Go to file
djpbessems 632caa89ef
Some checks failed
continuous-integration/drone/push Build is failing
Switch yamllint configuration to 'relaxed'
2021-04-09 11:03:40 +02:00
.assets Update documentation 2021-03-10 14:48:23 +01:00
packer Update hypervisor FQDN 2021-03-24 15:25:16 +01:00
scripts Separate firewall configuration between linked OUs 2021-04-08 17:13:24 +02:00
.drone.yml Switch yamllint configuration to 'relaxed' 2021-04-09 11:03:40 +02:00
README.md Update documentation 2021-03-10 14:48:23 +01:00

Packer.Images Build Status

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:

The included .ovf file has the following XML contents (simplified for clarity) to facilitate the different DeploymentOptions:

<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>

When provisioning the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible Infrastructure as code tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.

vSphere 'Deploy OVF template...' wizard HashiCorp Terraform vSphere provider
vApp properties
vApp properties
  vapp {
    properties = {
      # "deployment.type             = "primary"
      
      "guestinfo.hostname"         = "DC01"
      "guestinfo.ipaddress"        = "10.0.0.21"
      "guestinfo.prefixlength"     = "24"
      # "guestinfo.dnsserver"        = "0.0.0.0"
      "guestinfo.gateway"          = "10.0.0.1"

      "addsconfig.domainname"      = "contoso.com"
      "addsconfig.netbiosname"     = "CONTOSO"
      "addsconfig.administratorpw" = var.adds_adminpassword
      "addsconfig.safemodepw"      = var.adds_safemodepassword
      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"

      "vault.api"                  = "https://vault.example.org/v1"
      "vault.token"                = var.vault_token
      "vault.pwpolicy"             = "complex"
      "vault.secret"               = "contoso-project42"

      # "dhcpconfig.startip"         = "10.0.0.50"
      # "dhcpconfig.endip"           = "10.0.0.250"
      # "dhcpconfig.subnetmask"      = "255.255.255.0"
      # "dhcpconfig.gateway"         = "10.0.0.1"
      # "dhcpconfig.leaseduration"   = "01:00:00.00"
    }
  }

On first boot, the appliance will start configuring itself without any further user-input, by performing the following steps:

  • Change hostname
  • Configure network
  • Set password for local administrator
  • Promote to Domain Controller
  • Iterate through all payload scripts:
    • Create Active Directory Organizational Units
    • Create Active Directory security groups
    • Create Active Directory user accounts
    • Set up Delegation of Control
    • Configure Active Directory Group Policy Objects with Windows Firewall settings
    • Configure DHCP (scopes, options and Failover relationship)
    • Create DNS records
    • Define Active Directory Group Policy WMI Filters
    • Define and link Active Directory Group Policy Objects and Preferences
    • Set Active Directory Default domain Password policy