WIP: Fixed vdc-windows_ad to Windows 2016

manifests/conf_forest.pp

@@ -22,7 +22,7 @@
 #    logpath                   => 'c:\\windows\\ntds',
 #    sysvolpath                => 'c:\\windows\\sysvol',
 #    dsrmpassword              => $dsrmpassword,
-#    installdns                => 'yes',
+#    installdns                => 'true',
 #    localadminpassword        => 'password',
 #    force                     => true,
 #    forceremoval              => true,
@@ -31,7 +31,7 @@
 #  }
 #
 # === Authors
-#
+# 
 # Jerome RIVIERE (www.jerome-riviere.re)
 #
 # === Copyright
@@ -40,89 +40,88 @@
 #
 class windows_ad::conf_forest (
   #install parameters
-  $ensure                    = $ensure,
-  $domainname                = $domainname,
-  $netbiosdomainname         = $netbiosdomainname,
-  $domainlevel               = $domainlevel,
-  $forestlevel               = $forestlevel,
-  $globalcatalog             = $globalcatalog,
-  $databasepath              = $databasepath,
-  $logpath                   = $logpath,
-  $sysvolpath                = $sysvolpath,
-  $dsrmpassword              = $dsrmpassword,
-  $installdns                = $installdns,
-  $kernel_ver                = $kernel_ver,
-  $timeout                   = 0,
-  $configureflag             = $configureflag,
+  Enum['present', 'absent'] $ensure  = $ensure,
+  String $domainname                 = $domainname,
+  String $netbiosdomainname          = $netbiosdomainname,
+  Integer[4,6] $domainlevel          = $domainlevel,
+  Integer[4,6] $forestlevel          = $forestlevel,
+  String $globalcatalog              = $globalcatalog,
+  String $databasepath               = $databasepath,
+  String $logpath                    = $logpath,
+  String $sysvolpath                 = $sysvolpath,
+  String $dsrmpassword               = $dsrmpassword,
+  Boolean $installdns                = $installdns,
+  String $kernel_ver                 = $kernel_ver,
+  Integer $timeout                   = 0,
+  Boolean $configureflag             = $configureflag,
 
   #removal parameters
-  $localadminpassword        = $localadminpassword, #admin password required for removal
-  $force                     = $force,
-  $forceremoval              = $forceremoval,
-  $uninstalldnsrole          = $uninstalldnsrole,
-  $demoteoperationmasterrole = $demoteoperationmasterrole,
+  String $localadminpassword         = $localadminpassword, #admin password required for removal
+  Boolean $force                     = $force,
+  Boolean $forceremoval              = $forceremoval,
+  String $uninstalldnsrole           = $uninstalldnsrole,
+  Boolean $demoteoperationmasterrole = $demoteoperationmasterrole,
 ){
-  validate_bool($configureflag)
   if ($configureflag == true){
-    if $force { $forcebool = 'true' } else { $forcebool = 'false' }
-    if $forceremoval { $forceboolremoval = 'true' } else { $forceboolremoval = 'false' }
-    if $demoteoperationmasterrole { $demoteoperationmasterrolebool = 'true' } else { $demoteoperationmasterrolebool = 'false' }
+    if $force { $forcebool = true } else { $forcebool = false }
+    if $forceremoval { $forceboolremoval = true } else { $forceboolremoval = false }
+    if $demoteoperationmasterrole { $demoteoperationmasterrolebool = true } else { $demoteoperationmasterrolebool = false }
 
     # If the operating is server 2012 then run the appropriate powershell commands if not revert back to the cmd commands
     if ($ensure == 'present') {
-      if ($kernel_ver =~ /^6\.2|^6\.3/) {
-        if ($installdns == 'yes'){
+      if ($kernel_ver =~ /^6\.1/) {
+        # Deploy Server 2008 R2 Active Directory
+        exec { 'Config ADDS 2008':
+          command => "cmd.exe /c dcpromo /unattend /InstallDNS:yes /confirmGC:${globalcatalog} /NewDomain:forest /NewDomainDNSName:${domainname} /domainLevel:${domainlevel} /forestLevel:${forestlevel} /ReplicaOrNewDomain:domain /databasePath:${databasepath} /logPath:${logpath} /sysvolPath:${sysvolpath} /SafeModeAdminPassword:${dsrmpassword}", # lint:ignore:140chars
+          path    => 'C:\windows\sysnative',
+          unless  => "sc \\\\${::fqdn} query ntds",
+          timeout => $timeout,
+        }
+      }else{
+        $command = "Import-Module ADDSDeployment; Install-ADDSForest -Force -DomainName ${domainname} -DomainMode ${domainlevel} -DomainNetbiosName ${netbiosdomainname} -ForestMode ${forestlevel} -DatabasePath ${databasepath} -LogPath ${logpath} -SysvolPath ${sysvolpath} -NoRebootOnCompletion -SafeModeAdministratorPassword (convertto-securestring '${dsrmpassword}' -asplaintext -force)" # lint:ignore:140chars
+        if ($installdns == true){
           # Deploy Server 2012 Active Directory
           exec { 'Config ADDS':
-            command     => "Import-Module ADDSDeployment; Install-ADDSForest -Force -DomainName ${domainname} -DomainMode ${domainlevel} -DomainNetbiosName ${netbiosdomainname} -ForestMode ${forestlevel} -DatabasePath ${databasepath} -LogPath ${logpath} -SysvolPath ${sysvolpath} -NoRebootOnCompletion -SafeModeAdministratorPassword (convertto-securestring '${dsrmpassword}' -asplaintext -force) -InstallDns",
-            provider    => powershell,
-            onlyif      => "if((gwmi WIN32_ComputerSystem).Domain -eq \'${domainname}\'){exit 1}",
-            timeout     => $timeout,
+            command  => "${command} -InstallDns",
+            provider => powershell,
+            onlyif   => "if((gwmi WIN32_ComputerSystem).Domain -eq \'${domainname}\'){exit 1}",
+            timeout  => $timeout,
           }
-        }
-        else{
+        }else{
           # Deploy Server 2012 Active Directory Without DNS
           exec { 'Config ADDS':
-            command     => "Import-Module ADDSDeployment; Install-ADDSForest -Force -DomainName ${domainname} -DomainMode ${domainlevel} -DomainNetbiosName ${netbiosdomainname} -ForestMode ${forestlevel} -DatabasePath ${databasepath} -LogPath ${logpath} -SysvolPath ${sysvolpath} -NoRebootOnCompletion -SafeModeAdministratorPassword (convertto-securestring '${dsrmpassword}' -asplaintext -force)",
-            provider    => powershell,
-            onlyif      => "if((gwmi WIN32_ComputerSystem).Domain -eq \'${domainname}\'){exit 1}",
-            timeout     => $timeout,
+            command  => $command,
+            provider => powershell,
+            onlyif   => "if((gwmi WIN32_ComputerSystem).Domain -eq \'${domainname}\'){exit 1}",
+            timeout  => $timeout,
           }
         }
-      }else {
-        # Deploy Server 2008 R2 Active Directory
-        exec { 'Config ADDS 2008':
-          command => "cmd.exe /c dcpromo /unattend /InstallDNS:yes /confirmGC:${globalcatalog} /NewDomain:forest /NewDomainDNSName:${domainname} /domainLevel:${domainlevel} /forestLevel:${forestlevel} /ReplicaOrNewDomain:domain /databasePath:${databasepath} /logPath:${logpath} /sysvolPath:${sysvolpath} /SafeModeAdminPassword:${dsrmpassword}",
+      }
+    }else{ #uninstall AD
+      if ($kernel_ver =~ /^6\.1/) {
+        # uninstall Server 2008 R2 Active Directory -> not tested
+        exec { 'Uninstall ADDS 2008':
+          command => 'cmd.exe /c dcpromo /forceremoval',
           path    => 'C:\windows\sysnative',
           unless  => "sc \\\\${::fqdn} query ntds",
           timeout => $timeout,
         }
-      }
-    }else{ #uninstall AD
-      if ($kernel_ver =~ /^6\.2|^6\.3/) {
+      }else{
         if($localadminpassword != ''){
           exec { 'Uninstall ADDS':
-            command     => "Import-Module ADDSDeployment;Uninstall-ADDSDomainController -LocalAdministratorPassword (ConvertTo-SecureString \'${localadminpassword}\' -asplaintext -force) -Force:$${forcebool} -ForceRemoval:$${forceboolremoval} -DemoteOperationMasterRole:$${demoteoperationmasterrolebool} -SkipPreChecks",
-            provider    => powershell,
-            onlyif      => "if((gwmi WIN32_ComputerSystem).Domain -eq 'WORKGROUP'){exit 1}",
-            timeout     => $timeout,
+            command  => "Import-Module ADDSDeployment;Uninstall-ADDSDomainController -LocalAdministratorPassword (ConvertTo-SecureString \'${localadminpassword}\' -asplaintext -force) -Force:$${forcebool} -ForceRemoval:$${forceboolremoval} -DemoteOperationMasterRole:$${demoteoperationmasterrolebool} -SkipPreChecks", # lint:ignore:140chars
+            provider => powershell,
+            onlyif   => "if((gwmi WIN32_ComputerSystem).Domain -eq 'WORKGROUP'){exit 1}",
+            timeout  => $timeout,
           }
           if($uninstalldnsrole == 'yes'){
             exec { 'Uninstall DNS Role':
-            command   => "Import-Module ServerManager; Remove-WindowsFeature DNS -Restart",
-            onlyif    => "Import-Module ServerManager; if (@(Get-WindowsFeature DNS | ?{\$_.Installed -match \'true\'}).count -eq 0) { exit 1 }",
-            provider  => powershell,
+            command  => 'Import-Module ServerManager; Remove-WindowsFeature DNS -Restart',
+            onlyif   => "Import-Module ServerManager; if (@(Get-WindowsFeature DNS | ?{\$_.Installed -match \'true\'}).count -eq 0) { exit 1 }", # lint:ignore:140chars
+            provider => powershell,
             }
           }
         }
-      }else{
-        # uninstall Server 2008 R2 Active Directory -> not tested
-        exec { 'Uninstall ADDS 2008':
-          command => "cmd.exe /c dcpromo /forceremoval",
-          path    => 'C:\windows\sysnative',
-          unless  => "sc \\\\${::fqdn} query ntds",
-          timeout => $timeout,
-        }
       }
     }
   }

