application-workloads/rds/rds-deployment-existing-ad/DSC/Configuration.ps1

configuration DomainJoin { param ( [Parameter(Mandatory)] [String]$domainName, [Parameter(Mandatory)] [PSCredential]$adminCreds, [Int]$RetryCount=200, [Int]$RetryIntervalSec=30 ) Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xNetworking $domainCreds = New-Object System.Management.Automation.PSCredential ("$domainName\$($adminCreds.UserName)", $adminCreds.Password) Node localhost { LocalConfigurationManager { RebootNodeIfNeeded = $true } WindowsFeature ADPowershell { Name = "RSAT-AD-PowerShell" Ensure = "Present" } xWaitForADDomain DscForestWait { DomainName = $domainName DomainUserCredential= $domainCreds RetryCount = $RetryCount RetryIntervalSec = $RetryIntervalSec DependsOn = "[WindowsFeature]ADPowershell" } xComputer DomainJoin { Name = $env:COMPUTERNAME DomainName = $domainName Credential = $domainCreds DependsOn = "[xWaitForADDomain]DscForestWait" } Registry RdmsEnableUILog { Ensure = "Present" Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RDMS" ValueName = "EnableUILog" ValueType = "Dword" ValueData = "1" } Registry EnableDeploymentUILog { Ensure = "Present" Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RDMS" ValueName = "EnableDeploymentUILog" ValueType = "Dword" ValueData = "1" } Registry EnableTraceLog { Ensure = "Present" Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RDMS" ValueName = "EnableTraceLog" ValueType = "Dword" ValueData = "1" } Registry EnableTraceToFile { Ensure = "Present" Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RDMS" ValueName = "EnableTraceToFile" ValueType = "Dword" ValueData = "1" } } } configuration Gateway { param ( [Parameter(Mandatory)] [String]$domainName, [Parameter(Mandatory)] [PSCredential]$adminCreds ) Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xNetworking Node localhost { LocalConfigurationManager { RebootNodeIfNeeded = $true ConfigurationMode = "ApplyOnly" } DomainJoin DomainJoin { domainName = $domainName adminCreds = $adminCreds } xFirewall FirewallRuleForGWRDSH { Direction = "Inbound" Name = "Firewall-GW-RDSH-TCP-In" DisplayName = "Firewall-GW-RDSH-TCP-In" Description = "Inbound rule for CB to allow TCP traffic for configuring GW and RDSH machines during deployment." DisplayGroup = "Connection Broker" State = "Enabled" Access = "Allow" Protocol = "TCP" LocalPort = "5985" Ensure = "Present" } WindowsFeature RDS-Gateway { Ensure = "Present" Name = "RDS-Gateway" } WindowsFeature RDS-Web-Access { Ensure = "Present" Name = "RDS-Web-Access" } } } configuration SessionHost { param ( [Parameter(Mandatory)] [String]$domainName, [Parameter(Mandatory)] [PSCredential]$adminCreds ) Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xNetworking Node localhost { LocalConfigurationManager { RebootNodeIfNeeded = $true ConfigurationMode = "ApplyOnly" } DomainJoin DomainJoin { domainName = $domainName adminCreds = $adminCreds } xFirewall FirewallRuleForGWRDSH { Direction = "Inbound" Name = "Firewall-GW-RDSH-TCP-In" DisplayName = "Firewall-GW-RDSH-TCP-In" Description = "Inbound rule for CB to allow TCP traffic for configuring GW and RDSH machines during deployment." DisplayGroup = "Connection Broker" State = "Enabled" Access = "Allow" Protocol = "TCP" LocalPort = "5985" Ensure = "Present" } WindowsFeature RDS-RD-Server { Ensure = "Present" Name = "RDS-RD-Server" } } } configuration RDSDeployment { param ( [Parameter(Mandatory)] [String]$domainName, [Parameter(Mandatory)] [PSCredential]$adminCreds, # Connection Broker Node name [String]$connectionBroker, # Web Access Node name [String]$webAccessServer, # Gateway external FQDN [String]$externalFqdn, # RD Session Host count and naming prefix [Int]$numberOfRdshInstances = 1, [String]$sessionHostNamingPrefix = "SessionHost-", # Collection Name [String]$collectionName, # Connection Description [String]$collectionDescription ) Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1 Import-DscResource -ModuleName xActiveDirectory, xComputerManagement, xRemoteDesktopSessionHost $localhost = [System.Net.Dns]::GetHostByName((hostname)).HostName $externalFqdn = $webAccessServer $username = $adminCreds.UserName -split '\\' | select -last 1 $domainCreds = New-Object System.Management.Automation.PSCredential ("$domainName\$username", $adminCreds.Password) if (-not $connectionBroker) { $connectionBroker = $localhost } if (-not $webAccessServer) { $webAccessServer = $localhost } if ($sessionHostNamingPrefix) { $sessionHosts = @( 0..($numberOfRdshInstances-1) | % { "$sessionHostNamingPrefix$_.$domainname"} ) } else { $sessionHosts = @( $localhost ) } if (-not $collectionName) { $collectionName = "Desktop Collection" } if (-not $collectionDescription) { $collectionDescription = "A sample RD Session collection up in cloud." } Node localhost { LocalConfigurationManager { RebootNodeIfNeeded = $true ConfigurationMode = "ApplyOnly" ConfigurationModeFrequencyMins = 1200 } DomainJoin DomainJoin { domainName = $domainName adminCreds = $adminCreds } WindowsFeature RSAT-RDS-Tools { Ensure = "Present" Name = "RSAT-RDS-Tools" IncludeAllSubFeature = $true } WindowsFeature RDS-Licensing { Ensure = "Present" Name = "RDS-Licensing" } xRDSessionDeployment Deployment { DependsOn = "[DomainJoin]DomainJoin" ConnectionBroker = $connectionBroker WebAccessServer = $webAccessServer SessionHosts = $sessionHosts PsDscRunAsCredential = $domainCreds } xRDServer AddLicenseServer { DependsOn = "[xRDSessionDeployment]Deployment" Role = 'RDS-Licensing' Server = $connectionBroker PsDscRunAsCredential = $domainCreds } xRDLicenseConfiguration LicenseConfiguration { DependsOn = "[xRDServer]AddLicenseServer" ConnectionBroker = $connectionBroker LicenseServers = @( $connectionBroker ) LicenseMode = 'PerUser' PsDscRunAsCredential = $domainCreds } xRDServer AddGatewayServer { DependsOn = "[xRDLicenseConfiguration]LicenseConfiguration" Role = 'RDS-Gateway' Server = $webAccessServer GatewayExternalFqdn = $externalFqdn PsDscRunAsCredential = $domainCreds } xRDGatewayConfiguration GatewayConfiguration { DependsOn = "[xRDServer]AddGatewayServer" ConnectionBroker = $connectionBroker GatewayServer = $webAccessServer ExternalFqdn = $externalFqdn GatewayMode = 'Custom' LogonMethod = 'Password' UseCachedCredentials = $true BypassLocal = $false PsDscRunAsCredential = $domainCreds } xRDSessionCollection Collection { DependsOn = "[xRDGatewayConfiguration]GatewayConfiguration" ConnectionBroker = $connectionBroker CollectionName = $collectionName CollectionDescription = $collectionDescription SessionHosts = $sessionHosts PsDscRunAsCredential = $domainCreds } } }

application-workloads/rds/rds-deployment-existing-ad/DSC/Configuration.ps1 (280 lines of code) (raw):