Powershell workflow for Domain controller configuration
-
Thursday, February 21, 2013 12:46 PM
Hi There,
Good Evening,
I facing big challenge creating PowerShell workflow that build & configure Domain controller.
I have PowerShell script promote Win server 2012 domain controller in an existing domain.
I need PowerShell workflow join the domain, promote domain controller & the install ppe & psync in single psworkflow with automatic restart after completed.
So could you please help me on this.
Advanced thankful....
All Replies
-
Thursday, February 21, 2013 2:03 PMModerator
Does it have to be a work flow?
See my provisioning scripts on http://tfl09.blogspot.com. The script at : http://tfl09.blogspot.no/2013/01/building-hyper-v-test-lab-on-windows-8_23.html builds the DC.
Thomas Lee <DoctorDNS@Gmail.Com>
-
Friday, February 22, 2013 10:57 AM
Thanks a lot Thomas,
Yes its PowerShell workflow.
I have already PowerShell script to promote domain controller, install software's for domain controller in a silent mode.
Here what I need, the outline of workflow reboots during the install-domain controller process (used to be DCPROMO or server manager win server 2012 DC) and then once more after installing PCNS and PPE. Workflow can manage all of that for us.
I need to integrate those PowerShell scripts into one workflow & run all those.
Thanks a lot in advance if you can help me on this.
-
Friday, February 22, 2013 11:43 AMModerator
Well - if you take a look at the site I posted earlier, there is a script that does all the domain promotion (Configure-DC1.ps1). I have another script (Configure-DC1-2.ps1 that does some extra DC configuration and Configure-DC1-CA that creates a CA. You can get all my scripts from www.reskit.net. I have some updates going up shortly - so wait for a few hours to get the latest versions.
Speaking personally, I prefer to use scripts rather than work flows - it's a lot faster and there are a lot fewer gotchas. You could take the scripts above, write them in an inline script{} block and off you go. I started out using workflows and gave up and went back to using scripts.
Thomas Lee <DoctorDNS@Gmail.Com>
-
Monday, February 25, 2013 4:58 AM
(Get-PSSessionConfiguration Microsoft.PowerShell.Workflow).OutOfProcessActivity
InlineScript$o = New-PSWorkflowExecutionOption -OutOfProcessActivity ""
Set-PSSessionConfiguration Microsoft.PowerShell.Workflow -SessionTypeOption $o -Force
(Get-PSSessionConfiguration Microsoft.PowerShell.Workflow).OutOfProcessActivity
Workflow Install-DC
{
InlineScript
{
C:\Demo\DC.ps1
C:\Demo\InstallPCNS.ps1
C:\Demo\InstallPPE.ps1
}
}This is the way we need to create workflow? or some other way?
in the inline script block DC.ps1 script configure the DC
IstallPCNS.ps1 script to install PCNS
& last one Install PPE.
Please let me know is this right.
Thanks a lot once again for your help.
-
Tuesday, February 26, 2013 3:40 PMModerator
This could work, but I am not sure if you need the stuff before the Workflow. I'd be tempted to do this:
Workflow Install-DC
{
InlineScript
{
C:\Demo\DC.ps1
C:\Demo\InstallPCNS.ps1
C:\Demo\InstallPPE.ps1
}Install-DC -PSComputerName DC1Install-DC -PSComputerName DC1
Try that and report back please
Thomas Lee <DoctorDNS@Gmail.Com>
-
Wednesday, February 27, 2013 1:27 PM
Hi Thomas Thanks a lot again for kind help.
But still it is not working. Please find below my workflow
Workflow Install-DomainController
{Inlinescript {
# Windows PowerShell script for AD DS Deployment
#
Get-windowsfeature AD-Domain-Services
Import-Module ServerManager
Add-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Import-Module ADDSDeployment
Install-ADDSDomainController `
-ADPrepCredential (Get-Credential) `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-Credential (Get-Credential) `
-CriticalReplicationOnly:$false `
-DatabasePath "M:\NTDS" `
-DomainName "domainname" `
-InstallationMediaPath "C:\NTDSRestore" `
-InstallDns:$true `
-LogPath "L:\NTDS" `
-NoRebootOnCompletion:$false `
-SiteName "Default-First-Site-Name" `
-SysvolPath "M:\SYSVOL" `
-Force:$true}
Inlinescript {
msiexec /i "C:\Password Change Notification Service x64\Password Change Notification Service.msi" /qn
}
Inlinescript {
msiexec.exe /i "C:\ppe\ppe701.exe" /qn
}
}Install-DomainController -PSComputerName srv1
This workflow installing only one software first one...
and for DC promotion script am using above if I ran separately means non workflow its working perfectly but if integrate in workflow am getting below error & stopping here & not running other two softwares in the workflow.
