configure automatic domain join and computer naming - active-directory

Configure automatic domain join, automatic computer naming, and place new computer accounts in the appropriate organizational unit (OU).
Receive a Deploy request from the reference computer and deploy the install image using PXE and network installation.
this is what I have to do after I configured the active directory and create the users and peppered the WPS server in windows server 2016 but I have no idea what is this or how to do it any think for help please.

• You can achieve the three things, i.e., joining the computer to domain, placing it in an OU and renaming the computer system through a single script but the other two tasks as stated by you, i.e., receive a deploy request from the reference computer and deploy the install image using PXE and network installation should be done afterwards. For the other two tasks, you can configure a Windows Deployment Services server and deploy an image to be deployed to the respective networks, while also enabling PXE in it and the DHCP server scope also.
• Please find the below script to join the computer to a particular OU and rename it thereafter. Create a ‘.csv’ file containing the current names of the computers to be joined to the domain and renamed. Then run the below script on each computer individually: -
‘ Enable-PSRemoting -SkipNetworkProfileCheck -Force ’ --> After running this cmd locally on each computer, run the below script from a domain controller as it will connect remotely through powershell to each computer and join it to domain
‘ Import-Module ActiveDirectory
$inputFilePath = <Path of the csv file>
$computers = Get-Content -Path $inputFilePath
$domain = <domainname>
$credentials = Get-credential -username <domain admin username> -password <password>
foreach ($computer in $computers)
{
$ScriptBlock = {Param($computer)
Add-Computer -DomainName $domain -ComputerName $computer -newname <NewComputerName> -OUPath “OU=testOU,DC=domain,DC=Domain,DC=com”-Credential $credentials -Restart -Force
}
$session = New-PSSession -ComputerName $computer
Invoke-Command -Session $session -ScriptBlock $ScriptBlock -ArgumentList $computer
Remove-PSSession -Session $session
} ’
• For deploying an image through WDS after domain joining through PXE, refer the following link: -
https://www.microsoftpressstore.com/articles/article.aspx?p=3089351&seqNum=4

Related

Modern Approach to WPF Telerik Grid Manifest Azure DevOps

Is there a modern approach to exclude manifest certificate private keys from a repository deployment using Azure DevOps without losing related functionality?
I am migrating a code repository that contains a WPF Telerik grid from Team Foundation Server to Azure DevOps. I noticed sensitive information such as an X.509 Certificate Private Key in a TemporaryKey.pfx file that seems to handle the Telerik grid manifest download in production.
I attempted to removed the manifests and OneClick signing outright and see related pages are now throwing errors like the following:
Application manifest has either a different computed hash than the one specified or no hash
Within the .csproj
I see 2 potential lines to remove from the .csproj but I do not want to introduce a security risk if this is a critical security component.
<GenerateManifests>true</GenerateManifests>
<SignManifests>false</SignManifests>
Using a key vault would be another alternative, however I imagine this is circumventing a larger security issue.
Edit:
After some trial and error I have included the corresponding pfx as a secure file and added powershell scripts to install the pfx on the local agent and sign the manifest as I would in the regular application (Sign the OneClick manifests). Now I am receiving
Error MSB3482: An error occurred while signing: A certificate chain
could not be built to a trusted root authority.
My YAML looks like the following:
- task: DownloadSecureFile#1
name: TemporaryKey
displayName: 'Download TemporaryKey certificate'
inputs:
secureFile: 'TemporaryKey.pfx'
#Install TemporaryKey certificate for manifest
- task: PowerShell#2
inputs:
targetType: 'inline'
script: |
Write-Host "Start adding the PFX file to the certificate store."
$secName = "TemporaryKey.pfx"
$tempDirectory = $env:AGENT_TEMPDIRECTORY
$pfxFilePath = Join-Path $tempDirectory $secName
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxFilePath, "$(Password)", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
#Sign manifest using TemporaryKey
- task: PowerShell#2
displayName: "Sign TemporaryKey PowerShell script"
inputs:
targetType: 'inline'
script: |
$magicToken = "#PerformScriptSigning"
$encoding = "UTF8"
$scriptFolder = "."
#No files found here
$scripts = Get-ChildItem -Path $scriptFolder -Filter "*.ps1" -Recurse -ErrorAction Stop
foreach ($script in $scripts) {
try {
$content = Get-Content -Path $script.FullName -Encoding $encoding
if ($content.Contains($magicToken)) {
$content = $content | Where-Object {$_ -notmatch $magicToken}
Set-Content -Value $content -Path $script.FullName -Encoding $encoding -Force
# load cert
$codeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
Write-Output "Signing script `"$($script.Name)`" with certificate `"$($codeSigningCert.Thumbprint)`""
# sign script
$null = Set-AuthenticodeSignature -Certificate $codeSigningCert -FilePath $script.FullName -TimestampServer "http://timestamp.comodoca.com/rfc3161"
# copy to artifact staging location
$null = Copy-Item -Path $script.FullName -Destination $env:Build_ArtifactStagingDirectory
}
}
catch {
Write-Error $_
}
}
From my understanding this process should create .ps1 files to sign the project, however there are no .ps1 files found in the signing script. The install script can open the file and does successfully install it to the store. I wrote out the TemporaryKey.pfx cert from before storing it to ensure it was opening without error.
I'm not clear how signing works in this case.
The "modern" or recommended approach would be to upload the .pfx file as secure file to Azure DevOps and then download it and sign your app with it during the build or release pipeline.
This article contains an example of a YAML pipeline that uses a secure .pfx to sign an MSIX packaged WPF app.

