Skip to content

Instantly share code, notes, and snippets.

@stephenmbell

stephenmbell/New-OPSWindowsServer.ps1

Last active August 3, 2022 20:21
Show Gist options
  • Save stephenmbell/066fb7bcf78bcb9d7f5c600c6fef8517 to your computer and use it in GitHub Desktop.
Save stephenmbell/066fb7bcf78bcb9d7f5c600c6fef8517 to your computer and use it in GitHub Desktop.
Download ZIP
script to pre-stage AD server and add to required groups
Raw
New-OPSWindowsServer.ps1
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]
$ComputerName,
# Parameter help description
[Parameter()]
[string]
$OUPath = 'OU=Windows,OU=Servers,DC=mydomain,DC=local',
# Parameter help description
[Parameter(Mandatory)]
[PSCredential]
$Credential,
# Parameter help description
[Parameter(Mandatory)]
[string]
$Description,
# Parameter help description
[Parameter(Mandatory)]
[ValidateSet('Pilot', 'Inner', 'Outer', 'Picking A', 'Picking B', 'Plant Overnight', 'Default')]
[string]
$PatchingRing
)
# check for the Active Directory PowerShell Module
if ($null -eq (Get-Module -Name ActiveDirectory -ListAvailable)) {
Write-Warning 'Active Directory Module not found.'
Write-Warning 'Exiting.'
Start-Sleep -Seconds 2
Exit
}
# Get a domain controller
$DC = Get-ADDomainController -DomainName mydomain.local -SiteName Ridge -Discover | Select-Object -ExpandProperty Name
# flip the parameter to the group name
switch ($PatchingRing) {
'Pilot' { $WSUSGroup = 'WSUS Servers Pilot Ring' }
'Inner' { $WSUSGroup = 'WSUS Servers Inner Ring' }
'Outer' { $WSUSGroup = 'WSUS Servers Outer Ring' }
'Picking A' { $WSUSGroup = 'WSUS Servers Picking A' }
'Picking B' { $WSUSGroup = 'WSUS Servers Picking B' }
'Plant Overnight' { $WSUSGroup = 'WSUS Servers Plant Overnight' }
'Default' { $WSUSGroup = '' }
}
# Relevant information for groups that need to be created
$GroupsOU = 'OU=Local Groups,OU=Servers,OU=Groups,DC=mydomain,DC=local'
$GroupsToCreate = "SERVER_$ComputerName Local Admins", "SERVER_$ComputerName Remote Desktop Users"
try {
# check to see if the computer already exists
Get-ADComputer -Identity $ComputerName -ErrorAction Stop -Server $DC
# if no error, write warning
Write-Warning 'A computer with this name already exists'
} catch {
# it does not already exist, let's create it
try {
$NewComputerParams = @{
Name = $ComputerName
SAMAccountName = $ComputerName
Path = $OUPath
Description = $Description
Enabled = $False
Credential = $Credential
Server = $DC
ErrorAction = 'Stop'
}
# try to create the new server
New-ADComputer @NewComputerParams
# let's add it to a WSUS Group if necessary
if ($WSUSGroup -ne '') {
$WSUSGroupParams = @{
Identity = $WSUSGroup
Members = Get-ADComputer -Identity $ComputerName | Select-Object -ExpandProperty DistinguishedName
Server = $DC
Credential = $Credential
ErrorAction = 'Stop'
}
Add-ADGroupMember @WSUSGroupParams
}
catch {
$TheError = $_
# do something here - could not create the new computer -OR- add to the WSUS rings
Write-Warning "Error creating computer: $ComputerName -OR- adding to group: $WSUSGroup"
}
# now we need to create some AD groups to manage local admins and RDP users
# do the groups already exist?
foreach ($group in $GroupsToCreate) {
try {
Get-ADGroup -Identity $group -Server $DC -ErrorAction Stop
Write-Warning "$Group already exists"
} catch {
if ($group -match 'Administrators') {
$GroupDescription = "This group is a member of the local administrators group on $ComputerName"
} else {
$GroupDescription = "This group is a member of the local remote desktop users group on $ComputerName"
}
# create the new group
$NewGroupParams = @{
Name = $group
SAMAccountName = $group
DisplayName = $group
Path = $GroupsOU
GroupCategory = 'Security'
GroupScope = 'Global'
Description = $GroupDescription
Server = $DC
Credential = $Credential
ErrorAction = 'Stop'
}
New-ADGroup @NewGroupParams
}
}
} catch {
$TheError = $_
# do something here - creating the new
Write-Warning 'Error 4'
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment