Go to file
djpbessems 03f800c623
All checks were successful
continuous-integration/drone/push Build is passing
Provision Vault passwords;Reorder group membership
2021-03-10 10:02:55 +01:00
.assets Housekeeping; Adding to documentation 2021-02-11 16:56:19 +01:00
packer Add upstream feature: extra:Config 2021-01-27 12:32:52 +01:00
scripts Provision Vault passwords;Reorder group membership 2021-03-10 10:02:55 +01:00
.drone.yml Add upstream feature: extra:Config 2021-01-27 12:32:52 +01:00
README.md Housekeeping; Adding to documentation 2021-02-11 16:56:19 +01:00

Packer.Images Build Status

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:

The included .ovf file has the following XML contents (simplified for clarity) to facilitate the different DeploymentOptions:

<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>

When provisioning the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible Infrastructure as code tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.

vSphere 'Deploy OVF template...' wizard HashiCorp Terraform vSphere provider
vApp properties
vApp properties
  vapp {
    properties = {
      # "deployment.typ"             = "primary"
      
      "guestinfo.hostname"         = "DC01"
      "guestinfo.ipaddress"        = "10.0.0.21"
      "guestinfo.prefixlength"     = "24"
      # "guestinfo.dnsserver"        = "0.0.0.0"
      "guestinfo.gateway"          = "10.0.0.1"

      "addsconfig.domainname"      = "contoso.com"
      "addsconfig.netbiosname"     = "CONTOSO"
      "addsconfig.administratorpw" = var.adds_adminpassword
      "addsconfig.safemodepw"      = var.adds_safemodepassword
      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"

      # "dhcpconfig.startip"         = "10.0.0.50"
      # "dhcpconfig.endip"           = "10.0.0.250"
      # "dhcpconfig.subnetmask"      = "255.255.255.0"
      # "dhcpconfig.gateway"         = "10.0.0.1"
      # "dhcpconfig.leaseduration"   = "01:00:00.00"
    }
  }

On first boot, the appliance will start configuring itself without any further user-input, by performing the following steps:

  • Change hostname
  • Configure network
  • Set password for local administrator
  • Promote to Domain Controller
  • Iterate through all payload scripts:
    • Create Active Directory Organizational Units
    • Create Active Directory security groups
    • Create Active Directory user accounts
    • Set up Delegation of Control
    • Configure Active Directory Group Policy Objects with Windows Firewall settings
    • Configure DHCP (scopes, options and Failover relationship)
    • Create DNS records
    • Define Active Directory Group Policy WMI Filters
    • Define and link Active Directory Group Policy Objects and Preferences
    • Set Active Directory Default domain Password policy