manifests/group.pp

@@ -57,15 +57,15 @@
 
   if($ensure == 'present'){
     exec { "Add Group - ${groupname}":
-      command     => "import-module activedirectory;New-ADGroup -Description '${description}' -DisplayName '${displayname}' -Name '${groupname}' -GroupCategory '${groupcategory}' -GroupScope '${groupscope}' -Path '${path}'",
-      onlyif      => "\$groupname = \"${groupname}\";\$path = \"${path}\";\$oustring = \"CN=\$groupname,\$path\"; if([adsi]::Exists(\"LDAP://\$oustring\")){exit 1}",
-      provider    => powershell,
+      command  => "import-module activedirectory;New-ADGroup -Description '${description}' -DisplayName '${displayname}' -Name '${groupname}' -GroupCategory '${groupcategory}' -GroupScope '${groupscope}' -Path '${path}'",
+      onlyif   => "\$groupname = \"${groupname}\";\$path = \"${path}\";\$oustring = \"CN=\$groupname,\$path\"; if([adsi]::Exists(\"LDAP://\$oustring\")){exit 1}",
+      provider => powershell,
     }
   }else{
     exec { "Remove Group - ${groupname}":
-      command     => "import-module activedirectory;Remove-ADGroup -identity '${groupname}' -confirm:$${confirmdeletion}",
-      onlyif      => "\$groupname = \"${groupname}\";\$path = \"${path}\";\$oustring = \"CN=\$groupname,\$path\"; if([adsi]::Exists(\"LDAP://\$oustring\")){}else{exit 1}",
-      provider    => powershell,
+      command  => "import-module activedirectory;Remove-ADGroup -identity '${groupname}' -confirm:$${confirmdeletion}",
+      onlyif   => "\$groupname = \"${groupname}\";\$path = \"${path}\";\$oustring = \"CN=\$groupname,\$path\"; if([adsi]::Exists(\"LDAP://\$oustring\")){}else{exit 1}",
+      provider => powershell,
     }
   }
 }