Get-credential : cannot process command because of one more missing mandatory parameters: Credential.
At Install-Domaincontroller
And also one more thing this is suspect with Restating I need to restart in this scenario three time one is after DC promotion & other two for both software.
So How will deal with restarts in workflow.
Last How we can workflow local machine & remote server am confusing here what are PowerShell commands in workflow.
Thanks u very very very much if you give info on this.
-
Wednesday, February 27, 2013 3:06 PM
Workflows are extremely complex and just plain not the same as running a script. You should take a look at Richard Siddaway's recent set of posts on The Scripting GUys' Blog. Start here: http://msmvps.com/blogs/richardsiddaway/archive/2013/02/13/powershell-workflow-the-complete-series.aspx and read through them. This will help to understand what is going on.
1. the first issue is that you can not use Get-credential as you do in this script - there is no way for a work flow to prompt for this. So create the credential outside of work flow, then pass it to the work flow as a parameter, eg
# Get-cred
$cred = Get-Credential
Do-Workflow -pscredential $cred2. Inside the workflow, I'd eliminate most of what you have there and just take the default values. That means leaving out the -ADPrepCredential (Get-Credential) ` line.
3. Regarding reboots - I don't see any in the code fragment you provided. If you are running the workflow remote, as I normally try to, then in the workflow you can reboot the machine by using
restart-computer -wait -For PowerShell
That reboots, and waits till the reboot has continued before carrying on the work flow.
- Proposed As Answer by R Jason Morgan Monday, April 29, 2013 1:14 AM
- Marked As Answer by IamMredMicrosoft Employee, Owner Wednesday, May 01, 2013 3:10 AM
-
Wednesday, February 27, 2013 3:09 PMModerator
Beat me to it today - and good answer.
The pointer to Ricard's blog is a good one - you (the OP) really should read all that in depth. Workflows really are quite different - their similarity to functions is not deep!
If you really have to do this with a workflow - good luck. I've not managed to get this to work yet!
Thomas Lee <DoctorDNS@Gmail.Com>
- Marked As Answer by IamMredMicrosoft Employee, Owner Wednesday, May 01, 2013 3:10 AM
-
Thursday, February 28, 2013 2:41 PM
Hi Stanley Roark / Thomas,
Thanks a lot for help am running as said yesterday but still its not passing the credentials. so please, please tell how I can pass.
This is the script am using now
I am very greatful to you if u can help on regards. also How to restart local machine if running workflow to install DC & other two softwares-3 times restart required. one for after dc promote & others two softwares.
$cred = Get-Credential
-pscredential $cred
workflow Install-DCconf{
Inlinescript{
Get-windowsfeature AD-Domain-Services
Import-Module ServerManager
Add-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "M:\NTDS" `
-DomainName "Domain" `
-InstallationMediaPath "C:\NTDSRestore" `
-InstallDns:$true `
-LogPath "L:\NTDS" `
-NoRebootOnCompletion:$false `
-SiteName "Default-First-Site-Name" `
-SysvolPath "M:\SYSVOL" `
-Force:$true
Inlinescript{
msiexec /i "C:\Password Change Notification Service x64\Password Change Notification Service.msi" /quiet /norestart
}
Inlinescript{
msiexec.exe /i "C:\ppe\ppe701.exe" /quiet /norestart
}}
Install-AvanadeDC -pscomputername computername
Restart-computer -wait -For PowerShell
- Edited by veeruaccenture Thursday, February 28, 2013 2:41 PM
-
Wednesday, March 06, 2013 2:40 PM
This definitely doesn't answer your entire question but Powershell will fail trying to run the MSIEXEC commands you have in there. I've added some code below to show you how powershell will succeed at MSIEXEC:
Start-Process MSIEXEC -ArgumentList /i, "C:\Password Change Notification Service x64\Password Change Notification Service.msi", /quiet, /norestart -Wait
Also I've never used PPE701.exe but you probably want to just use start-process c:\ppe\ppe701.exe -argumentlist /quiet, /norestart -wait again there too. It doesn't look like something MSIEXEC will be able to handle.
-
Wednesday, March 06, 2013 9:19 PMModerator
You pass your credentials when you kick off the workflow:
Install-DCconf -pscredential $cred
Not sure what Install-AvenadeDC is...
Thomas Lee <DoctorDNS@Gmail.Com>
- Edited by Thomas LeeMVP, Moderator Wednesday, March 06, 2013 9:20 PM
- Marked As Answer by IamMredMicrosoft Employee, Owner Wednesday, May 01, 2013 3:10 AM
.png)
