Automation of AD/Dc and the client auto connection

2025-10-27 19:35:49 +00:00 · 2025-09-24 12:11:41 +05:30 · 2025-09-24 12:11:41 +05:30 · 3c877b83d8
commit 3c877b83d8
parent e1e1200ea2
7 changed files with 265 additions and 38 deletions
--- a/.env
+++ b/.env
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,9 @@ windows
 windows_2025
 win11x64.iso
 win2025-eval.iso
 windows_11_storage
 windows_2025_storage
 data_folder_win11/error.txt
 data_folder_2025_server/errors.txt
 windows_2025_storage_task1
 windows_11_storage_task1
--- a/README.md
+++ b/README.md
@ -0,0 +1,33 @@
 Before doing the docker compose up always use the command  
 1) Create a macvlan network for the containers
 Pick a tiny slice of your LAN that you won’t use for normal devices; we’ll use .200–.206.
 # stop your current containers first
 docker compose down
 # create the macvlan network (parent is your NIC that’s on 192.168.10.0/24)
 # \\ here remember that you have to set the subnet gateway ip-range and the parent with your network configuration 
 docker network create -d macvlan \  
  --subnet=192.168.10.0/24 \
  --gateway=192.168.10.1 \
  --ip-range=192.168.10.200/29 \
  -o parent=enp6s0 \
  ad_vlan
 Why: macvlan lets each container appear as its own L2 host on your 192.168.10.0/24.
 2) Allow the host to talk to macvlan endpoints (host-access workaround)
 macvlan blocks host↔︎container by design. Create a macvlan sub-interface on the host so Arch can reach them:
 # create a host-side macvlan interface that shares the same parent
 sudo ip link add adhost link enp6s0 type macvlan mode bridge
 sudo ip addr add 192.168.10.9/24 dev adhost
 sudo ip link set adhost up
 # route the small pool via this host-side macvlan interface
 sudo ip route add 192.168.10.200/29 dev adhost
 Now your Arch host (192.168.10.10) can reach the macvlan IPs through adhost (192.168.10.9).
--- a/backup.ps1
+++ b/backup.ps1
@ -0,0 +1,56 @@
 # scripts/dc_setup.ps1
 # TODO: remove to avoid priv errors
 # Start-Transcript -Path "$env:TEMP\transcript.log" -Force
 # --- Script Parameters ---
 $DomainName = "ttpl.local"
 $DomainNetbiosName = "TTPL"
 $AdminPassword = "P@raveeen123" # Use a secure method in production
 # TODO: features may be already installed, but check if domain is other than WORKGROUP
 # --- Idempotency Check: Exit if already a Domain Controller ---
 # Write-Host "Checking if this server is already a Domain Controller..."
 # if ((Get-WindowsFeature -Name AD-Domain-Services).Installed) {
 #     Write-Host "Active Directory Domain Services are already installed. Exiting script."
 #     exit
 # }
 Write-Host "Server is not a DC. Proceeding with configuration."
 # --- 1. Network Configuration ---
 Write-Host "Configuring static IP address..."
 $ipAddress = "192.168.10.20"
 $subnetMask = "255.255.255.0"
 $gateway = "192.168.10.1"
 $dnsServer = "127.0.0.1" # The DC is its own DNS server
 # TODO: MSFT doc uses New-NetIPAddress, but it fails if IP already exists fixit
 Get-NetAdapter | ForEach-Object {
    $_ | New-NetIPAddress -AddressFamily IPv4 -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
    $_ | Set-DnsClientServerAddress -ServerAddresses $dnsServer
 }
 Write-Host "Static IP configured."
 # --- 2. Install Active Directory Domain Services ---
 Write-Host "Installing AD-Domain-Services role..."
 Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
 # --- 3. Promote to Domain Controller ---
 Write-Host "Promoting server to a Domain Controller for '$DomainName'..."
 $securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
 Install-ADDSForest `
    -CreateDnsDelegation:$false `
    -DatabasePath "C:\WINDOWS\NTDS" `
    -DomainMode "Win2025" ` # Using a more compatible default
    -DomainName $DomainName `
    -DomainNetbiosName $DomainNetbiosName `
    -ForestMode "Win2025" `
    -InstallDns:$true `
    -LogPath "C:\WINDOWS\NTDS" `
    -SysvolPath "C:\WINDOWS\SYSVOL" `
    -Force:$true `
    -SafeModeAdministratorPassword $securePassword
 # The promotion process will automatically trigger a reboot.
 Write-Host "Configuration complete. The server will restart automatically."
