bolt module add beergeek-active_directory
puppet module install beergeek-active_directory --version 0.4.2
class { 'active_directory::domain_controller':
domain_name => 'puppet.local',
domain_credential_user => 'Administrator',
domain_credential_passwd => 'P00rP@ssword123',
safe_mode_passwd => 'Th!s1sSAfe',
}
To manage a child Domain Controller the followin can be used:
class { 'active_directory::domain_controller':
domain_name => 'apac.puppet.local',
domain_credential_user => 'Administrator',
domain_credential_passwd => 'P00rP@ssword123',
parent_dns_addr => '192.168.0.10',
parent_domain_name => 'puppet.local',
safe_mode_passwd => 'Th!s1sSAfe',
}
Active Directory users can be manage with the active_directory::
domain_controller
class as well via the ad_users
parameter. This hash needs to be in the format of dsc_xaduser
resource type.
To manage a DNS server the following can be used:
class { 'active_directory::dns_server':
dns_server_name => 'dns0.puppet.local',
}
This will use default settings for the DNS server. There are plenty of options for the DNS server as described in the following paragraphs.
active_directory::dns_server
: A class to manage DNS servers on Windows 2012 R2 and 2016
●active_directory::domain_contro
ller
: This class manages Forest and child domain controllers. It can also manage AD users.
●active_directory::rsat_ad
: A class to manage the Remote Server Administration Tools
●active_directory::rsat_dns
: A class to manage the Remote Server Administration Tools
active_directory::dns_ad_zone
: Defined type to manage DNS Active Directory Zones.
class { 'active_directory::dns_server':
dns_server_name => 'dns0.puppet.local',
}
active_directory::
dns_server
class.
dns_server_name
String
DNS Server name.
addressanswerlimit
Active_directory::Add
ressanswerlimit
Number of addresses the server will return, 0 is unlimited or a range is 5 to 28.
Default value: '0'
allowupdate
Active_directory::Zer
o_one
Specifies whether the DNS Server accepts dynamic update requests.
Default value: '1'
autocacheupdate
Boolean
Indicates whether the DNS Server attempts to update its cache entries using data from root servers.
Default value: false
autoconfigfilezones
Integer
Indicates which standard primary zones that are authoritative for the name of the DNS Server must be updated when the name server changes.
Default value: 1
bindsecondaries
Boolean
Enables the DNS server to communicate with non-Microsoft DNS servers that use DNS BIND service.
Default value: false
bootmethod
Active_directory::Boo
tmethod
Determines the source of information that the DNS server uses to start, such as settings to configure the DNS Service, a list of authoritative zones, and configuration settings for the zones.
Default value: '3'
enabledirectorypartitions
Boolean
Specifies whether support for application directory partitions is enabled on the DNS Server.
Default value: true
enablednssec
Active_directory::Zer
o_one
Specifies whether the DNS Server includes DNSSEC-specific RRs, KEY, SIG, and NXT in a response.
Default value: '1'
enableednsprobes
Active_directory::Zer
o_one
Specifies the behavior of the DNS Server. When TRUE, the DNS Server always responds with OPT resource records according to RFC 2671, unless the remote server has indicated it does not support EDNS in a prior exchange. If FALSE, the DNS Server responds to queries with OPTs only if OPTs are sent in the original query.
Default value: '1'
eventloglevel
Active_directory::Log
levels
Determines which DNS events go to the Event Viewr. '0' None, '1' Errors only, '2' Errors and warnings, '4' All events.
Default value: '4'
forwarddelegations
Active_directory::Zer
o_one
Specifies whether queries to delegated sub-zones are forwarded
Default value: '0'
forwarders
Optional[String]
A comma separated string of fowarder addresses.
Default value: undef
forwardingtimeout
Integer
Time, in seconds, a DNS Server forwarding a query will wait for resolution from the forwarder before attempting to resolve the query itself.
Default value: 3
listening_addresses
String
A comma separated string of listening addresses.
Default value: $facts['networking']['ip']
localnetpriority
Boolean
Determines the order in which the DNS server returns A records when it has multiple A records for the same name.
Default value: true
logfilemaxsize
Integer
Size of the DNS Server debug log, in bytes.
Default value: 500000000
logfilepath
String
File name and path for the DNS Server debug log.
Default value: '%SystemRoot%\System32\DNS\Dns.log'
logipfilterlist
Optional[Variant[Arra
y[String],String]]
List of IP addresses used to filter DNS events written to the debug log.
Default value: undef
loosewildcarding
Boolean
Indicates whether the DNS Server performs loose wildcarding.
Default value: false
maxcachettl
Integer
Maximum time, in seconds, the record of a recursive name query may remain in the DNS Server cache.
Default value: 86400
maxnegativecachettl
Integer
Maximum time, in seconds, a name error result from a recursive query may remain in the DNS Server cache.
Default value: 900
namecheckflag
Integer
Indicates the set of eligible characters to be used in DNS names.
Default value: 2
norecursion
Boolean
Indicates whether the DNS Server performs recursive look ups.
Default value: false
recursionretry
Integer
Elapsed seconds before retrying a recursive look up
Default value: 3
recursiontimeout
Integer
Elapsed seconds before the DNS Server gives up recursive query.
Default value: 8
roundrobin
Active_directory::Zer
o_one
Indicates whether the DNS Server round robins multiple A records.
Default value: '1'
rpcprotocol
Integer
RPC protocol or protocols over which administrative RPC runs (bitmap value).
Default value: 5
scavenginginterval
Integer
Interval, in hours, between two consecutive scavenging operations performed by the DNS Server.
Default value: 1
secureresponses
Boolean
Indicates whether the DNS Server exclusively saves records of names in the same subtree as the server that provided them.
Default value: false
sendport
Integer
Port on which the DNS Server sends UDP queries to other servers.
Default value: 0
strictfileparsing
Boolean
Indicates whether the DNS Server parses zone files strictly.
Default value: false
updateoptions
Integer
Restricts the type of records that can be dynamically updated on the server, used in addition to the AllowUpdate settings on Server and Zone objects.
Default value: 783
writeauthorityns
Boolean
Specifies whether the DNS Server writes NS and SOA records to the authority section on successful response.
Default value: false
xfrconnecttimeout
Integer
Time, in seconds, the DNS Server waits for a successful TCP connection to a remote server when attempting a zone transfer.
Default value: 30
active_directory::
domain_controller
class.
domain_credential_user
String
The username for a user that has/will have domain administrator rights.
domain_credential_passwd
String
The password for the user that has/will have domain admininstrator rights.
safe_mode_passwd
String
The password for safe mode. The user for this is set to 'Admininstrator'.
domain_name
String
The name of he domain to be managed.
ad_creation_retry_attempts
String
The number of times a non-Forest domain controller will attempt to contact the Forest controller to
Default value: '5'
ad_creation_retry_interval
String
The interval between attempts that the non-Forest domain controller will attempt to contact the Forest
Default value: '5'
ad_db_path
String
The path where the Active Directory Database will be created/managed.
Default value: 'C:\Windows\NTDS'
ad_log_path
String
The log path for Active Directory logs.
Default value: 'C:\Windows\NTDS'
ad_users
Optional[Hash]
A hash of Active Directory users to create. Must bw of the type dsc_xaduser
.
Default value: {}
parent_dns_addr
Optional[String]
IP address of parent DNS server.
Default value: undef
parent_domain_name
Optional[String]
The name of the parent domain this domain will belong to. Not required for a new Forest.
Default value: undef
sysvol_path
String
The system volumne path for Active Directory.
Default value: 'C:\Windows\SYSVOL'
active_direct
ory::dns_ad_zone
defined type does not function https://github.com/PowerShell/xDnsServer/issues/53
active_directory::dns_ad_zone { 'puppet.local':
domain_credential_user => 'Administrator',
domain_credential_passwd => "P00rP@ssword123',
replicationscope => 'Forest',
dynamicupdate => 'Secure',
}
active_directory::
dns_ad_zone
defined type.
domain_credential_user
String
The username for a user that has/will have domain administrator rights.
domain_credential_passwd
String
The password for the user that has/will have domain admininstrator rights.
replicationscope
Active_directory::Rep
licationscope
Scope of replication for zone. Can be "Custom", "custom", "Domain", "domain", "Forest", "forest", "Legacy", or "legacy"
Default value: 'Forest'
dynamicupdate
Active_directory::Dyn
amicupdate
Determine how updates are performed. Can be "None", "none", "NonsecureAndSecure", "nonsecureandsecure", "Secure", or "secure"
Default value: 'Secure'
directorypartitionname
Optional[String]
Name of directory partition.
Default value: undef
Parameters | |
---|---|
domain
| Domain name to use for the new A record. Will be made lowercase String[1] |
ip
| IP address of the entry to create String[1] |
name
| The name of the host/device etc String[1] |
Parameters | |
---|---|
admin_password
| The password of the administrator. Also used as the safe password String[1] |
allow_reboot
| Boolean to determine if rebooting the node is allowed Optional[Boolean] |
domain
| Domain name to use for the new forest. Will be made lowercase String[1] |
install_dns
| Boolean to determine if DNS server is installed Optional[Boolean] |
netbios_domain_name
| NETBIOS name to use for the new forest. Will be made uppercase String[1] |
Parameters | |
---|---|
domain_name
| Name of the domain, lowercase String[1] |
Parameters | |
---|---|
new_domain_name
| String[1] |
new_hostname
| New hostname to use for the node String[1] |
Parameters | |
---|---|
fqdn
| The full qualified domain name of the host running the service String[1] |
service
| The service to create the SPN for String[1] |
user
| The AD user that will be associated with the service String[1] |
puppetlabs-dsc
version1.
9.0
or greater, which has replace dsc_xdnsserveraddress
with dsc
_dnsserveraddress
.
Updated version of PDK.
Using Hiera data in-module.
Features
Bugfixes
Known Issues