param
(
    [string]$DomainName = "contoso.com",
    [string]$Username   = "Administrator",
    [string]$Password   = "packer"
)
$scriptName = $MyInvocation.MyCommand.Name
$logFile = "C:\Logs\${scriptName}_log.txt"
Start-Transcript -Path $logFile -Append

$p = ConvertTo-SecureString $Password -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential("$DomainName\$Username", $p)
$CACommonName = "$($DomainName.Split(".")[0].ToUpper())-CA"

try {
    Install-WindowsFeature -Name AD-Certificate -IncludeAllSubFeature -IncludeManagementTools
    Install-WindowsFeature -Name ADCS-Cert-Authority
    Install-WindowsFeature -Name ADCS-Web-Enrollment
    Install-WindowsFeature -Name RSAT

    Write-Host "[INFO] Installed ADCS Windows Features"
} catch {
    Write-Host "[ERR] Failed to install ADCS Windows Features"
}

try {
    Install-AdcsCertificationAuthority `
        -Credential $c `
        -CAType EnterpriseRootCA `
        -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" `
        -KeyLength 2048 `
        -HashAlgorithmName SHA256 `
        -ValidityPeriod Years `
        -ValidityPeriodUnits 5 `
        -CACommonName $CACommonName `
        -Force

    Write-Host "[INFO] Installed ADCS Certification Authority"
} catch {
    Write-Host "[ERR] Failed to install ADCS Certification Authority"
}

try {
    Install-AdcsWebEnrollment -Force

    Write-Host "[INFO] Installed ADCS Web Enrollment"
} catch {
    Write-Host "[ERR] Failed to install ADCS Web Enrollment"
}
Stop-Transcript