Automation of AD/Dc and the client auto connection

2025-10-27 19:35:49 +00:00 · 2025-09-24 12:11:41 +05:30 · 2025-09-24 12:11:41 +05:30 · 3c877b83d8
commit 3c877b83d8
parent e1e1200ea2
7 changed files with 265 additions and 38 deletions
--- a/.env
+++ b/.env
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,9 @@ windows
 windows_2025
 win11x64.iso
 win2025-eval.iso
+windows_11_storage
+windows_2025_storage
+data_folder_win11/error.txt
+data_folder_2025_server/errors.txt
+windows_2025_storage_task1
+windows_11_storage_task1
--- a/README.md
+++ b/README.md
@ -0,0 +1,33 @@
+Before doing the docker compose up always use the command  
+
+1) Create a macvlan network for the containers
+
+Pick a tiny slice of your LAN that you won’t use for normal devices; we’ll use .200–.206.
+
+# stop your current containers first
+docker compose down
+
+# create the macvlan network (parent is your NIC that’s on 192.168.10.0/24)
+# \\ here remember that you have to set the subnet gateway ip-range and the parent with your network configuration 
+docker network create -d macvlan \  
+  --subnet=192.168.10.0/24 \
+  --gateway=192.168.10.1 \
+  --ip-range=192.168.10.200/29 \
+  -o parent=enp6s0 \
+  ad_vlan
+Why: macvlan lets each container appear as its own L2 host on your 192.168.10.0/24.
+
+2) Allow the host to talk to macvlan endpoints (host-access workaround)
+
+macvlan blocks host↔︎container by design. Create a macvlan sub-interface on the host so Arch can reach them:
+
+# create a host-side macvlan interface that shares the same parent
+sudo ip link add adhost link enp6s0 type macvlan mode bridge
+sudo ip addr add 192.168.10.9/24 dev adhost
+sudo ip link set adhost up
+
+# route the small pool via this host-side macvlan interface
+sudo ip route add 192.168.10.200/29 dev adhost
+
+Now your Arch host (192.168.10.10) can reach the macvlan IPs through adhost (192.168.10.9).
+
--- a/backup.ps1
+++ b/backup.ps1
@ -0,0 +1,56 @@
+# scripts/dc_setup.ps1
+
+# TODO: remove to avoid priv errors
+# Start-Transcript -Path "$env:TEMP\transcript.log" -Force
+
+# --- Script Parameters ---
+$DomainName = "ttpl.local"
+$DomainNetbiosName = "TTPL"
+$AdminPassword = "P@raveeen123" # Use a secure method in production
+
+# TODO: features may be already installed, but check if domain is other than WORKGROUP
+# --- Idempotency Check: Exit if already a Domain Controller ---
+# Write-Host "Checking if this server is already a Domain Controller..."
+# if ((Get-WindowsFeature -Name AD-Domain-Services).Installed) {
+#     Write-Host "Active Directory Domain Services are already installed. Exiting script."
+#     exit
+# }
+Write-Host "Server is not a DC. Proceeding with configuration."
+
+# --- 1. Network Configuration ---
+Write-Host "Configuring static IP address..."
+$ipAddress = "192.168.10.20"
+$subnetMask = "255.255.255.0"
+$gateway = "192.168.10.1"
+$dnsServer = "127.0.0.1" # The DC is its own DNS server
+
+# TODO: MSFT doc uses New-NetIPAddress, but it fails if IP already exists fixit
+Get-NetAdapter | ForEach-Object {
+    $_ | New-NetIPAddress -AddressFamily IPv4 -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
+    $_ | Set-DnsClientServerAddress -ServerAddresses $dnsServer
+}
+Write-Host "Static IP configured."
+
+# --- 2. Install Active Directory Domain Services ---
+Write-Host "Installing AD-Domain-Services role..."
+Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
+
+# --- 3. Promote to Domain Controller ---
+Write-Host "Promoting server to a Domain Controller for '$DomainName'..."
+$securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
+
+Install-ADDSForest `
+    -CreateDnsDelegation:$false `
+    -DatabasePath "C:\WINDOWS\NTDS" `
+    -DomainMode "Win2025" ` # Using a more compatible default
+    -DomainName $DomainName `
+    -DomainNetbiosName $DomainNetbiosName `
+    -ForestMode "Win2025" `
+    -InstallDns:$true `
+    -LogPath "C:\WINDOWS\NTDS" `
+    -SysvolPath "C:\WINDOWS\SYSVOL" `
+    -Force:$true `
+    -SafeModeAdministratorPassword $securePassword
+
+# The promotion process will automatically trigger a reboot.
+Write-Host "Configuration complete. The server will restart automatically."
