4..a711477 100644 --- a/scripts/ADDS/payload/scripts/03.Users.ps1 +++ b/scripts/ADDS/payload/scripts/03.Users.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".csv") } diff --git a/scripts/ADDS/payload/scripts/04.Delegation of Control.ps1 b/scripts/ADDS/payload/scripts/04.Delegation of Control.ps1 index c0ea438..3d19772 100644 --- a/scripts/ADDS/payload/scripts/04.Delegation of Control.ps1 +++ b/scripts/ADDS/payload/scripts/04.Delegation of Control.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $PSDrive = Get-PSDrive -Name 'AD' If ([boolean]$PSDrive -eq $False) { $NewPSDriveSplat = @{ diff --git a/scripts/ADDS/payload/scripts/05.Firewall.ps1 b/scripts/ADDS/payload/scripts/05.Firewall.ps1 index 7d4a897..aa20f1f 100644 --- a/scripts/ADDS/payload/scripts/05.Firewall.ps1 +++ b/scripts/ADDS/payload/scripts/05.Firewall.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', '.yml') Raw = $true diff --git a/scripts/ADDS/payload/scripts/07.DHCP scopes.ps1 b/scripts/ADDS/payload/scripts/07.DHCP scopes.ps1 index bcd906b..031213b 100644 --- a/scripts/ADDS/payload/scripts/07.DHCP scopes.ps1 +++ b/scripts/ADDS/payload/scripts/07.DHCP scopes.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on secondary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 4) { +# Only executed on secondary or standalone Domain Controller +If (@('secondary','standalone') -contains $Parameter['deployment.type']) { $AddDhcpServerv4ScopeSplat = @{ Name = 'Default DHCP scope' StartRange = [ipaddress]$Parameter['dhcpconfig.startip'] diff --git a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 index b3405bd..792ac35 100644 --- a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 +++ b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 @@ -5,7 +5,7 @@ Param( ) # Only executed on secondary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 4) { +If ($Parameter['deployment.type'] -eq 'secondary') { # Wait for secondary DHCP server to be registered in DNS $Timestamp, $TimeoutMinutes = (Get-Date), 5 Do { diff --git a/scripts/ADDS/payload/scripts/09.DNS records.ps1 b/scripts/ADDS/payload/scripts/09.DNS records.ps1 index ce4ef60..0c46fc2 100644 --- a/scripts/ADDS/payload/scripts/09.DNS records.ps1 +++ b/scripts/ADDS/payload/scripts/09.DNS records.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on secondary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 4) { +# Only executed on secondary or standalone Domain Controller +If (@('secondary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', '.yml') Raw = $True diff --git a/scripts/ADDS/payload/scripts/10.Group Policy WMI Filters.ps1 b/scripts/ADDS/payload/scripts/10.Group Policy WMI Filters.ps1 index 0c0495b..69b7129 100644 --- a/scripts/ADDS/payload/scripts/10.Group Policy WMI Filters.ps1 +++ b/scripts/ADDS/payload/scripts/10.Group Policy WMI Filters.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', '.yml') Raw = $True diff --git a/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 b/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 index f653a66..f2dd17a 100644 --- a/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 +++ b/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $NewPSSessionSplat = @{ ComputerName = $Parameter['guestinfo.hostname'] Credential = New-Object System.Management.Automation.PSCredential( diff --git a/scripts/ADDS/payload/scripts/12.Restrict OU Permissions.ps1 b/scripts/ADDS/payload/scripts/12.Restrict OU Permissions.ps1 index d5029b6..7f4582e 100644 --- a/scripts/ADDS/payload/scripts/12.Restrict OU Permissions.ps1 +++ b/scripts/ADDS/payload/scripts/12.Restrict OU Permissions.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $PSDrive = Get-PSDrive -Name 'AD' If ([boolean]$PSDrive -eq $False) { $NewPSDriveSplat = @{ diff --git a/scripts/ADDS/payload/scripts/13.Default Domain Password Policy.ps1 b/scripts/ADDS/payload/scripts/13.Default Domain Password Policy.ps1 index e2e3f98..474e008 100644 --- a/scripts/ADDS/payload/scripts/13.Default Domain Password Policy.ps1 +++ b/scripts/ADDS/payload/scripts/13.Default Domain Password Policy.ps1 @@ -4,8 +4,8 @@ Param( [hashtable]$Parameter ) -# Only executed on primary Domain Controller -If ((Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole -eq 5) { +# Only executed on primary or standalone Domain Controller +If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml") Raw = $True