Load data into SQL Server using Powershell without Credential Prompt

I am trying to load a CSV file into a remote SQL Server instance. This is the command I am running:
Write-SqlTableData -DatabaseName my_db_name -TableName my_table_name -ServerInstance my_server_instance -SchemaName dbo -InputData $data -force
I am trying to use the credential parameter, but it is giving me a prompt. I want to automate this process, so I need to bypass the prompt.
Write-SqlTableData -DatabaseName my_db_name -TableName my_table_name -ServerInstance my_server_instance -SchemaName dbo -Credential $cred -InputData $data -force

Import-pssession SQLPS throws "Arithmetic operation resulted in an overflow" error

I am running PS script from the client machine (Win7) that does not have SQLPS (Ms SQL Server Database Engine) installed.
The script is doing a bunch of SQL queries from two different SQL servers that have the same version (let's call it source and destination).
As the client machine does not have SQLPS installed, I decided to use import-pssession functionality.
Unfortunately, when I import the SQLPS module the third/fourth time, it throws the "Arithmetic operation resulted in an overflow" error.
To simplify what I want, the following is the snippet of my code:
#SQL Query to find out the default folder for sql backup on the SQL SERVER
$tempSQLQuery = "EXECUTE [master].dbo.xp_instance_regread N'HKEY_LOCAL_MACHINE', N'SOFTWARE\Microsoft\MSSQLServer\MSSQLServer', N'BackupDirectory'"
#Source
#Get SQL App Server Credential
$MyCredential = Get-Credential -UserName $($sourceSQLServer + "\" + $sourceSQLServerUsername) -Message "Enter SQL application server Username and Password"
Write-Output "Import SQLPS from source SQL app server"
$Global:P_sourceSQLRemoteSession = New-PSSession -ComputerName $sourceSQLServer -Authentication negotiate -Credential $MyCredential
$sessionID = Import-PSSession -Session $Global:P_sourceSQLRemoteSession -Module SQLPS -DisableNameChecking -AllowClobber
Write-Output "Run query against source SQL Server"
#Run query against source SQL
Invoke-Sqlcmd -ServerInstance $sourceSQLServerInstance -username $sourceSQLServerSA -password $sourceSQLServerSAPassword -query $tempSQLQuery
#Destination
#Get SQL App Server Credential
$MyCredential = Get-Credential -UserName $($destinationSQLServer + "\" + $destinationSQLServerUsername) -Message "Enter SQL application server Username and Password"
Write-Output "Import SQLPS from destination SQL app server"
$Global:P_destinationSQLRemoteSession = New-PSSession -ComputerName $destinationSQLServer -Authentication negotiate -Credential $MyCredential
$sessionID = Import-PSSession -Session $Global:P_destinationSQLRemoteSession -Module SQLPS -DisableNameChecking -AllowClobber
Write-Output "Run query against destination SQL Server"
#Run the same query, against destination SQL server
Invoke-Sqlcmd -ServerInstance $destinationSQLServerInstance -username $destinationSQLServerSA -password $destinationSQLServerSAPassword -query $tempSQLQuery
#Remove session / cleanup
#Remove-PSSession -Session $Global:P_destinationSQLRemoteSession
Now, let's say, I am not importing the SQLPS from the destination SQL server:
#SQL Query to find out the default folder for sql backup on the SQL SERVER
$tempSQLQuery = "EXECUTE [master].dbo.xp_instance_regread N'HKEY_LOCAL_MACHINE', N'SOFTWARE\Microsoft\MSSQLServer\MSSQLServer', N'BackupDirectory'"
#Source
#Get SQL App Server Credential
$MyCredential = Get-Credential -UserName $($sourceSQLServer + "\" + $sourceSQLServerUsername) -Message "Enter SQL application server Username and Password"
Write-Output "Import SQLPS from source SQL app server"
$Global:P_sourceSQLRemoteSession = New-PSSession -ComputerName $sourceSQLServer -Authentication negotiate -Credential $MyCredential
$sessionID = Import-PSSession -Session $Global:P_sourceSQLRemoteSession -Module SQLPS -DisableNameChecking -AllowClobber
Write-Output "Run query against source SQL Server"
#Run query against source SQL
Invoke-Sqlcmd -ServerInstance $sourceSQLServerInstance -username $sourceSQLServerSA -password $sourceSQLServerSAPassword -query $tempSQLQuery
#Remove session / cleanup
#Remove-PSSession -Session $Global:P_sourceSQLRemoteSession
#Destination - with same SQLPS module from source SQL app server
#Get SQL App Server Credential
$MyCredential = Get-Credential -UserName $($destinationSQLServer + "\" + $destinationSQLServerUsername) -Message "Enter SQL application server Username and Password"
Write-Output "Run query against destination SQL Server using source SQL imported module"
#Run the same query, against destination SQL server
Invoke-Sqlcmd -ServerInstance $destinationSQLServerInstance -username $destinationSQLServerSA -password $destinationSQLServerSAPassword -query $tempSQLQuery**
The following error is resulted:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
What do you think could cause this issue?
Can you think of an alternative method to achieve what I want? should I just have the client machine that will run PS1 script to install SQL module/add-on?
Thanks heaps!

bat file for setting IIS App pool

Can i set an Website's App Pool in IIS using the bat file or any other scripts?
You could run msdeploy.exe and pass in parameters and set the AppPool as follows something like this:
msdeploy.exe
-verb:sync -source:appHostConfig="Default Web Site"
-enableLink:AppPoolExtension
-dest:package=site.zip
-declareParam:name="Application Pool",
defaultValue="Default Web Site",
description="Application pool for this site",
kind=DeploymentObjectAttribute,
scope=appHostConfig,
match="application/#applicationPool"
You can use powershell:
import-module WebAdministration
Set-ItemProperty 'IIS:\Sites\Default Web Site' ApplicationPool NewAppPoolName

Connecting to remote SQL Server instance using SQL auth via SqlPowershell?

I'm trying to use SqlPowershell/SqlPS (Import-Module sqlps) to connect to a server on my local network. I followed the instructions here to create a function that predefines a server/database and the login and prompts each time for the password:
function sqldrive
{
param( [string]$name, [string]$login = "<myLogin>", [string]$root = "SQLSERVER:\SQL\<serverName>\<databaseName>" )
$pwd = read-host -AsSecureString -Prompt "Password"
$cred = new-object System.Management.Automation.PSCredential -argumentlist $login,$pwd
New-PSDrive $name -PSProvider SqlServer -Root $root -Credential $cred -Scope 1
}
However, after running sqldrive <someName> and entering my password, it fails to connect, giving two messages:
WARNING: Could not obtain SQL Server Service information. An attempt to connect to WMI on '<serverName>' failed with
the following error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
and
New-PSDrive : SQL Server PowerShell provider error: Path SQLSERVER:\SQL\<serverName>\<databaseName> does not exist. Please
specify a valid path.
At line:6 char:5
+ New-PSDrive $name -PSProvider SqlServer -Root $root -Credential $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (SQLSERVER:\SQL\<serverName>\<databaseName>:String) [New-PSDrive], GenericProviderException
+ FullyQualifiedErrorId : PathDoesNotExist,Microsoft.PowerShell.Commands.NewPSDriveCommand
Can anyone spot where I'm going wrong? I can work with the same server just fine using those credentials via SSMS.

Resources