Milestone 10 ‐ Domain Provisioning - seabar24/SYS-480 GitHub Wiki
First, I created a CSV List to use for our Domain User's and Groups that we are going to be making. This was done using ChatGPT, and can be found here: NewVegas.csv. It's about 100 Entries.
Next, I created the following Ansible Playbook to read the CSV file, create the the Domain Groups, make randomized passwords for them, create the Domain Users and associate them to their groups and give them their password.
It will also create a new csv file with the generated passwords and vault it with Ansible vault.
I also updated the windows.yaml to reflect host in ad_groups_users.yaml.
Then I ran the playbook with the following command:
ansible-playbook -i inventories/windows.yaml --ask-pass -K ad_groups_users.yaml
The passwords for the new users will be added to the generated_passwords.csv and be encrypted using ansible-vault encrypt.
For viewing the passwords that are randomly generated, you can use the command:
ansible-vault decrypt inventories/generated_passwords.csv
And your generated_passwords.csv will be decrypted!
From here, you can check the new Users and Group by logging in as the Domain Admin and searching for some of the Users and Groups with the following command:
Get-ADUser -Identity <user> -Properties MemberOf
I ran my 480-utils script to create a full clone of my server-2019-core.base VM. I then powered it on and changed the password for Administrator. I then ran the following command to change the IP from 480-utils:
Set-Windows-IP -VM fs-blue1 -eth Ethernet0 -IP 10.0.5.10 -mask 255.255.255.0 -gate4 10.0.5.2 -nameserver 10.0.5.5
I then made changes again to the windows.yaml to add the file_server as one of the child hosts.
I then created the windows-file-server.yaml to create the file service on the server, joins it to the domain, creates a file share between the Users and Groups, and creates a GPO that will map each Groups Drive's to the Group's file share.
It will pull down the mapping-drives.ps1 script to Map Drives to each of the File Shares. This will create the Group Policy Object (GPO) as well as creating a Windows ACL to control the access over each File Share. The GPO creation is assigned to each Group added and their drivers so that they won't be able to interact with each.
Then I ran the ansible playbook with following command:
ansible-playbook -i inventories/windows.yaml --ask-pass -K windows-file-server.yaml
I booted a new Windows 10 Workstation via the server.2019.gui.base BaseVM and using the 480-utils to create a Full Clone.
I updated the windows.yaml again to add the workstation host to the inventories.
I then made windows-workstation-server.yaml that domain joins the Workstation to blue.local
I then ran the playbook with the following command:
ansible-playbook -i inventories/windows.yaml --ask-pass -K windows-workstation-server.yaml
Then you can test to see the File Share via File Explorer for two users in different Groups by logging in as them.
A lot of my troubleshooting was spent on the CSV File correctly reading and adding new Domain Groups and Users, since a lot of the names were atypical to the normal Windows Groups and Users. There was losts issues with the ansible vault not creating the the CSV file with the randomly generated passwords, but those eventually worked themselves out by fixing the CSV.
The second biggest headache was making the script for GPO Policies and Mapping Drives. The DC-Blue1 didn't have Group Policy Feature installed and would cause issues with the script running and not properly create mapped drives for each Group.