mirror of
https://github.com/dockur/windows.git
synced 2025-10-27 19:35:49 +00:00
85 lines
No EOL
3.3 KiB
PowerShell
85 lines
No EOL
3.3 KiB
PowerShell
# This script is designed to be idempotent. It can be run multiple times without causing errors.
|
|
|
|
# --- Reliable Logging ---
|
|
# Start-Transcript now logs to the user's temporary folder, which is always writable.
|
|
Start-Transcript -Path "$env:TEMP\transcript.log" -Force
|
|
|
|
# --- Script Parameters ---
|
|
$DomainName = "ttpl.local"
|
|
$DomainNetbiosName = "TTPL"
|
|
$AdminPassword = "P@raveeen123" # Use a secure method in production
|
|
|
|
# --- Robust Idempotency Check ---
|
|
# This is a much better check. It tries to get the AD Domain information.
|
|
# If it succeeds AND the domain name matches our target, we know the script is already done.
|
|
try {
|
|
if ((Get-ADDomain).DNSRoot -eq $DomainName) {
|
|
Write-Host "This server is already a Domain Controller for the '$DomainName' domain. No action needed. Exiting."
|
|
exit
|
|
}
|
|
}
|
|
catch {
|
|
Write-Host "This server is not yet a Domain Controller . Proceeding with configuration."
|
|
}
|
|
|
|
# --- 1. Idempotent Network Configuration ---
|
|
Write-Host "Configuring static IP address..."
|
|
$ipAddress = "192.168.10.220"
|
|
$gateway = "192.168.10.1"
|
|
$dnsServer = "127.0.0.1" # The DC is its own DNS server
|
|
|
|
# This logic is now safe to re-run. It finds the primary network adapter.
|
|
$adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1
|
|
|
|
if ($adapter) {
|
|
Write-Host "Found active network adapter: $($adapter.Name)"
|
|
|
|
# First, set the DNS. This is always safe to do.
|
|
Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer
|
|
|
|
# Check if the correct IP is already set. If not, configure it.
|
|
$currentIP = Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Where-Object { $_.IPAddress -eq $ipAddress }
|
|
|
|
# if (-not $currentIP) { //alwa
|
|
Write-Host "IP address not set correctly. Configuring static IP..."
|
|
# Remove any other IPv4 addresses to prevent conflicts
|
|
Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Remove-NetIPAddress -Confirm:$false
|
|
|
|
# Set the new IP address
|
|
New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway
|
|
Write-Host "Static IP configured."
|
|
# } else {
|
|
# Write-Host "IP address is already correctly set to $ipAddress."
|
|
# }
|
|
}
|
|
else {
|
|
Write-Error "Could not find an active network adapter."
|
|
exit
|
|
}
|
|
|
|
# --- 2. Install Active Directory Domain Services (if needed) ---
|
|
if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
|
|
Write-Host "Installing AD-Domain-Services role..."
|
|
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
|
|
} else {
|
|
Write-Host "AD-Domain-Services role is already installed."
|
|
}
|
|
|
|
# --- 3. Promote to Domain Controller ---
|
|
Write-Host "Promoting server to a Domain Controller for '$DomainName'..."
|
|
$securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
|
|
|
|
Install-ADDSForest `
|
|
-CreateDnsDelegation:$false `
|
|
-DatabasePath "C:\WINDOWS\NTDS" `
|
|
-DomainMode "Win2025" `
|
|
-DomainName $DomainName `
|
|
-DomainNetbiosName $DomainNetbiosName `
|
|
-ForestMode "Win2025" `
|
|
-InstallDns:$true `
|
|
-LogPath "C:\WINDOWS\NTDS" `
|
|
-SysvolPath "C:\WINDOWS\SYSVOL" `
|
|
-Force:$true `
|
|
-SafeModeAdministratorPassword $securePassword
|
|
|
|
Write-Host "Configuration complete. The server will restart automatically." |