xActiveDirectory PowerShell Module (DSC Resource Kit)

The xActiveDirectory module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit. This module contains the xADDomain, xADDomainController, xADUser, and xWaitForADDomain DSC Resources.

4 Star
7,621 times
Add to favorites
Active Directory
E-mail Twitter del.icio.us Digg Facebook
  • Handling Reboots during DSC
    2 Posts | Last post September 14, 2015
    • One question I have that's stumping me, is how you handle a machine restart during the middle of a DSC activity?  If, using the example here for AD, whereby you create an AD domain, wait for it to become available, and then create a dummy user, how exactly do you handle the required reboot in the middle in an automatic fashion?
      If I am watching the DSC script running remotely, then I can see where its installed AD and needs the restart, but is it possible to fully automate this process, or do I essentially need to break the DSC activity into two (or more) parts ?
      For Example:
      1. Start-DSCConfiguration for AD plus required tools with one MOF File
      2. Wait for this to return and do a remote restart-computer
      3. Have a second MOF File which does the remaining part of the configuration (using the xWaitForADDomain piece)
    • Hi, G-Corbett,
      $global:DSCMachineStatus is the parameter that tells the DSC engine that a restart is required.
      As far as I am aware the "Windowsfeature" dsc resource already includes this when a feature requires a reboot. This means that 1 MOF file is enough to set your configuration, reboot the node, and continue the configuration.
      To enforce this reboot, and to make sure the configuration continues after a reboot I recommend to place the following in your LCM Configuration.
      ActionAfterReboot = 'ContinueConfiguration'
      RebootNodeIfNeeded = $true
  • What is the point of the Certificate file param?
    2 Posts | Last post September 14, 2015
    • Hi guys,
        I'm just trying to build out a simple domain with DSC, could you explain why a -Certificate file param is needed under $ConfigData.AllNodes.CertificateFile?  
        Running your examples as is will lead to errors, as no such cert file exists. 
    • As I am not quite sure which example you are using, the following should work without a certificate param file, with xActiveDirectory resource version 2.3:
      configuration PrimaryDomainController
          Import-DscResource -ModuleName 'xActiveDirectory'
          Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
          Node $AllNodes.Where({$_.Role -eq 'Primary DC'}).nodename {
              File ADFiles 
                  DestinationPath = 'C:\NTDS'
                  Type = 'Directory'
                  Ensure = 'Present'
              WindowsFeature ADDSInstall 
                  Ensure = 'Present'
                  Name = 'AD-Domain-Services'
              xADDomain FirstDS 
                  DomainName = $Node.DomainName
                  DomainAdministratorCredential = DomainAdminCredentials
                  SafemodeAdministratorPassword = $SafemodeAdministratorCredential
                  DatabasePath = 'C:\NTDS'
                  LogPath = 'C:\NTDS'
                  DependsOn = '[WindowsFeature]ADDSInstall', '[File]ADFiles'
      $ConfigData = @{
          AllNodes = @(
                  NodeName                        = '*'
                  PSDscAllowPlainTextPassword     = $True
                  PSDscAllowDomainUser            = $true
                  DomainName                      = 'Contoso.local'
                  Nodename                        = 'PrimaryDomainController'
                  Role                            = 'Primary DC'
                  RetryCount                      = 20
                  RetryIntervalSec                = 30
      PrimaryDomainController -ConfigurationData $ConfigData -OutputPath C:\DSC\Staging\PrimaryDomainController