justin_p.pdc
ansible-role-pdc
This role sets up a new Primary Domain Controller with an Active Directory Domain/Forest. No security enhancements are included.
It is based on the work by @jborean93 in jborean93/ansible-windows.
Compatible with:
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012R2
Requirements
- You need
python3-winrm(pywinrm) for WinRM functionality.
Role Variables
From defaults/main.yml
| Variable | Description | Default Value |
|---|---|---|
| pdc_administrator_username | Use the Built-in Administrator account to ensure the NETBIOS\Administrator password is known. Usually, you should leave this as the default. | Administrator |
| pdc_administrator_password | Password for the Built-in Administrator account. If the username is left as default, this will become the password for NETBIOS\Administrator. It’s best to change this to a strong password. | P@ssw0rd! |
| pdc_dns_nics | Name of the ethernet adapter to configure DNS. Defaults to use all. Usually, you should leave this as default. | * |
| pdc_dns_servers | DNS server used on pdc_dns_nics. Defaults to {{ ansible_host }}. Usually, you should leave this as default. |
{{ ansible_host }} |
| pdc_domain | Domain of the new Active Directory Forest. For testing/labs, it's recommended to use ad.domain.test. For production, use an existing domain with an ad subdomain: ad.domain.tld |
ad.example.test |
| pdc_netbios | NetBIOS name of the new Active Directory Forest. Change as needed. | TEST |
| pdc_domain_path | Distinguished Name of the domain, matching pdc_domain (Example: dc=ad,dc=domain,dc=test). |
dc=ad,dc=example,dc=test |
| pdc_domain_safe_mode_password | Safe Mode password for the Domain. Change this to a strong password. | P@ssw0rd! |
| pdc_domain_functional_level | Sets the domain functional level for the first domain when creating a new forest. Must be equal to or higher than the forest functional level. Change as needed. | Default (Windows2008R2) |
| pdc_forest_functional_level | Sets the forest functional level for the new forest, usually matching the Windows Server version used. Change as needed. | Default (Windows2008R2) |
| pdc_required_psmodules | PowerShell/DSC modules to install from PSGallery. Always include ActiveDirectoryDsc for the WaitForAD check. Usually, leave as default. |
[xPSDesiredStateConfiguration, NetworkingDsc, ComputerManagementDsc, ActiveDirectoryDsc] |
| pdc_required_features | Windows Features to install on the Domain Controller. Defaults to AD-domain-services and DNS. Usually, leave as default. | ["AD-domain-services", "DNS"] |
| pdc_desired_dns_forwarders | Desired DNS Forwarders for the PDC. Defaults to Google DNS. Change as needed. | ["8.8.8.8", "8.8.4.4"] |
Dependencies
- WinRM must be configured on the Windows host for Ansible.
- justin_p.posh5
- justin_p.wincom
Example Playbook
- hosts: primary_domain_controller
roles:
- role: justin_p.posh5
- role: justin_p.wincom
- role: justin_p.pdc
See example inventory.
Local Development
This role includes a Vagrantfile to create a local Windows Server 2019 VM in VirtualBox. It will automatically run the role after creating the VM.
Development Requirements
Run pip3 install pywinrm
Usage
- Execute
vagrant upto create the VM and run the role. - Execute
vagrant provisionto reapply the role. - Execute
vagrant destroy -f && vagrant upto recreate the VM and run the role. - Execute
vagrant destroyto remove the VM.
License
MIT
Authors
- Justin Perdok (@justin-p), Orange Cyberdefense
Contributing
Feel free to open issues, contribute, and submit Pull Requests. You can also reach me on Twitter (@JustinPerdok).
Informazioni sul progetto
Setup a Primary Domain Controller and Active Directory on a Windows Server.
Installa
ansible-galaxy install justin_p.pdcLicenza
mit
Download
258
Proprietario
IT Geek, Ethical Hacker, DevOps Nut, PowerShell Fanatic and lover of beers :beers: