From 221e17a4de73768c42ed8e825252f1074118fd5e Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Thu, 11 Feb 2021 16:56:19 +0100
Subject: [PATCH] Housekeeping; Adding to documentation

---
 ...le.png => vAppProperties-ADDS-example.png} | Bin
 README.md                                     |  61 +++++++++++++++---
 .../ADDS/payload/scripts/08.DHCP failover.ps1 |   1 -
 scripts/Update-OvfConfiguration.yml           |  12 ++--
 4 files changed, 59 insertions(+), 15 deletions(-)
 rename .assets/{vAppProperties-example.png => vAppProperties-ADDS-example.png} (100%)
diff --git a/.assets/vAppProperties-example.png b/.assets/vAppProperties-ADDS-example.png
similarity index 100%
rename from .assets/vAppProperties-example.png
rename to .assets/vAppProperties-ADDS-example.png
diff --git a/README.md b/README.md
index 9184b94..86ba128 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,49 @@
 
 This OVA appliance allows deploying an Active Directory Domain Controller fully automated:  
 
+The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:  
+```xml
+<Envelope [...]>
+  [...]
+  <DeploymentOptionSection>
+    <Info>Deployment Type</Info>
+    <Configuration ovf:id="primary">
+      <Label>Primary (redundant deployment)</Label>
+      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
+    </Configuration>
+    <Configuration ovf:id="secondary">
+      <Label>Secondary (redundant deployment)</Label>
+      <Description>Additional Domain Controller</Description>
+    </Configuration>
+    <Configuration ovf:id="standalone">
+      <Label>Stand-alone (non-redundant deployment)</Label>
+      <Description>Single Domain Controller</Description>
+    </Configuration>
+  </DeploymentOptionSection>
+  <VirtualSystem ovf:id="[...]">
+    [...]
+    <ProductSection>
+      [...]
+      <Category>1) Operating System</Category>
+      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
+        <Label>Hostname*</Label>
+      </Property>
+      [...]
+      <Category>2) Networking</Category>
+      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
+        <Label>DNS server*</Label>
+      </Property>
+      [...]
+      <Category>3) Active Directory Domain Services</Category>
+      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
+        <Label>NTP Server*</Label>
+      [...]
+      </Property>
+    </ProductSection>
+  </VirtualSystem>
+</Envelope>
+```
+
 When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.  
 
 <table>
@@ -9,29 +52,31 @@ When **provisioning** the appliance through the vCenter 'Deploy OVF template...'
 <td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
 </tr>
 <tr>
-<td><img src=".assets/vAppProperties-example.png" alt="vApp properties" width="400" /></td>
+<td><img src=".assets/vAppConfigurations-ADDS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADDS-example.png" alt="vApp properties" width="400" /></td>
 <td>
 
 ```hcl
   vapp {
     properties = {
+      # "deployment.typ"             = "primary"
+      
       "guestinfo.hostname"         = "DC01"
       "guestinfo.ipaddress"        = "10.0.0.21"
       "guestinfo.prefixlength"     = "24"
-      "guestinfo.dnsserver"        = "0.0.0.0"
+      # "guestinfo.dnsserver"        = "0.0.0.0"
       "guestinfo.gateway"          = "10.0.0.1"
 
       "addsconfig.domainname"      = "contoso.com"
       "addsconfig.netbiosname"     = "CONTOSO"
       "addsconfig.administratorpw" = var.adds_adminpassword
       "addsconfig.safemodepw"      = var.adds_safemodepassword
-      "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"
+      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"
 
-      "dhcpconfig.startip"         = "10.0.0.50"
-      "dhcpconfig.endip"           = "10.0.0.250"
-      "dhcpconfig.subnetmask"      = "255.255.255.0"
-      "dhcpconfig.gateway"         = "10.0.0.1"
-      "dhcpconfig.leaseduration"   = "01:00:00.00"
+      # "dhcpconfig.startip"         = "10.0.0.50"
+      # "dhcpconfig.endip"           = "10.0.0.250"
+      # "dhcpconfig.subnetmask"      = "255.255.255.0"
+      # "dhcpconfig.gateway"         = "10.0.0.1"
+      # "dhcpconfig.leaseduration"   = "01:00:00.00"
     }
   }
 ```
diff --git a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1
index 792ac35..51b2aa6 100644
--- a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1	
+++ b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1	
@@ -27,7 +27,6 @@ If ($Parameter['deployment.type'] -eq 'secondary') {
 
