|
Configuration CertificateAuthority |
|
{ |
|
|
|
Import-DscResource -ModuleName xAdcsDeployment,PSDesiredStateConfiguration,xNetworking,xComputerManagement,xTimeZone |
|
|
|
Node $AllNodes.Where{$_.Role -eq "PKI"}.Nodename |
|
{ |
|
xTimeZone SystemTimeZone { |
|
TimeZone = 'Central Standard Time' |
|
IsSingleInstance = 'Yes' |
|
|
|
} |
|
|
|
xIPAddress NewIPAddress |
|
{ |
|
IPAddress = $Node.IPAddress |
|
InterfaceAlias = "Ethernet" |
|
SubnetMask = 24 |
|
AddressFamily = "IPV4" |
|
|
|
} |
|
|
|
xDefaultGatewayAddress NewDefaultGateway |
|
{ |
|
AddressFamily = 'IPv4' |
|
InterfaceAlias = 'Ethernet' |
|
Address = $Node.DefaultGateway |
|
DependsOn = '[xIPAddress]NewIpAddress' |
|
|
|
} |
|
WindowsFeature ADCS-Cert-Authority |
|
{ |
|
Ensure = 'Present' |
|
Name = 'ADCS-Cert-Authority' |
|
} |
|
xADCSCertificationAuthority ADCS |
|
{ |
|
Ensure = 'Present' |
|
Credential = $Node.Credential |
|
CAType = 'EnterpriseRootCA' |
|
DependsOn = '[WindowsFeature]ADCS-Cert-Authority' |
|
} |
|
WindowsFeature ADCS-Web-Enrollment |
|
{ |
|
Ensure = 'Present' |
|
Name = 'ADCS-Web-Enrollment' |
|
DependsOn = '[WindowsFeature]ADCS-Cert-Authority' |
|
} |
|
xADCSWebEnrollment CertSrv |
|
{ |
|
Ensure = 'Present' |
|
Name = 'CertSrv' |
|
Credential = $Node.Credential |
|
DependsOn = '[WindowsFeature]ADCS-Web-Enrollment','[xADCSCertificationAuthority]ADCS' |
|
} |
|
} |
|
} |
|
|
|
$ConfigData = @{ |
|
AllNodes = @( |
|
@{ |
|
Nodename = 'S2' |
|
Role = "PKI" |
|
PsDscAllowPlainTextPassword = $true |
|
PSDscAllowDomainUser = $true |
|
IPAddress = '192.168.2.4' |
|
Credential = (Get-Credential -UserName 'source\administrator' -Message 'cred') |
|
DefaultGateway = '192.168.2.1' |
|
} |
|
) |
|
} |
|
|
|
#Generates .mof file to be pushed |
|
CertificateAuthority -ConfigurationData $ConfigData |
|
#Pushes the .mof to the remote system to make it so |
|
Start-DscConfiguration -ComputerName S2 -Wait -Force -Path C:\DSC\CertificateAuthority\ -Verbose |
