added initial setup for domain controller

1 files changed, 50 insertions, 0 deletions

diff --git a/ansible/scripts/setup-adcs.ps1 b/ansible/scripts/setup-adcs.ps1
new file mode 100644
index 0000000..134b9a9
--- /dev/null
+++ b/ansible/scripts/setup-adcs.ps1
@@ -0,0 +1,50 @@
+param
+(
+    [string]$DomainName = "contoso.com",
+    [string]$Username   = "Administrator",
+    [string]$Password   = "packer"
+)
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+$p = ConvertTo-SecureString $Password -AsPlainText -Force
+$c = New-Object System.Management.Automation.PSCredential("$DomainName\$Username", $p)
+$CACommonName = "$($DomainName.Split(".")[0].ToUpper())-CA"
+
+try {
+    Install-WindowsFeature -Name AD-Certificate -IncludeAllSubFeature -IncludeManagementTools
+    Install-WindowsFeature -Name ADCS-Cert-Authority
+    Install-WindowsFeature -Name ADCS-Web-Enrollment
+    Install-WindowsFeature -Name RSAT
+
+    Write-Host "[INFO] Installed ADCS Windows Features"
+} catch {
+    Write-Host "[ERR] Failed to install ADCS Windows Features"
+}
+
+try {
+    Install-AdcsCertificationAuthority `
+        -Credential $c `
+        -CAType EnterpriseRootCA `
+        -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" `
+        -KeyLength 2048 `
+        -HashAlgorithmName SHA256 `
+        -ValidityPeriod Years `
+        -ValidityPeriodUnits 5 `
+        -CACommonName $CACommonName `
+        -Force
+
+    Write-Host "[INFO] Installed ADCS Certification Authority"
+} catch {
+    Write-Host "[ERR] Failed to install ADCS Certification Authority"
+}
+
+try {
+    Install-AdcsWebEnrollment -Force
+
+    Write-Host "[INFO] Installed ADCS Web Enrollment"
+} catch {
+    Write-Host "[ERR] Failed to install ADCS Web Enrollment"
+}
+Stop-Transcript
\ No newline at end of file