--- a/compose.yml
+++ b/compose.yml
@ -1,32 +1,3 @@
-# services:
-#   windows:
-#     image: dockurr/windows
-#     container_name: windows_11
-#     privileged: true
-#     environment:
-#       VERSION: "11"
-#     devices:
-#       - /dev/kvm
-#       - /dev/net/tun
-#     cap_add:
-#       - NET_ADMIN
-#     ports:
-#       - 192.168.10.10:8006:8006
-#       - 192.168.10.10:3389:3389/tcp
-#       - 192.168.10.10:3389:3389/udp
-#     volumes:
-#       - ./win11x64.iso:/boot.iso
-#       - ./windows:/storage
-#       # - ./src/entry.sh:/run/entry.sh
-#     restart: always
-#     stop_grace_period: 2m
-#     networks:
-#       - ad_network
-
-# networks:
-#   ad_network:
-#     external: true
-
 services:
  windows_2025:
    image: dockurr/windows
@ -35,6 +6,7 @@ services:
    environment:
      VERSION: "2025"
      DHCP: "Y" 
+      # IP: "192.168.10.20"
    devices:
      - /dev/kvm
      - /dev/net/tun
@ -45,13 +17,13 @@ services:
      - NET_ADMIN
    volumes:
      - ./win2025-eval.iso:/boot.iso
-      - ./windows_2025:/storage
-      - ./src/entry.sh:/run/entry.sh
+      - ./windows_2025_storage_task1:/storage
+      - ./data_folder_2025_server:/data
    restart: always
    stop_grace_period: 2m
    networks:
      ad_vlan:
-        ipv4_address: 192.168.10.201 # container IP (Linux side). Windows guest will DHCP a *different* IP.
+        ipv4_address: 192.168.10.201 # Fix AD(Server_2025) server IP for Docker network

  windows_11:
    image: dockurr/windows
@ -60,6 +32,7 @@ services:
    environment:
      VERSION: "11"
      DHCP: "Y"
+      # IP: "192.168.10.21"
    devices:
      - /dev/kvm
      - /dev/net/tun
@ -70,13 +43,14 @@ services:
      - NET_ADMIN
    volumes:
      - ./win11x64.iso:/boot.iso
-      - ./windows:/storage
-      - ./src/entry.sh:/run/entry.sh
-    restart: always
+      - ./windows_11_storage_task1:/storage
+      - ./data_folder_win11:/data
    stop_grace_period: 2m
    networks:
      ad_vlan:
-        ipv4_address: 192.168.10.202 # container IP (Linux side)
+        ipv4_address: 192.168.10.202 # Fix Windows 11 IP for Docker network
+    depends_on:
+      - windows_2025

 networks:
  ad_vlan:
--- a/data_folder_2025_server/dc_setup.ps1
+++ b/data_folder_2025_server/dc_setup.ps1
@ -0,0 +1,85 @@
+# This script is designed to be idempotent. It can be run multiple times without causing errors.
+
+# --- Reliable Logging ---
+# Start-Transcript now logs to the user's temporary folder, which is always writable.
+Start-Transcript -Path "$env:TEMP\transcript.log" -Force
+
+# --- Script Parameters ---
+$DomainName = "ttpl.local"
+$DomainNetbiosName = "TTPL"
+$AdminPassword = "P@raveeen123" # Use a secure method in production
+
+# --- Robust Idempotency Check ---
+# This is a much better check. It tries to get the AD Domain information.
+# If it succeeds AND the domain name matches our target, we know the script is already done.
+try {
+    if ((Get-ADDomain).DNSRoot -eq $DomainName) {
+        Write-Host "This server is already a Domain Controller for the '$DomainName' domain. No action needed. Exiting."
+        exit
+    }
+}
+catch {
+    Write-Host "This server is not yet a Domain Controller . Proceeding with configuration."
+}
+
+# --- 1. Idempotent Network Configuration ---
+Write-Host "Configuring static IP address..."
+$ipAddress = "192.168.10.220"
+$gateway = "192.168.10.1"
+$dnsServer = "127.0.0.1" # The DC is its own DNS server
+
+# This logic is now safe to re-run. It finds the primary network adapter.
+$adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1
+
+if ($adapter) {
+    Write-Host "Found active network adapter: $($adapter.Name)"
+    
+    # First, set the DNS. This is always safe to do.
+    Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
+    
+    # Check if the correct IP is already set. If not, configure it.
+    $currentIP = Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Where-Object { $_.IPAddress -eq $ipAddress }
+    
+    # if (-not $currentIP) { //alwa
+    Write-Host "IP address not set correctly. Configuring static IP..."
