The last step in this process is to stand up a server to eventually run SQL Server, and a domain user, because I DON'T want to be installing software as Administrator!
First, I'm going to make a new user, like so, while logged in to the domain controller:
New-ADUser -Name "Ironman" -GivenName Tony -Surname Stark -SamAccountName ironman -UserPrincipalName ironman@contoso.com -AccountPassword (ConvertTo-SecureString -AsPlainText "Password1!" -Force)
Enable-ADAccount ironman
Add-ADGroupMember "Enterprise Admins" ironman
Add-ADGroupMember "Domain Admins" ironman
Next, I'm going to adjust the member server, after having logged in as the Administrator account I created during Windows setup. Here's the script block:
$netadapter = Get-NetAdapter -Name Ethernet1 $netadapter | Set-NetIPInterface -DHCP Disabled $netadapter | New-NetIPAddress -AddressFamily IPv4 -IPAddress 10.0.1.110 -PrefixLength 24 -Type Unicast -DefaultGateway 10.0.1.100 Set-DnsClientServerAddress -InterfaceAlias Ethernet1 -ServerAddresses 10.0.1.100
The first half is essentially the same as what I listed in the Stand Up The Domain post, so let's walk through it.
First, I'm going to get validation that the adapter that I think exists, actually does. In my copy of VMWare, the adapters are returned by Get-NetAdapter as a zero-based naming scheme, so the first, and default, adapter is Ethernet0. I've added an adapter, so it's going to be Ethernet1. If for some reason, there was a problem, or I didn't hit "Save", or something else went wrong, then I won't have the adapter to configure, and the variable $netadapter is going to wind up $null.
Next, we disable the default DHCP. This line is going to prevent the adapter from calling back out to the VMNet2 network post-configuration and getting a potentially confusing IP address. It's not really bad that it gets one, if this machine is a client (Windows 10, for example), but since this is going to be a server, a dynamic address won't do.
An interesting side note is that the adapter to NAT with the host on VMNet0 DOES use DHCP, and I want it to NOT have a fixed address.
The next line is, really, the important one, as it sets the static IP address and settings.
Lastly, we find the DNS server being defined for this internal-only network being pointed at the Primary Domain Controller.
In the second half, then, what we have is
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False Rename-Computer "MemberServer" add-computer -Credential contoso\ironman -DomainName contoso.com Restart-Computer
This block will first completely disable the Windows Firewall (again, see my previous notes, and DON'T do this in Production).
Then, because we're working on a member server, and we're already logged in using the Administrator account, I can go ahead and rename the computer as a part of this script.
Next, I'm going to join the domain by calling the join command. It will prompt me for the password to use for the attempt, and after that succeeds, the script reboots the computer. Unless you are 100% certain that this is going to work when you run it, my advice is don't run the Restart-Computer until you're sure, as it'll reboot so fast, you won't get a chance to write down any error messages prior to the machine clearing the screen in preparation to reboot.
And, finally, here's the complete script for a member server:
$netadapter = Get-NetAdapter -Name Ethernet1 $netadapter | Set-NetIPInterface -DHCP Disabled $netadapter | New-NetIPAddress -AddressFamily IPv4 -IPAddress 10.0.1.110 -PrefixLength 24 -Type Unicast -DefaultGateway 10.0.1.100 Set-DnsClientServerAddress -InterfaceAlias Ethernet1 -ServerAddresses 10.0.1.100 Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False Rename-Computer "MemberServer" add-computer -Credential contoso\ironman -DomainName contoso.com Restart-Computer
No comments:
Post a Comment