Milestone 9: Blue1.local - zacharylongo/Tech-Journals GitHub Wiki
Milestone 9: Blue1.local
Primary Goal:
-
The Primary goal of this milestone is to use 480-utils to create a new linked clone of our Windows Sever 2k19 box to act as the domain controller for the Blue1.local network
-
The next goal is to create an ansible playbook to set up dc-blue1 by settings passswords, hostname, creating a new forest/domain and creating OU structure.
Foreword:
- At the current moment, I am still dealing with issues regarding the configuration of Ansible. With this in mind, most of this work was completed manually as opposed to using Ansible as I cannot get it to function. The provided playbooks and modules should function as intended.
9.1: Server Core Linked Clone
- To start off, I created the new function for my 480.utils using Invoke-VMScript
function Set480WinIPConfig()
{
# Prompt the user to choose a VM to configure
$vmName = Read-Host "Enter the name of the virtual machine you want to configure for static IP"
# Prompt the user for authentication credentials
$username = Read-Host "Enter your username for the VM"
$password = Read-Host "Enter your password for the VM" -AsSecureString
# Prompt the user to specify the network adapter, IP address, subnet mask, gateway, and DNS server
$adapterName = Read-Host "Enter the name of the network adapter"
$ipAddress = Read-Host "Enter the desired IP address"
$subnetMask = Read-Host "Enter the subnet mask"
$gateway = Read-Host "Enter the gateway address"
$dnsServer = Read-Host "Enter the DNS server address"
# Construct a script block containing the commands to set the IP configuration
$scriptBlock = @"
netsh interface ip set address name='$adapterName' static $ipAddress $subnetMask $gateway
netsh interface ip add dns name='$adapterName' addr=$dnsServer index=1
"@
# Execute the script block on the specified VM using Invoke-VMScript
Invoke-VMScript -VM $vmName -GuestCredential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password) -ScriptText $scriptBlock
}
- My next step would be to create a linked clone using the clone function in my 480Utils. Before this, I would make sure to shutdown my AD-Zach box and take a new snapshot titled "before linked clone"
- We can verify it's applied in the "Edit Settings" tab in Vsphere:
Host settings:
I would then run my IP function to set the appropriate host settings:
- IP: 10.0.5.5
- Subnet Mask: 255.255.255.0
- Default gateway 10.0.5.2
- DNS Server 127.0.0.1
As the snapshot I was using had the previous domain configured, I used the following powershell to demote, remove the feature, reinstall it, and then create the new forest (blue1.local) and the OU structure. Before running the script, I made sure to empty out the DNS registry by going to the DNS management console, going to the original DNS zone and deleting all entries.
- Now the box can't ping the old domain...
- I then used the following powershell script to accomplish the tasks said earlier: (Demote & Remove AD services)
# Demote the Cloned Domain Controller
Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartitions -Force
# Cleanup AD Configuration
Remove-WindowsFeature AD-Domain-Services
- To finish the goals described in the lab (IE: Create a new forest / OU structure) I then used the following powershell script:
# Set hostname
$NewHostname = "BLUEDC1"
Rename-Computer -NewName $NewHostname -Force
# Create new forest/domain
$DomainName = "blue1.local"
$SafeModeAdministratorPassword = ConvertTo-SecureString -String "N@ssw0rd" -AsPlainText -Force
Install-ADDSForest -DomainName $DomainName -SafeModeAdministratorPassword $SafeModeAdministratorPassword -Force:$true -Confirm:$false
# Create OU structure
$OUPath = "OU=Departments,DC=blue1,DC=local"
New-ADOrganizationalUnit -Name "blueusers" -Path $OUPath
# Reboot the system
Restart-Computer -Force
Ansible Code
- Despite not having a working Ansible Install, I made the following playbooks for utilization in an environment that does have working Ansible.