From 6ec2eb61a02f9e55ef5b8d22a5ca61ca53ca05e7 Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Fri, 11 Jul 2025 21:55:20 +0300
Subject: added initial setup for domain controller

---
 ansible/scripts/setup-tree-domain.ps1 | 50 +++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 ansible/scripts/setup-tree-domain.ps1

(limited to 'ansible/scripts/setup-tree-domain.ps1')

diff --git a/ansible/scripts/setup-tree-domain.ps1 b/ansible/scripts/setup-tree-domain.ps1
new file mode 100644
index 0000000..0f661a1
--- /dev/null
+++ b/ansible/scripts/setup-tree-domain.ps1
@@ -0,0 +1,50 @@
+param
+(
+    [string]$ParentForestRootDomain = "contoso.com",
+    [string]$NewTreeDomainName      = "msp.org",
+    [string]$SafeModePassword       = "P4ssw0rd1234!",
+    [string]$Username               = "Administrator",
+    [string]$Password               = "packer"
+)
+
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+$p = ConvertTo-SecureString $Password -AsPlainText -Force
+$c = New-Object System.Management.Automation.PSCredential("$ParentForestRootDomain\$Username", $p)
+
+Write-Host "[INFO] Setting Administrator password"
+$computerName = $env:COMPUTERNAME
+$adminPassword = $Password
+$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
+$adminUser.SetPassword($adminPassword)
+
+Write-Host "[INFO] Installing AD-Domain-Services feature"
+Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
+
+Write-Host "[INFO] Importing ADDSDeployment module"
+Import-Module ADDSDeployment
+
+try {
+    Write-Host "[INFO] Installing New Tree Domain in Existing Forest"
+    Install-ADDSDomain `
+        -InstallDns `
+        -ParentDomainName $ParentForestRootDomain `
+        -NewDomainName $NewTreeDomainName `
+        -DomainType TreeDomain `
+        -DatabasePath "C:\Windows\NTDS" `
+        -LogPath "C:\Windows\NTDS" `
+        -SysvolPath "C:\Windows\SYSVOL" `
+        -NoRebootOnCompletion `
+        -Force `
+        -Credential $c `
+        -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
+
+    Write-Host "[INFO] Successfully added new tree domain: $NewTreeDomainName"
+} catch {
+    Write-Host "[ERR] Failed to add new tree domain: $NewTreeDomainName"
+    Write-Host $_.Exception.Message
+}
+
+Stop-Transcript
-- 
cgit v1.2.3