en-us/about_AutomatedLab_activedirectory.help.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
TOPIC
    about_automatedlab_activedirectory
 
SHORT DESCRIPTION
    Generic help about the Role 'activedirectory' in AutomatedLab
 
LONG DESCRIPTION
Active Directory
    For Active Directory AutomatedLab provides three roles: RootDC, FirstChildDC
    and DC. AL knows about standard parameters for all roles but allows a fair
    amount of customization. AL supports multi-forest and / or multi-domain
    environments in a single lab. AL will try to get the number of domains to
    add from the definition of domain controllers. AL auto-detects domains in a
    simple environment. If your lab is more complex, it is recommended to define
    the domains manually using the cmdlet Add-LabDomainDefinition. Some more
    documentation on the parameters is down below.
 
    ROOT DOMAIN CONTROLLERS (ROOTDC)
    Each forest starts with a Root Domain Controller. The number of forests in
    your lab is defined by the number of machines with the role RootDC and by
    the domains you are assigning these machines to. Having two Root Domain
    Controllers in a domain results in an error. The role RootDC supports the
    following parameters for customizations: SiteName, SiteSubnet,
    DomainFunctionalLevel and ForestFunctionalLevel.
 
    ROLE ASSIGNMENT
    The simple assignment that takes the default settings:
 
    Add-LabMachineDefinition -Name DC1 -OperatingSystem 'Windows 2016 SERVERDATACENTER' -Roles RootDC
 
    The next example demonstrates the usage of all available parameters:
 
    $role = Get-LabMachineRoleDefinition -Role RootDC @{
        ForestFunctionalLevel = 'Win2012R2'
        DomainFunctionalLevel = 'Win2012R2'
        SiteName = 'Frankfurt'
        SiteSubnet = '192.168.10.0/24'
    }
    Add-LabMachineDefinition -Name T3RDC1 -IpAddress 192.168.10.10 -DomainName contoso.com -Roles $role
 
    FIRST CHILD DOMAIN CONTROLLER (FIRSTCHILDDC)
    If you need a child domain or a new tree in your forest, you start with
    assigning this role to a machine. Like for the RootDC role AL tries to
    auto-detect missing data, like the root domain. If you assign a role
    FirstChildDC to a machine which is in the domain child.contoso.com, AL take
    contoso.com as the parent domain. If you are running more than one forest in
    a lab, this cannot work anymore and some more data is required. This role
    needs to know about the name of the new child domain or domain tree and the
    parent domain name. If this cannot be retrieved automatically, an error is
    thrown.
 
    ROLE ASSIGNMENT
    The simple example for this role looks identical with the one for the role
    RootDC. The next example demonstrates all available parameters:
 
    $role = Get-LabMachineRoleDefinition -Role FirstChildDC @{
        ParentDomain = 'contoso.com'
        NewDomain = 'emea'
        DomainFunctionalLevel = 'Win2012R2'
        SiteName = 'London'
        SiteSubnet = '192.168.50.0/24'
     
    }
    Add-LabMachineDefinition -Name LDC1 -IpAddress 192.168.50.10 -DomainName emea.contoso.com -Roles $role
 
    DOMAIN CONTROLLER (DC)
    This role can be assigned to a machine to become an additional domain
    controller in a root or child domain defined earlier. You cannot have the
    role DC without having also the role RootDC or FirstChildDC. This role
    supports the parameters SiteName, SiteSubnet and ReadOnly
 
    ROLE ASSIGNMENT
    Using all these parameters looks like this:
 
    $role = Get-LabMachineRoleDefinition -Role DC @{
        SiteName = 'Milano'
        SiteSubnet = '192.168.60.0/24'
        IsReadOnly = 'true'
    }
    Add-LabMachineDefinition -Name RODC1 -IpAddress 192.168.60.10 -DomainName emea.contoso.com -Roles $role
 
    INSTALLATION PROCESS
    The installation is done when calling 'Install-Lab' without using additional
    parameters. To start only the Active Directory installation, you can use
    'Install-Lab -Domains'.
 
    REQUIREMENTS
    This role cannot be assigned to a client OS. The only additional requirement
    is to provide the correct data if AL cannot discover your intended setup
    automatically.
 
    PARAMETERS
    FORESTFUNCTIONALLEVEL (ROOTDC)
    This value is only available for the RootDC role and takes the Forest
    Functional Level. Valid values are - Win2008R2
    - Win2012
    - Win2012R2
    - WinThreshold (Win2016)
 
    DOMAINFUNCTIONALLEVEL (ROOTDC AND FIRSTCHILDDC)
    This value is available on the roles RootDC and FirstChildDC and controls
    the Domain Functional Level. Valid values are - Win2008R2
    - Win2012
    - Win2012R2
    - WinThreshold (Win2016)
 
    SITENAME
    When defined, AL creates the given site after promoting the domain
    controller and moves the domain controller into that site.
 
    DATABASEPATH
    Stores the AD database files in the given folder.
 
    LOGPATH
    Stores the AD log files in the given folder.
 
    SYSVOLPATH
    Stores the Sysvol folder in the given folder
 
    DSRMPASSWORD
    When defined, set the Directory Services Restore Mode password to something
    different than the lab's install user's password.
 
    SITESUBNET
    When defined, AL creates a new Active Directory Replication subnet and
    assigns it to the site creates previously. The parameter SiteSubnet requires
    SiteName to be defined.
 
    ISREADONLY (DC)
    This string parameter makes the domain controller a read-only domain
    controller. Use 'true' to enable the ReadOnly DC role.
 
    NEWDOMAIN (FIRSTCHILDDC)
    Defines the new domain name for the FirstChildDC. If this value is a FQDN,
    AL creates a new domain tree, in case of a short name a child domain is
    created.
 
    PARENTDOMAIN (FIRSTCHILDDC)
    This specifies the root domain the new domain should be located in. The
    parameter takes the full FQDN.