-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMemberServerSQL.ps1
More file actions
151 lines (129 loc) · 6.44 KB
/
Copy pathMemberServerSQL.ps1
File metadata and controls
151 lines (129 loc) · 6.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#BEGIN POWERSHELL SCRIPT
#This DSC has a number of pre-requisites that must be cleared before this automation will succeed
#If you are the first SQL DSC User in a new forest than it will fall upon you to clear these pre-requisites
#If you are the second or more user of SQL in a forest than these pre-requistes may be already handled
#Add the Computer Account to the Admin-gmsa-SQL-Group in Active Directory, this will grant the machine permissions to use the gmsa Account
#Add the Admin-SQL-Group to the Local Administrators group on your machine to grant the SQL Admin Permission to the box
#Unpack your SQL installation files into the location specified in $SqlInstallerSourcePath using the folder name specified
Configuration MemberServerSQL{
#Import Code Resources for Configuration
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DscResource -ModuleName 'xPSDesiredStateConfiguration'
Import-DscResource -ModuleName 'ComputerManagementDSC'
Import-DscResource -ModuleName 'xSystemSecurity'
Import-DscResource -ModuleName 'SqlServerDsc'
Import-DscResource -ModuleName 'NetworkingDsc'
Import-DscResource -ModuleName 'xDSCDomainjoin'
#Initialize Variables
$SqlInstallerSourcePath = "C:\Admin\SQL2016_x64_ENU"
$ADMIN_PATH = Get-AutomationVariable -Name "ADMIN_PATH"
$API_FOLDER_PATH = Get-AutomationVariable -Name "API_FOLDER_PATH"
$DOMAIN_NAME= Get-AutomationVariable -Name "DOMAIN_NAME"
$SQL_ADMIN_GROUP = Get-AutomationVariable -Name "SQL_ADMIN_GROUP"
$SQL_GMSA_ACCOUNT = Get-AutomationVariable -Name "SQL_GMSA_ACCOUNT"
#Import Credentials From Azure Vault
$DOMAIN_JOIN = Get-AutomationPSCredential -Name "DOMAIN_JOIN"
#Initialize Group Managed Service Account - Passwords are not used but required due to a dscResource limitation
$NewADUserCred = ConvertTo-SecureString "BogusPasswordWorkaround!1" -AsPlainText -Force
$SqlServiceCredential = New-Object System.Management.Automation.PSCredential("$SQL_GMSA_ACCOUNT", $NewADUserCred)
#Windows features to install
$Features = @(
'Net-Framework-45-Core'
)
Node Node{
#------------------#
# Base OS Settings #
#------------------#
#Set UAC Configuration
xUAC UAC{
Setting = "AlwaysNotify"
}
#Set and monitor the Timezone
TimeZone TimeZoneSet{
IsSingleInstance = 'Yes'
TimeZone = 'Pacific Standard Time'
}
#Set and monitor PowerShell Execution policy
PowerShellExecutionPolicy PowerShellExecutionPolicySet{
ExecutionPolicyScope = 'LocalMachine'
ExecutionPolicy = 'RemoteSigned'
}
#Create the Admin Folder
File AdminFolder{
Ensure = 'Present'
Type = 'Directory'
DestinationPath = $ADMIN_PATH
}
#Delete the API Registration Folder
File RemoveAPIFolder{
Ensure = 'Absent'
Type = 'Directory'
Force = $true
DestinationPath = $API_FOLDER_PATH
}
#Join Active Directory Domain
xDSCDomainjoin JoinDomain{
Domain = $DOMAIN_NAME
Credential = $DOMAIN_JOIN
}
#------------------#
# Install Services #
#------------------#
#Windows Features Installation
WindowsFeatureSet InstallFeatures{
Name = $Features
Ensure = 'Present'
IncludeAllSubFeature = $true
}
#SQL Server Install Configuration
SqlSetup 'InstallNamedInstance-SCVMMSQL'{
Action = 'Install'
InstanceName = 'SCVMMSQL'
SQLSvcAccount = $SqlServiceCredential
AgtSvcAccount = $SqlServiceCredential
Features = 'SQLENGINE'
SQLSysAdminAccounts = @("$SQL_ADMIN_GROUP")
SQLCollation = 'SQL_Latin1_General_CP1_CI_AS'
InstallSharedDir = 'C:\Program Files\Microsoft SQL Server'
InstallSharedWOWDir = 'C:\Program Files (x86)\Microsoft SQL Server'
InstanceDir = 'C:\Program Files\Microsoft SQL Server'
InstallSQLDataDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data'
SQLUserDBDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data'
SQLUserDBLogDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data'
SQLTempDBDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data'
SQLTempDBLogDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data'
SQLBackupDir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Backup'
SourcePath = $SqlInstallerSourcePath
UpdateEnabled = $true
ForceReboot = $false
DependsOn = '[xDSCDomainjoin]JoinDomain'
}
#Configures SQL TCP Listening Port
SqlServerNetwork 'ChangeTcpIpOnDefaultInstance'{
InstanceName = 'SQL-SVC'
ProtocolName = 'Tcp'
IsEnabled = $true
TCPDynamicPort = $false
TCPPort = 50001
RestartService = $true
DependsOn = '[SqlSetup]InstallNamedInstance-SCVMMSQL'
}
#Configures the Firewall settings to allow SQL Connectivity
FireWall SQLFirewallRule
{
Name = "AllowSQLConnection"
DisplayName = 'Allow SQL Connection'
Group = 'DSC Configuration Rules'
Ensure = 'Present'
Enabled = 'True'
Profile = ('Domain')
Direction = 'InBound'
LocalPort = ('50001')
Protocol = 'TCP'
Description = 'Firewall Rule to allow SQL communication'
}
#------------------#
# Monitor Services #
#------------------#
}
}