Skip to content

Latest commit

 

History

History
163 lines (134 loc) · 3.98 KB

AddsDomain.adoc

File metadata and controls

163 lines (134 loc) · 3.98 KB

DSC Resource 'AddsDomain'

AddsDomain creates a new domain in a new forest or a child domain in an existing forest.

Source

DSC Resource

Documentation
Table 1. Attributes of category 'AddsDomain'
Parameter Attribute DataType Description Allowed Values

DomainFQDN

Mandatory

String

The fully qualified domain name (FQDN) of a new domain. If setting up a child domain this must be set to a single-label DNS name.

DomainName

Key

String

NetBIOS name for the new domain.

DomainTrusts

Hashtable[]

The DomainTrust resource will manage Bidirectional Forest Domain Trusts.

DomainAdministrator

PSCredential

Specifies the user account credentials to use to perform this task.

SafeModeAdministratorPassword

PSCredential

Password for the administrator account when the computer is started in Safe Mode.

DatabasePath

String

Path to a directory that contains the domain database.

Default: C:\Windows\NTDS

LogPath

String

Path to a directory for the log file that will be written.

Default: C:\Windows\Logs

SysvolPath

String

Path to a directory where the Sysvol file will be written.

Default: C:\Windows\SYSVOL

ForestMode

String

The Forest Functional Level for the entire forest.

  • Win2008

  • Win2008R2

  • Win2012

  • Win2012R2

  • WinThreshold (default)

EnablePrivilegedAccessManagement

Boolean

MIM Privileged Access Management (PAM) is a solution that helps organizations restrict privileged access within an existing and isolated Active Directory environment.

  • True

  • False (default)

ForceRebootBefore

Boolean

Force reboot before creating the new AD domain.

Only one reboot after first start of a DSC configuration is supported.
To re-enable the system reboot feature the registry key value RebootBefore_ADDomain at HKLM:\SOFTWARE\DSC Community\CommonTasks\RebootRequests must be deleted.

  • False (default)

  • True
Table 2. Attributes of category 'AddsDomain/DomainTrusts'
Parameter Attribute DataType Description Allowed Values

Fqdn

Mandatory

String

The fully qualified domain name (FQDN) of a trusted domain.

Name

Mandatory

String

Name of the domain trust.

Credential

Mandatory

PSCredential

Specifies the credentials to authenticate to the target domain.
Example
AddsDomain:
  DomainFqdn: contoso.com
  DomainName: contoso
  DomainDN: DC=contoso,DC=com
  DomainJoinAccount: '[ENC=PE9ianMgVm...=]'
  DomainAdministrator: '[ENC=PE9ianMgVmVyc2l...=]'
  SafeModeAdministratorPassword: '[ENC=PE9ianMgVmVyc2lvbj...=]'
  DatabasePath: C:\Windows\NTDS
  LogPath: C:\Windows\Logs
  SysvolPath: C:\Windows\SYSVOL
  ForestMode: Win2012R2
  ForceRebootBefore: True
  DomainTrusts:
    Fqdn: northwindtraders.com
    Name: northwindtraders
    Credential: '[ENC=PE9ianMgVmVyc2lvbj0i...=]'