manifests/groupmembers.pp

@@ -48,15 +48,15 @@
 
   if($ensure == 'present'){
     exec { "Add Group Member - ${name}":
-      command     => "import-module activedirectory;\$values='${members}';\$split=\$values.split(',');foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value;}catch{\$user = \$null};if(\$user -ne \$null){Add-ADGroupMember '${groupname}' -Member \$value}}",
-      onlyif      => "import-module activedirectory;\$member=\$null;\$values='${members}';\$split=\$values.split(',');try{\$group = get-adgroup '${groupname}';}catch{\$group = \$null;};foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value}catch{\$user = \$null};if(\$group -ne \$null){if(\$user -ne \$null){foreach(\$allmember in Get-ADGroupMember '${groupname}'){\$one = \$value.tolower() -replace '\"','';if(\$one -eq \$allmember.SamAccountName.tolower()){if(\$member -eq \$null){\$member='\"'+\$allmember.SamAccountName+'\"';}else{\$member+=',\"'+\$allmember.SamAccountName+'\"';}}}if('${members}' -eq \$member){exit 1}}else{if('${members}' -match \$member){exit 1}}}else{exit 1}}",
-      provider    => powershell,
+      command  => "import-module activedirectory;\$values='${members}';\$split=\$values.split(',');foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value;}catch{\$user = \$null};if(\$user -ne \$null){Add-ADGroupMember '${groupname}' -Member \$value}}",
+      onlyif   => "import-module activedirectory;\$member=\$null;\$values='${members}';\$split=\$values.split(',');try{\$group = get-adgroup '${groupname}';}catch{\$group = \$null;};foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value}catch{\$user = \$null};if(\$group -ne \$null){if(\$user -ne \$null){foreach(\$allmember in Get-ADGroupMember '${groupname}'){\$one = \$value.tolower() -replace '\"','';if(\$one -eq \$allmember.SamAccountName.tolower()){if(\$member -eq \$null){\$member='\"'+\$allmember.SamAccountName+'\"';}else{\$member+=',\"'+\$allmember.SamAccountName+'\"';}}}if('${members}' -eq \$member){exit 1}}else{if('${members}' -match \$member){exit 1}}}else{exit 1}}",
+      provider => powershell,
     }
   }else{
     exec { "Remove Group Member - ${name}":
-      command     => "import-module activedirectory;\$values='${members}';\$split=\$values.split(',');foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value}catch{\$user = \$null};if(\$user -ne \$null){Remove-ADGroupMember '${groupname}' -Member \$value -Confirm:\$False}}",
-      onlyif      => "import-module activedirectory;\$member=\$null;\$values=${members};\$split=\$values.split(',');try{\$group = get-adgroup '${groupname}';}catch{\$group = \$null;};foreach(\$value in \$split){if((\$group -ne \$null) -and ((Get-ADGroupMember -Identity ${groupname}) -ne \$null)){foreach(\$allmember in Get-ADGroupMember '${groupname}'){\$one = \$value.tolower();if(\$one -eq \$allmember.SamAccountName.tolower()){if(\$member-eq\$null){\$member='\"'+\$allmember.SamAccountName+'\"';}else{\$member+=',\"'+\$allmember.SamAccountName+'\"';}}};if('${members}' -cmatch \$member){}else{exit 1}}else{exit 1}}",
-      provider    => powershell,
+      command  => "import-module activedirectory;\$values='${members}';\$split=\$values.split(',');foreach(\$value in \$split){try{\$value = \$value.Replace('\"','');\$user = Get-ADUser \$value}catch{\$user = \$null};if(\$user -ne \$null){Remove-ADGroupMember '${groupname}' -Member \$value -Confirm:\$False}}",
+      onlyif   => "import-module activedirectory;\$member=\$null;\$values=${members};\$split=\$values.split(',');try{\$group = get-adgroup '${groupname}';}catch{\$group = \$null;};foreach(\$value in \$split){if((\$group -ne \$null) -and ((Get-ADGroupMember -Identity ${groupname}) -ne \$null)){foreach(\$allmember in Get-ADGroupMember '${groupname}'){\$one = \$value.tolower();if(\$one -eq \$allmember.SamAccountName.tolower()){if(\$member-eq\$null){\$member='\"'+\$allmember.SamAccountName+'\"';}else{\$member+=',\"'+\$allmember.SamAccountName+'\"';}}};if('${members}' -cmatch \$member){}else{exit 1}}else{exit 1}}",
+      provider => powershell,
     }
   }
-}
+}