pdc

ansible-role-pdc

This role will create a brand new Primary Domain Controller with a Active Directory Domain/Forest. No hardening is applied.

Based of the work done by @jborean93 in jborean93/ansible-windows

Works on

Windows Server 2019
Windows Server 2016
Windows Server 2012R2

Requirements

python3-winrm (pywinrm) is needed for WinRM.

Role Variables

defaults/main.yml

Variable	Description	Default value
pdc_administrator_username	Settings this to Built-in Administrator account ensure that we know the password of NETBIOS\Administrator. 9/10 times you should leave this to the default value.	Administrator
pdc_administrator_password	The password of Built-in Administrator account. This password (if pdc_administrator_username left to the default value) will become the password of NETBIOS\Administrator. Change this to a strong password.	P@ssw0rd!
pdc_dns_nics	The name of the ethernet adapter to setup DNS on. Defaults to wildcard. 9/10 times you should leave this to the default value.	*
pdc_dns_servers	The DNS server to use on pdc_dns_nics. Defaults to `{{ ansible_host }}`. 9/10 times you should leave this to the default value.	{{ ansible_host }}
pdc_domain	The Domain of the new Active Directory Forest. For testing\lab purposes it's recommend to use ad.domain.test. For production it's recommend to use a existing domain with a ad subdomain: `ad.domain.tld`	ad.example.test
pdc_netbios	The NetBIOS of the new Active Directory Forest. Change this depending on your needs.	TEST
pdc_domain_path	The Distinguished Name of the domain. This should match the value given in pdc_domain (Example: `dc=ad,dc=domain,dc=test`)	dc=ad,dc=example,dc=test
pdc_domain_safe_mode_password	The Domain Safe Mode password. Change this to a strong password.	P@ssw0rd!
pdc_domain_functional_level	Specifies the domain functional level of the first domain in the creation of a new forest. The domain functional level cannot be lower than the forest functional level, but it can be higher. Change this depending on your needs.	Default (Windows2008R2)
pdc_forest_functional_level	Specifies the forest functional level for the new forest. The default forest functional level in Windows Server is typically the same as the version you are running. Change this depending on your needs.	Default (Windows2008R2)
pdc_required_psmodules	PowerShell/DSC modules to install from the PSGallery. Always make sure to include `ActiveDirectoryDsc`for the `WaitForAD`-check. 9/10 times you should leave this to the default value.	[xPSDesiredStateConfiguration, NetworkingDsc, ComputerManagementDsc, ActiveDirectoryDsc]
pdc_required_features	Windows Features that should be installed on the Domain Controller. Defaults to AD-domain-services and DNS. 9/10 times you should leave this to the default value.	["AD-domain-services", "DNS"]
pdc_desired_dns_forwarders	The desired DNS Forwarders for the PDC. Defaults to Google DNS. Change this depending on your needs.	["8.8.8.8", "8.8.4.4"]

Dependencies

WinRM on the windows host should configured for Ansible.
justin_p.posh5
justin_p.wincom

Example Playbook

- hosts: primary_domain_controller
  roles:
    - role: justin_p.posh5
    - role: justin_p.wincom
    - role: justin_p.pdc

See https://github.com/justin-p/ansible-role-pdc/blob/master/tests/inventory.yml for an example inventory.

Local Development

This role includes a Vagrantfile that will spin up a local Windows Server 2019 VM in Virtualbox.
After creating the VM it will automatically run our role.