Go to file
djpbessems a57c64a04a
All checks were successful
continuous-integration/drone/push Build is passing
Fix plugin version constraint
2021-06-04 22:39:07 +02:00
.assets Update documentation 2021-03-10 14:48:23 +01:00
packer Fix plugin version constraint 2021-06-04 22:39:07 +02:00
scripts Allow multiple OU's for Delegation of Control 2021-05-03 14:18:58 +02:00
.drone.yml Remove redundant feedback 2021-06-04 22:35:56 +02:00
README.md Update documentation 2021-03-10 14:48:23 +01:00

Packer.Images Build Status

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:

The included .ovf file has the following XML contents (simplified for clarity) to facilitate the different DeploymentOptions:

<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>

When provisioning the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible Infrastructure as code tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.

vSphere 'Deploy OVF template...' wizard HashiCorp Terraform vSphere provider
vApp properties
vApp properties
  vapp {
    properties = {
      # "deployment.type             = "primary"
      
      "guestinfo.hostname"         = "DC01"
      "guestinfo.ipaddress"        = "10.0.0.21"
      "guestinfo.prefixlength"     = "24"
      # "guestinfo.dnsserver"        = "0.0.0.0"
      "guestinfo.gateway"          = "10.0.0.1"

      "addsconfig.domainname"      = "contoso.com"
      "addsconfig.netbiosname"     = "CONTOSO"
      "addsconfig.administratorpw" = var.adds_adminpassword
      "addsconfig.safemodepw"      = var.adds_safemodepassword
      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"

      "vault.api"                  = "https://vault.example.org/v1"
      "vault.token"                = var.vault_token
      "vault.pwpolicy"             = "complex"
      "vault.secret"               = "contoso-project42"

      # "dhcpconfig.startip"         = "10.0.0.50"
      # "dhcpconfig.endip"           = "10.0.0.250"
      # "dhcpconfig.subnetmask"      = "255.255.255.0"
      # "dhcpconfig.gateway"         = "10.0.0.1"
      # "dhcpconfig.leaseduration"   = "01:00:00.00"
    }
  }

On first boot, the appliance will start configuring itself without any further user-input, by performing the following steps:

  • Change hostname
  • Configure network
  • Set password for local administrator
  • Promote to Domain Controller
  • Iterate through all payload scripts:
    • Create Active Directory Organizational Units
    • Create Active Directory security groups
    • Create Active Directory user accounts
    • Set up Delegation of Control
    • Configure Active Directory Group Policy Objects with Windows Firewall settings
    • Configure DHCP (scopes, options and Failover relationship)
    • Create DNS records
    • Define Active Directory Group Policy WMI Filters
    • Define and link Active Directory Group Policy Objects and Preferences
    • Set Active Directory Default domain Password policy