# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADDS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:  

The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:  
```xml
<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>
```

When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.  

<table>
<tr>
<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
</tr>
<tr>
<td><img src=".assets/vAppConfigurations-ADDS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADDS-example.png" alt="vApp properties" width="400" /></td>
<td>

```hcl
  vapp {
    properties = {
      # "deployment.type             = "primary"
      
      "guestinfo.hostname"         = "DC01"
      "guestinfo.ipaddress"        = "10.0.0.21"
      "guestinfo.prefixlength"     = "24"
      # "guestinfo.dnsserver"        = "0.0.0.0"
      "guestinfo.gateway"          = "10.0.0.1"

      "addsconfig.domainname"      = "contoso.com"
      "addsconfig.netbiosname"     = "CONTOSO"
      "addsconfig.administratorpw" = var.adds_adminpassword
      "addsconfig.safemodepw"      = var.adds_safemodepassword
      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"

      "vault.api"                  = "https://vault.example.org/v1"
      "vault.token"                = var.vault_token
      "vault.pwpolicy"             = "complex"
      "vault.secret"               = "contoso-project42"

      # "dhcpconfig.startip"         = "10.0.0.50"
      # "dhcpconfig.endip"           = "10.0.0.250"
      # "dhcpconfig.subnetmask"      = "255.255.255.0"
      # "dhcpconfig.gateway"         = "10.0.0.1"
      # "dhcpconfig.leaseduration"   = "01:00:00.00"
    }
  }
```

</td>
</tr>
</table>

On first boot, the appliance will start **configuring** itself without any further user-input, by performing the following steps:  
- Change hostname
- Configure network
- Set password for local administrator
- Promote to Domain Controller
- Iterate through all payload scripts:
  - Create Active Directory Organizational Units
  - Create Active Directory security groups
  - Create Active Directory user accounts
  - Set up Delegation of Control
  - Configure Active Directory Group Policy Objects with Windows Firewall settings
  - Configure DHCP (scopes, options and Failover relationship)
  - Create DNS records
  - Define Active Directory Group Policy WMI Filters
  - Define and link Active Directory Group Policy Objects and Preferences
  - Set Active Directory Default domain Password policy