+    # Remove any other IPv4 addresses to prevent conflicts
+    Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Remove-NetIPAddress -Confirm:$false
+    
+    # Set the new IP address
+    New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
+    Write-Host "Static IP configured."
+    # } else {
+    #     Write-Host "IP address is already correctly set to $ipAddress."
+    # }
+}
+else {
+    Write-Error "Could not find an active network adapter."
+    exit
+}
+
+# --- 2. Install Active Directory Domain Services (if needed) ---
+if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
+    Write-Host "Installing AD-Domain-Services role..."
+    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
+} else {
+    Write-Host "AD-Domain-Services role is already installed."
+}
+
+# --- 3. Promote to Domain Controller ---
+Write-Host "Promoting server to a Domain Controller for '$DomainName'..."
+$securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
+
+Install-ADDSForest `
+    -CreateDnsDelegation:$false `
+    -DatabasePath "C:\WINDOWS\NTDS" `
+    -DomainMode "Win2025" `
+    -DomainName $DomainName `
+    -DomainNetbiosName $DomainNetbiosName `
+    -ForestMode "Win2025" `
+    -InstallDns:$true `
+    -LogPath "C:\WINDOWS\NTDS" `
+    -SysvolPath "C:\WINDOWS\SYSVOL" `
+    -Force:$true `
+    -SafeModeAdministratorPassword $securePassword
+
+Write-Host "Configuration complete. The server will restart automatically."
--- a/data_folder_win11/client_setup.ps1
+++ b/data_folder_win11/client_setup.ps1
@ -0,0 +1,73 @@
+# This script is designed to be idempotent and robust.
+
+# --- Script Parameters ---
+# CRITICAL: Make sure these values are correct!
+$DomainName = "ttpl.local"
+$DC_IP = "192.168.10.220"  # IMPORTANT: Use the NEW IP address of your DC
+$AdminUser = "administrator"
+$AdminPassword = "admin" # CRITICAL: This MUST match the password used to create the domain
+
+# --- Idempotency Check ---
+Write-Host "Checking if this PC is already joined to the domain..."
+if ((Get-ComputerInfo).Domain -eq $DomainName) {
+    Write-Host "This PC is already a member of the '$DomainName' domain. Exiting script."
+    exit
+}
+Write-Host "PC is not domain-joined. Proceeding..."
+
+# --- 1. Wait for Domain Controller ---
+Write-Host "Waiting for the Domain Controller at $DC_IP to come online..."
+while (-not (Test-NetConnection -ComputerName $DC_IP -Port 389 -InformationLevel "Quiet")) {
+    Write-Host "DC is not reachable yet. Retrying in 10 seconds..."
+    Start-Sleep -Seconds 10
+}
+Write-Host "Domain Controller is online!"
+
+# --- 2. Robust Network Configuration ---
+Write-Host "Configuring static IP and DNS..."
+$ipAddress = "192.168.10.219" # A free IP for this client
+$gateway = "192.168.10.1"
+$dnsServer = $DC_IP # DNS MUST point to the Domain Controller
+
+# Find the primary active network adapter
+$adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1
+
+if ($adapter) {
+    Write-Host "Found active network adapter: $($adapter.Name)"
+    
+    # THE NEW FIX: This logic uses 'Set-' cmdlets to modify the existing configuration.
+    # It avoids the '...already exists' error by not trying to create a new configuration.
+    
+    # First, get the existing IP configuration object.
+    $ipconfig = Get-NetIPConfiguration -InterfaceIndex $adapter.InterfaceIndex | Where-Object { $_.IPv4Address } | Select-Object -First 1
+    
+    if ($ipconfig) {
+        Write-Host "Modifying existing IP configuration..."
+        # Use Set-NetIPAddress to change the IP and Gateway on the existing configuration
+        Set-NetIPAddress -InputObject $ipconfig -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
+        # Use Set-DnsClientServerAddress to set the DNS
+        Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
+    }
+    else {
+        # Fallback for a completely unconfigured adapter (unlikely in this case, but safe)
+        Write-Host "No existing IP configuration found. Creating a new one..."
+        New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
+        Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
+    }
+    
+    Write-Host "Static IP and DNS configured."
+    Start-Sleep -Seconds 15 # Give network settings a moment to apply
+}
+else {
+    Write-Error "Could not find an active network adapter."
+    exit
+}
+
+# --- 3. Join the Domain ---
+Write-Host "Joining the domain '$DomainName'..."
+$username = "$DomainName\$AdminUser"
+$credential = New-Object System.Management.Automation.PSCredential($username, (ConvertTo-SecureString $AdminPassword -AsPlainText -Force))
+
+Add-Computer -DomainName $DomainName -Credential $credential -Restart -Force
+Write-Host "Domain join complete. The computer will restart automatically."
+