--- a/compose.yml
+++ b/compose.yml
@ -1,32 +1,3 @@
 # services:
 #   windows:
 #     image: dockurr/windows
 #     container_name: windows_11
 #     privileged: true
 #     environment:
 #       VERSION: "11"
 #     devices:
 #       - /dev/kvm
 #       - /dev/net/tun
 #     cap_add:
 #       - NET_ADMIN
 #     ports:
 #       - 192.168.10.10:8006:8006
 #       - 192.168.10.10:3389:3389/tcp
 #       - 192.168.10.10:3389:3389/udp
 #     volumes:
 #       - ./win11x64.iso:/boot.iso
 #       - ./windows:/storage
 #       # - ./src/entry.sh:/run/entry.sh
 #     restart: always
 #     stop_grace_period: 2m
 #     networks:
 #       - ad_network
 # networks:
 #   ad_network:
 #     external: true
 services:
  windows_2025:
    image: dockurr/windows
@ -35,6 +6,7 @@ services:
    environment:
      VERSION: "2025"
      DHCP: "Y" 
      # IP: "192.168.10.20"
    devices:
      - /dev/kvm
      - /dev/net/tun
@ -45,13 +17,13 @@ services:
      - NET_ADMIN
    volumes:
      - ./win2025-eval.iso:/boot.iso
-      - ./windows_2025:/storage
+      - ./windows_2025_storage_task1:/storage
-      - ./src/entry.sh:/run/entry.sh
+      - ./data_folder_2025_server:/data
    restart: always
    stop_grace_period: 2m
    networks:
      ad_vlan:
-        ipv4_address: 192.168.10.201 # container IP (Linux side). Windows guest will DHCP a *different* IP.
+        ipv4_address: 192.168.10.201 # Fix AD(Server_2025) server IP for Docker network
  windows_11:
    image: dockurr/windows
@ -60,6 +32,7 @@ services:
    environment:
      VERSION: "11"
      DHCP: "Y"
      # IP: "192.168.10.21"
    devices:
      - /dev/kvm
      - /dev/net/tun
@ -70,13 +43,14 @@ services:
      - NET_ADMIN
    volumes:
      - ./win11x64.iso:/boot.iso
-      - ./windows:/storage
+      - ./windows_11_storage_task1:/storage
-      - ./src/entry.sh:/run/entry.sh
+      - ./data_folder_win11:/data
    restart: always
    stop_grace_period: 2m
    networks:
      ad_vlan:
-        ipv4_address: 192.168.10.202 # container IP (Linux side)
+        ipv4_address: 192.168.10.202 # Fix Windows 11 IP for Docker network
    depends_on:
      - windows_2025
 networks:
  ad_vlan:
--- a/data_folder_2025_server/dc_setup.ps1
+++ b/data_folder_2025_server/dc_setup.ps1
@ -0,0 +1,85 @@
 # This script is designed to be idempotent. It can be run multiple times without causing errors.
 # --- Reliable Logging ---
 # Start-Transcript now logs to the user's temporary folder, which is always writable.
 Start-Transcript -Path "$env:TEMP\transcript.log" -Force
 # --- Script Parameters ---
 $DomainName = "ttpl.local"
 $DomainNetbiosName = "TTPL"
 $AdminPassword = "P@raveeen123" # Use a secure method in production
 # --- Robust Idempotency Check ---
 # This is a much better check. It tries to get the AD Domain information.
 # If it succeeds AND the domain name matches our target, we know the script is already done.
 try {
    if ((Get-ADDomain).DNSRoot -eq $DomainName) {
        Write-Host "This server is already a Domain Controller for the '$DomainName' domain. No action needed. Exiting."
        exit
    }
 }
 catch {
    Write-Host "This server is not yet a Domain Controller . Proceeding with configuration."
 }
 # --- 1. Idempotent Network Configuration ---
 Write-Host "Configuring static IP address..."
 $ipAddress = "192.168.10.220"
 $gateway = "192.168.10.1"
 $dnsServer = "127.0.0.1" # The DC is its own DNS server
 # This logic is now safe to re-run. It finds the primary network adapter.
 $adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1
 if ($adapter) {
    Write-Host "Found active network adapter: $($adapter.Name)"
    # First, set the DNS. This is always safe to do.
    Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
    # Check if the correct IP is already set. If not, configure it.
    $currentIP = Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Where-Object { $_.IPAddress -eq $ipAddress }
    # if (-not $currentIP) { //alwa
    Write-Host "IP address not set correctly. Configuring static IP..."
