Configuring replica Domain controller using Puppet

Posted: November 14, 2018 in puppet, Windows Server

In previous post we created very first domain controller, in this one we’ll add Domain Controller to existing forest

node 'windows.example.com' {
  
 
file {['c:/NTDS']:
      ensure => directory
    }
 
dsc_windowsfeature  {'dns':
            dsc_ensure => 'Present',
            dsc_name => 'DNS',
        }
 
 
dsc_windowsfeature  { 'addsinstall':
            dsc_ensure => 'Present',
            dsc_name => 'AD-Domain-Services',
        }
 
dsc_windowsfeature  {'addstools':
            dsc_ensure => 'Present',
            dsc_name => 'RSAT-ADDS',
        }
 
 
dsc_windowsfeature  {'addnstools':
            dsc_ensure => 'Present',
            dsc_name => 'RSAT-DNS-Server',
        }
 
 
 
dsc_xwaitforaddomain {'DscForestWait':
 
   dsc_domainname => 'ad.contoso.com',
   dsc_domainusercredential=>  {
            'user'  => 'Administrator@ad.contoso.com',
            'password' => Sensitive(lookup('password'))
            },
   dsc_retrycount => 55,
   dsc_retryintervalsec => 10,
   subscribe => Dsc_windowsfeature['addsinstall'],
}
 
dsc_xaddomaincontroller {'ReplicaDC':
 
   dsc_domainname => 'ad.contoso.com',
   dsc_domainadministratorcredential => {
   'user' => 'Administrator@ad.contoso.com',
   'password' => Sensitive(lookup('password'))
   },
   dsc_safemodeadministratorpassword => {
   'user' => 'admin',
   'password' => 'Passw0rd01'
   },
   dsc_databasepath => 'C:\NTDS',
   dsc_logpath => 'C:\NTDS',
   dsc_sysvolpath => 'C:\SYSVOL',
   subscribe => Dsc_xwaitforaddomain['DscForestWait'],
    }
 
 
 
#this applies to AWS/Azure machines only
 
 
exec { 'Check if DNS is set automatically':
  command   => 'Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ResetServerAddresses',
  unless => 'if (!((netsh interface ipv4 show dns | select-string "DNS servers configured through DHCP:") -match "DNS servers configured through DHCP:")) {exit 1}',
  provider  => powershell,
  logoutput => true,
 }
 
 
reboot {'dsc_reboot':
 
 subscribe => Dsc_xaddomaincontroller['ReplicaDC'],
 message => 'DSC has requested a reboot',
 
}

 
}
Comments
  1. Mohak Sharma says:

    Hi,
    I followed your first post to create an Active Directory domain controller. After that, on another VM but on same subnet, I tried your this post’s configuration to add another domain controller to the same domain but I get the following error:

    Error: PowerShell DSC resource MSFT_xWaitForADDomain failed to execute Set-TargetResource functionality with error mess
    age: Domain ‘ad.company.com’ NOT found after 5 attempts.
    Error: /Stage[main]/Main/Node[adm-puppet]/Dsc_xwaitforaddomain[DscForestWait]/ensure: change from ‘absent’ to ‘present’
    failed: PowerShell DSC resource MSFT_xWaitForADDomain failed to execute Set-TargetResource functionality with error mes
    sage: Domain ‘ad.company.com’ NOT found after 5 attempts.

    Any idea what could the problem be or a solution for this?

    Thanks by the way for bringing this post as I could not find it anywhere else.

    Regards,
    Mohak Sharma

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s