How to join an Active Directory domain with PowerShell DSC

To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!

Hello,

Fourth and final article presenting different methods for installing Active Directory:
- Installing Microsoft Active Directory via the graphical interface (server 2012, 2012r2, 2016, 2019, 2022)
- Install Microsoft Active Directory via the dcpromo command(server 2003, 2008, 2008r2, 2012, 2012r2, 2016, 2019, 2022)
- Install Microsoft Active Directory via Powershell (server 2012, 2012r2, 2016, 2019, 2022)
- Installing Microsoft Active Directory via Powershell DSC (server 2016, 2019, 2022)

You can also install a domain using DSC (Desired State Configuration).
The corresponding DSC modules are required.
In this example, DSC will rename the machine, give it a fixed IP, and install and configure the Active Directory role.
Note: In production, remember to change the password for restoring directory services (DSRM) and the password for the administrator account, especially read the documentation on password management in DSC.

# Installing DSC modules.
$module = @(   'networkingdsc',
               'activedirectorydsc',
         'ComputerManagementdsc'
             )
Install-module $module -force
# This is a demo code, for production, review the management of identifiers
# and read the Microsoft documentation on DSC and the storage of identifiers.
# Identifiers for installing the domain and for DSRM
$passwd = ConvertTo-SecureString 'P@ssword' -AsPlainText -Force
$id = New-Object System.Management.Automation.PSCredential('administrateur',$passwd)
# DSC engine configuration
[DSCLocalConfigurationManager()]
configuration LCMConfig
{
    Node localhost
    {
        settings
        {
            ActionAfterReboot = 'ContinueConfiguration'
            ConfigurationMode = 'ApplyOnly'
            RebootNodeIfNeeded = $true
        }
    }
}
LCMConfig
Set-DscLocalConfigurationManager -ComputerName localhost -Force -Verbose -path .\LCMConfig
# To avoid errors when using identifiers in DSC
$configData = @{
     AllNodes = @(
        @{
             NodeName = 'localhost';
             PSDscAllowPlainTextPassword = $true
         }
                 )
               }
# Création de la configuration DSC
configuration Demo-AD
{
     param (
        [string[]]$NodeName ='localhost',
        [Parameter(Mandatory)][string]$ComputerName,
        [Parameter(Mandatory)][string]$DomainName,
        [Parameter(Mandatory)][string]$IP,
        [Parameter()]$cred=$id
           )
    # Import des ressources DSC
    Import-DscResource -Module ActiveDirectoryDSC
    Import-DscResource -Module NetworkingDSC
    Import-DscResource -Module ComputerManagementDSC
    Import-DscResource -Module PSDesiredStateConfiguration
    Node $NodeName     {
        Computer NewNameAndWorkgroup {
            Name = $ComputerName
        }

        WindowsFeature ADDSInstall {
            Ensure = 'Present'
            Name = 'AD-Domain-Services'
            IncludeAllSubFeature = $true
        }
        WindowsFeature RSATTools {
            DependsOn= '[WindowsFeature]ADDSInstall'
            Ensure = 'Present'
            Name = 'RSAT-AD-Tools'
            IncludeAllSubFeature = $true
        }
        IPAddress NewIPAddress {
            IPAddress      = $IP
            InterfaceAlias = 'Ethernet'
            AddressFamily  = 'IPV4'
        }
        ADDomain SetupDomain {
            Credential = $cred
            DomainName = $DomainName
            SafemodeAdministratorPassword = $cred
            DependsOn ='[WindowsFeature]RSATTools'
            ForestMode = 'WinThreshold'
        }
    }
}
# Creating the DSC configuration file
Demo-AD -ComputerName DC1 -DomainName domaine.tld -ip '192.168.10.1/24' -ConfigurationData $configData
# Application of the DSC file
Start-DscConfiguration -ComputerName localhost -Wait -Force -Verbose -path .\Demo-AD -Debug