    # Remove any other IPv4 addresses to prevent conflicts
    Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Remove-NetIPAddress -Confirm:$false
    # Set the new IP address
    New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
    Write-Host "Static IP configured."
    # } else {
    #     Write-Host "IP address is already correctly set to $ipAddress."
    # }
 }
 else {
    Write-Error "Could not find an active network adapter."
    exit
 }
 # --- 2. Install Active Directory Domain Services (if needed) ---
 if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
    Write-Host "Installing AD-Domain-Services role..."
    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
 } else {
    Write-Host "AD-Domain-Services role is already installed."
 }
 # --- 3. Promote to Domain Controller ---
 Write-Host "Promoting server to a Domain Controller for '$DomainName'..."
 $securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
 Install-ADDSForest `
    -CreateDnsDelegation:$false `
    -DatabasePath "C:\WINDOWS\NTDS" `
    -DomainMode "Win2025" `
    -DomainName $DomainName `
    -DomainNetbiosName $DomainNetbiosName `
    -ForestMode "Win2025" `
    -InstallDns:$true `
    -LogPath "C:\WINDOWS\NTDS" `
    -SysvolPath "C:\WINDOWS\SYSVOL" `
    -Force:$true `
    -SafeModeAdministratorPassword $securePassword
 Write-Host "Configuration complete. The server will restart automatically."
--- a/data_folder_win11/client_setup.ps1
+++ b/data_folder_win11/client_setup.ps1
@ -0,0 +1,73 @@
 # This script is designed to be idempotent and robust.
 # --- Script Parameters ---
 # CRITICAL: Make sure these values are correct!
 $DomainName = "ttpl.local"
 $DC_IP = "192.168.10.220"  # IMPORTANT: Use the NEW IP address of your DC
 $AdminUser = "administrator"
 $AdminPassword = "admin" # CRITICAL: This MUST match the password used to create the domain
 # --- Idempotency Check ---
 Write-Host "Checking if this PC is already joined to the domain..."
 if ((Get-ComputerInfo).Domain -eq $DomainName) {
    Write-Host "This PC is already a member of the '$DomainName' domain. Exiting script."
    exit
 }
 Write-Host "PC is not domain-joined. Proceeding..."
 # --- 1. Wait for Domain Controller ---
 Write-Host "Waiting for the Domain Controller at $DC_IP to come online..."
 while (-not (Test-NetConnection -ComputerName $DC_IP -Port 389 -InformationLevel "Quiet")) {
    Write-Host "DC is not reachable yet. Retrying in 10 seconds..."
    Start-Sleep -Seconds 10
 }
 Write-Host "Domain Controller is online!"
 # --- 2. Robust Network Configuration ---
 Write-Host "Configuring static IP and DNS..."
 $ipAddress = "192.168.10.219" # A free IP for this client
 $gateway = "192.168.10.1"
 $dnsServer = $DC_IP # DNS MUST point to the Domain Controller
 # Find the primary active network adapter
 $adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1
 if ($adapter) {
    Write-Host "Found active network adapter: $($adapter.Name)"
    # THE NEW FIX: This logic uses 'Set-' cmdlets to modify the existing configuration.
    # It avoids the '...already exists' error by not trying to create a new configuration.
    # First, get the existing IP configuration object.
    $ipconfig = Get-NetIPConfiguration -InterfaceIndex $adapter.InterfaceIndex | Where-Object { $_.IPv4Address } | Select-Object -First 1
    if ($ipconfig) {
        Write-Host "Modifying existing IP configuration..."
        # Use Set-NetIPAddress to change the IP and Gateway on the existing configuration
        Set-NetIPAddress -InputObject $ipconfig -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
        # Use Set-DnsClientServerAddress to set the DNS
        Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
    }
    else {
        # Fallback for a completely unconfigured adapter (unlikely in this case, but safe)
        Write-Host "No existing IP configuration found. Creating a new one..."
        New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
        Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
    }
    Write-Host "Static IP and DNS configured."
    Start-Sleep -Seconds 15 # Give network settings a moment to apply
 }
 else {
    Write-Error "Could not find an active network adapter."
    exit
 }
 # --- 3. Join the Domain ---
 Write-Host "Joining the domain '$DomainName'..."
 $username = "$DomainName\$AdminUser"
 $credential = New-Object System.Management.Automation.PSCredential($username, (ConvertTo-SecureString $AdminPassword -AsPlainText -Force))
 Add-Computer -DomainName $DomainName -Credential $credential -Restart -Force
 Write-Host "Domain join complete. The computer will restart automatically."