     $NewCimSessionSplat = @{
         Credential   = New-Object System.Management.Automation.PSCredential(
-            ###! TODO: Replace this with code to automagically find required accountname (this hardcoded value might not be correct due to GPO's)
             (Get-ADUser -Filter * | Where-Object {$_.SID -match '-500'}).SamAccountName,
             (ConvertTo-SecureString $Parameter['addsconfig.administratorpw'] -AsPlainText -Force)
         )
diff --git a/scripts/Update-OvfConfiguration.yml b/scripts/Update-OvfConfiguration.yml
index 16e9480..b0752b4 100644
--- a/scripts/Update-OvfConfiguration.yml
+++ b/scripts/Update-OvfConfiguration.yml
@@ -1,13 +1,13 @@
 DeploymentConfigurations:
 - Id: primary
-  Label: Primary
-  Description: Initial Domain Controller with 'PDC Emulator'-role (redundant deployment)
+  Label: Primary (redundant deployment)
+  Description: Initial Domain Controller with 'PDC Emulator'-role
 - Id: secondary
-  Label: Secondary
-  Description: Additional Domain Controller (redundant deployment)
+  Label: Secondary (redundant deployment)
+  Description: Additional Domain Controller
 - Id: standalone
-  Label: Stand-alone
-  Description: Single Domain Controller (non-redundant deployment)
+  Label: Stand-alone (non-redundant deployment)
+  Description: Single Domain Controller
 PropertyCategories:
 - Name: ''
   ProductProperties:

vSphere 'Deploy OVF template...' wizard	HashiCorp Terraform vSphere provider
		```hcl vapp { properties = { + # "deployment.typ" = "primary" + "guestinfo.hostname" = "DC01" "guestinfo.ipaddress" = "10.0.0.21" "guestinfo.prefixlength" = "24" - "guestinfo.dnsserver" = "0.0.0.0" + # "guestinfo.dnsserver" = "0.0.0.0" "guestinfo.gateway" = "10.0.0.1" "addsconfig.domainname" = "contoso.com" "addsconfig.netbiosname" = "CONTOSO" "addsconfig.administratorpw" = var.adds_adminpassword "addsconfig.safemodepw" = var.adds_safemodepassword - "addsconfig.ntpserver" = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" + # "addsconfig.ntpserver" = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" - "dhcpconfig.startip" = "10.0.0.50" - "dhcpconfig.endip" = "10.0.0.250" - "dhcpconfig.subnetmask" = "255.255.255.0" - "dhcpconfig.gateway" = "10.0.0.1" - "dhcpconfig.leaseduration" = "01:00:00.00" + # "dhcpconfig.startip" = "10.0.0.50" + # "dhcpconfig.endip" = "10.0.0.250" + # "dhcpconfig.subnetmask" = "255.255.255.0" + # "dhcpconfig.gateway" = "10.0.0.1" + # "dhcpconfig.leaseduration" = "01:00:00.00" } } ``` diff --git a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 index 792ac35..51b2aa6 100644 --- a/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 +++ b/scripts/ADDS/payload/scripts/08.DHCP failover.ps1 @@ -27,7 +27,6 @@ If ($Parameter['deployment.type'] -eq 'secondary') { $NewCimSessionSplat = @{ Credential = New-Object System.Management.Automation.PSCredential( - ###! TODO: Replace this with code to automagically find required accountname (this hardcoded value might not be correct due to GPO's) (Get-ADUser -Filter * \| Where-Object {$_.SID -match '-500'}).SamAccountName, (ConvertTo-SecureString $Parameter['addsconfig.administratorpw'] -AsPlainText -Force) ) diff --git a/scripts/Update-OvfConfiguration.yml b/scripts/Update-OvfConfiguration.yml index 16e9480..b0752b4 100644 --- a/scripts/Update-OvfConfiguration.yml +++ b/scripts/Update-OvfConfiguration.yml @@ -1,13 +1,13 @@ DeploymentConfigurations: - Id: primary - Label: Primary - Description: Initial Domain Controller with 'PDC Emulator'-role (redundant deployment) + Label: Primary (redundant deployment) + Description: Initial Domain Controller with 'PDC Emulator'-role - Id: secondary - Label: Secondary - Description: Additional Domain Controller (redundant deployment) + Label: Secondary (redundant deployment) + Description: Additional Domain Controller - Id: standalone - Label: Stand-alone - Description: Single Domain Controller (non-redundant deployment) + Label: Stand-alone (non-redundant deployment) + Description: Single Domain Controller PropertyCategories: - Name: '' ProductProperties: