#Requires -module @{ModuleName = 'xActiveDirectory';ModuleVersion = ''}
#Requires -module @{ModuleName = 'xStorage'; ModuleVersion = ''}
#Requires -module @{ModuleName = 'xPendingReboot'; ModuleVersion = ''}

Demonstrates a minimally viable domain controller configuration script
compatible with Azure Automation Desired State Configuration service.
 Required variables in Automation service:
  - Credential to use for AD domain admin
  - Credential to use for Safe Mode recovery
Create these credential assets in Azure Automation,
and set their names in lines 11 and 12 of the configuration script.
Required modules in Automation service:
  - xActiveDirectory
  - xStorage
  - xPendingReboot

configuration DomainControllerConfig

Import-DscResource -ModuleName @{ModuleName = 'xActiveDirectory'; ModuleVersion = ''}
Import-DscResource -ModuleName @{ModuleName = 'xStorage'; ModuleVersion = ''}
Import-DscResource -ModuleName @{ModuleName = 'xPendingReboot'; ModuleVersion = ''}
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'

# When using with Azure Automation, modify these values to match your stored credential names
$domainCredential = Get-AutomationPSCredential 'Credential'
$safeModeCredential = Get-AutomationPSCredential 'Credential'

  node localhost
    WindowsFeature ADDSInstall
        Ensure = 'Present'
        Name = 'AD-Domain-Services'
    xWaitforDisk Disk2
        DiskId = 2
        RetryIntervalSec = 10
        RetryCount = 30
    xDisk DiskF
        DiskId = 2
        DriveLetter = 'F'
        DependsOn = '[xWaitforDisk]Disk2'
    xPendingReboot BeforeDC
        Name = 'BeforeDC'
        SkipCcmClientSDK = $true
        DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF'
    # Configure domain values here
    xADDomain Domain
        DomainName = 'contoso.local'
        DomainAdministratorCredential = $domainCredential
        SafemodeAdministratorPassword = $safeModeCredential
        DatabasePath = 'F:\NTDS'
        LogPath = 'F:\NTDS'
        SysvolPath = 'F:\SYSVOL'
        DependsOn = '[WindowsFeature]ADDSInstall','[xDisk]DiskF','[xPendingReboot]BeforeDC'
    Registry DisableRDPNLA
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
        ValueName = 'UserAuthentication'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        DependsOn = '[xADDomain]Domain'