You want to automate the deployment of your active directory controller? Then you should read this post. In the last posts I already have written a guide how to deploy virtual machines and even create the templates for these.
in this article I will show up a guide how to install active directory services on a Windows server and set up DNS to create our first domain controller. You can use this guide on any platform, for example Nutanix AHV, VMware vsphere or Hyper-V, Microsoft Azure, Amazon AWS or Google Cloud Platform.
The article is structured like all my previous ones, so you can find step by step instructions here, or you can also directly download the script from my Github and try it out.
It would make sense for you to look at the automation for creating the virtual machines, since you can just run the scripts one after the other. This way you get a completely ready environment.The requirement for this article and the script is that you have provided servers. You can use only Server 2012, 2016 or also 2019.
Also Part of this series:
- Setup Ansible on a seperate Server
- Setup Ansible on Windows Subsystem for Linux
- 01 – Automate your VMware vSphere templates with Packer
- 02 – Automate VM creation on VMware vSphere
- 03 – Automated setup of Microsoft Active Directory
Why automating your active directory deployment?
Well, in a production environment it is probably not very often that Active Directory is completely rebuilt. However, since we also use the scripts for our demo environments or test environments, it makes sense here. Of course you can also use single parts of the scripts.
The big advantage of my deployment scripts is that you can use them on any environment. So it doesn’t matter if the server is running locally, virtually or in the cloud at Azure, AWS or GCP.
Get the Scripts and Roles from Github
You can clone all you need from: https://github.com/thomaspreischl/deploy-active-directory
Set up Microsoft Active Directory automated
In the first step, I’ll go over how we install the required roles and features for Microsoft Active Directory Services. We will also install the management tools on the server as well. I will now go through each step of the role that can be run with Ensemble. You can find more details in the following article. There you will also learn more about why the playbooks for Ansible are structured this way.
Install Roles and Features for MS Active Directory Services
Here you can see, the first part of my role:
#Install all Services needed to setup Microsoft Active Directory Services
- name: Install AD Services
win_feature:
name: AD-Domain-Services
include_management_tools: yes
include_sub_features: yes
state: present
register: result
If the Roles and Features are installed, we can set up the Active Directory.
Set up your AD Domain
Now we can set up the AD Domain and reboot our new Active Directory Controller. If the Active Directory Domain is configured, we make a reboot and wait for the system to come up. Then we gather all information from the Server.
#Set up AD Domain
- name: Configure AD Services
win_domain:
dns_domain_name: "{{domain_name}}"
safe_mode_password: "{{ ad_recovery_password }}"
register: ad
#Reboot System
- name: reboot server
win_reboot:
msg: "Installing AD. Rebooting..."
pre_reboot_delay: 15
post_reboot_delay: 300
when: ad.changed
#Wait for System to come up
- name: Wait on connect
wait_for_connection:
delay: 60
timeout: 1800
- name: Gather facts for the first time
setup:
After that, we want also to create a Central Group Policy Store for our Active Directory.
Create and fill the Central Group Policy Store
To complete our deployment, we want to create a central store for the group policies. That is much easier to administrate the admx files from more than one domain controler.
#Create and fill the Central Group Policy Store
- name: Copy PolicyDefinitions Folder
win_copy:
src: C:\Windows\PolicyDefinitions\
dest: C:\Windows\SYSVOL\sysvol\{{ domain_name }}\Policies\PolicyDefinitions\
remote_src: yes
Thats it! Now let´s take a look at your new Active Directory controler 🙂
Let’s check the result
You will see after you logon to your new domain controler, there are all management tools available. You can now go to yo dieur Active Directory console.
Here you can see the Domain is prepaired and ready to take up your users, groups and what ever you need.
I hope this post helps you. I would be happy about a comment from you. You can also share the article via social media.