# wait until we can access the AD. this is needed to prevent errors like: # Unable to find a default server with Active Directory Web Services running. while ($true) { try { Get-ADDomain | Out-Null break } catch { Start-Sleep -Seconds 10 } } $adDomain = Get-ADDomain $domain = $adDomain.DNSRoot $domainDn = $adDomain.DistinguishedName $usersAdPath = "CN=Users,$domainDn" $password = ConvertTo-SecureString -AsPlainText 'HeyH0Password' -Force # add the vagrant user to the Enterprise Admins group. # NB this is needed to install the Enterprise Root Certification Authority. Add-ADGroupMember ` -Identity 'Enterprise Admins' ` -Members "CN=vagrant,$usersAdPath" # disable all user accounts, except the ones defined here. $enabledAccounts = @( # NB vagrant only works when this account is enabled. 'vagrant', 'Administrator' ) Get-ADUser -Filter {Enabled -eq $true} ` | Where-Object {$enabledAccounts -notcontains $_.Name} ` | Disable-ADAccount # set the Administrator password. # NB this is also an Domain Administrator account. Set-ADAccountPassword ` -Identity "CN=Administrator,$usersAdPath" ` -Reset ` -NewPassword $password Set-ADUser ` -Identity "CN=Administrator,$usersAdPath" ` -PasswordNeverExpires $true # add John Doe. $name = 'john.doe' New-ADUser ` -Path $usersAdPath ` -Name $name ` -UserPrincipalName "$name@$domain" ` -EmailAddress "$name@$domain" ` -GivenName 'John' ` -Surname 'Doe' ` -DisplayName 'John Doe' ` -AccountPassword $password ` -Enabled $true ` -PasswordNeverExpires $true # we can also set properties. Set-ADUser ` -Identity "CN=$name,$usersAdPath" ` -HomePage "https://$domain/~$name" # add user to the Domain Admins group. Add-ADGroupMember ` -Identity 'Domain Admins' ` -Members "CN=$name,$usersAdPath" # add Jane Doe. $name = 'jane.doe' New-ADUser ` -Path $usersAdPath ` -Name $name ` -UserPrincipalName "$name@$domain" ` -EmailAddress "$name@$domain" ` -GivenName 'Jane' ` -Surname 'Doe' ` -DisplayName 'Jane Doe' ` -AccountPassword $password ` -Enabled $true ` -PasswordNeverExpires $true echo 'john.doe Group Membership' Get-ADPrincipalGroupMembership -Identity 'john.doe' ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000 echo 'jane.doe Group Membership' Get-ADPrincipalGroupMembership -Identity 'jane.doe' ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000 echo 'vagrant Group Membership' Get-ADPrincipalGroupMembership -Identity 'vagrant' ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000 echo 'Enterprise Administrators' Get-ADGroupMember ` -Identity 'Enterprise Admins' ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000 echo 'Domain Administrators' Get-ADGroupMember ` -Identity 'Domain Admins' ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000 echo 'Enabled Domain User Accounts' Get-ADUser -Filter {Enabled -eq $true} ` | Select-Object Name,DistinguishedName,SID ` | Format-Table -AutoSize | Out-String -Width 2000
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#3 | 25623 | Jen Bottom | Have moved the AD stuff in to the 'ldap' directory | ||
#2 | 25621 | Jen Bottom | Integrating sone fixes from dev to main | ||
#1 | 23849 | Jen Bottom |
Integrating an AD setup from dev to main. This is based on a Vagrant setup that is available on GitHub |