AddsDomainController installs and configures domain controllers in Active Directory.
Source |
|
DSC Resource |
|
Documentation |
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
DomainName |
Key |
String |
The fully qualified domain name (FQDN) of the domain the Domain Controller will be joining. |
|
Credential |
Mandatory |
PSCredential |
The credentials of a user that has Domain Administrator rights to add the Domain Controller to the domain. |
|
SafemodeAdministratorPassword |
Mandatory |
PSCredential |
Credentials containing the password to use for Directory Services Restore Mode (DSRM). |
|
DatabasePath |
String |
The path where the database will be stored. |
Default: |
|
LogPath |
String |
The path where the logs will be stored. |
Default: |
|
SysvolPath |
String |
The path where the Sysvol will be stored. |
Default: |
|
SiteName |
Mandatory |
String |
The name of the site this Domain Controller will be added to. Set value to 'Default-First-Site-Name' if the Domain Controller shall be added to default site. |
|
IsReadOnlyReplica |
Boolean |
Specifies if the domain controller will be a Read-Only Domain Controller (RODC). |
|
|
AllowPWReplication |
Mandatory if RODC, DSC will remove all not listet groups if you add them manually in AD. |
String[] |
Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC). |
|
DenyPWReplication |
Mandatory if RODC, DSC will remove all not listet groups if you add them manually in AD. |
String[] |
Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC). |
|
IsGlobalCatalog |
Boolean |
Specifies if the domain controller will be a Global Catalog (GC). |
|
|
UnprotectFromAccidentalDeletion |
Boolean |
Specifies if the 'Protect from accidental deletion' flag shall be removed from the AD computer account before promoting to a domain controller. If the computer acts as domain controller the 'Protect from accidental deletion' flag will not changed anymore. |
|
|
InstallationMediaPath |
String |
The path of the media you want to use install the Domain Controller. (not used inside) |
AddsDomainController:
DomainName: contoso.com
Credential: '[ENC=PE9ian...=]'
SafeModeAdministratorPassword: '[ENC=PE9ian...=]'
LogPath: C:\Windows\Logs
SysvolPath: C:\Windows\SYSVOL
SiteName: London
IsGlobalCatalog: false
IsReadOnlyReplica: true
UnprotectFromAccidentalDeletion: true
InstallationMediaPath: \\Server\Share
AddsDomainController:
DomainName: contoso.com
Credential: '[ENC=PE9ian...=]'
SafeModeAdministratorPassword: '[ENC=PE9ian...=]'
LogPath: C:\Windows\Logs
SysvolPath: C:\Windows\SYSVOL
SiteName: London
IsGlobalCatalog: true
AllowPasswordReplication:
- 'SiteGroup-AllowPasswordReplication'
- 'TestGroup'
DenyPasswordReplication:
- 'SiteGroup-DenyPasswordReplication'
IsReadOnlyReplica: true
UnprotectFromAccidentalDeletion: true
InstallationMediaPath: \\Server\Share