Yesterday I was at the Swedish PowerShell User Group Community Day and I had a session about the System Center and deployment with PowerShell and talked about the PowerShell Deployment Toolkit.
Here is a screendump where I have installed VMM, AC,ORCH,SM,DPM,OM and also as you can see the automatic creation of shortcuts both on the desktop and the taskbar on the server that I have configured for console. As the PDT is designed to not kill itself I had to restart the deployment after rebooting the HV03 (the reason for this was the installation of .Net 3.51 which required the reboot) which was also the server running the deployment and the last part took 9 minutes. In a youtube video you can see how the deployment takes about an hour with the whole system center suite of roles and integrations between them, quite amazing!
One thing that is wrong in the package of PDT is the size of the Microsoft.Windows.Server.Library.mp so when the installer.ps1 is validating the size of the files the validation fails. This mp is not wrong it is just updated. Edit the workflow.xml file and set the right size and you should be fine.
In the workflow.xml file find the line and update the size to the correct value
I have created a small scripted file that creates all the AD accounts in the PDT as this is not included. This also create an OU that it puts all objects in so it will be more manageable and easy to find.
# Add all Accounts nesssesary for SC Deploy with PDT
#
# Niklas Akerlund
# Create OU´s for groups, users and Server objects
$OU = New-ADOrganizationalUnit -Name SCPDT -PassThru
$SAccounts = "installer","vmm","or","spf","ac","om_saa","om_das","om_dra","om_dwa","sm_s","sm_w","sm_r","sm_a","sm_p"
foreach ($Account in $SAccounts){
#Account creation
New-ADUser -Name $Account -SamAccountName $Account -AccountPassword (convertto-securestring -string "LUMA15gate" -asplaintext -force) -PasswordNeverExpires $true -Enabled $true -path $OU
get-adgroup "domain admins" | Add-ADGroupMember -Members (Get-ADUser $Account)
}
# rest of admin groups and stuff
New-ADGroup -Name SPFAdmins -path $OU -GroupScope Global -GroupCategory Security
New-ADGroup -Name SM_PDT -path $OU -GroupScope Global -GroupCategory Security
New-ADGroup -Name DW_PDT -path $OU -GroupScope Global -GroupCategory Security
New-ADGroup -Name SMAdmins -path $OU -GroupScope Global -GroupCategory Security
New-ADGroup -Name SQLAdmins -path $OU -GroupScope Global -GroupCategory Security
Get-ADGroup "SQLAdmins" | Add-ADGroupMember -Members (Get-ADgroup "domain Admins")
In a recent post I showed how to configure the DHCP server with multiple scopes of subnets with PowerShell and how blazing fast that could be done in the Windows 2012 compared to Windows 2008 R2.
One thing we might forget is to populate the Active Directory Sites and Services subnets with this information to get the clients to access the domain controllers that is nearest. As you can read in this technet post the reason for populating this:
“Domain controllers register service (SRV) resource records in Domain Name System (DNS) that identify their site names. Domain controllers also register host (A) resource records in DNS that identify their IP addresses. When a client requests a domain controller, it provides its site name to DNS. DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object. Otherwise, when a client requests a domain controller, the IP address that is returned might be the IP address of a domain controller in a distant site. When a client connects to a distant site, the result can be slow performance and unnecessary traffic on expensive WAN links.”
So as we do not want to update 2016 subnets manually we do this with PowerShell instead, and as you can see with the Windows 2012 it goes quite fast (I have tested on Win 2008 R2 and it works there also).
and here is the small PowerShell bits that do the magic
# Populate Subnets in AD Sites and Services
#
# Niklas Akerlund 2013-05-14Â
for($b=1;$b -le 63 ; $b++){
  for($i=0;$i -le 255){Â
    $Name = "10.10.$b.$i" + "/29"
    $Description = "10.10.$b.$i" + "/255.255.255.248"
    New-ADObject -Name $Name -Type subnet -Description $Description -OtherAttributes @{location="RemoteVPN";siteObject="CN=HQ,CN=Sites,CN=Configuration,DC=lumademo,DC=local"} -Path "CN=Subnets,CN=Sites,CN=Configuration,DC=lumademo,DC=local"   Â
    $i = $i +8
  }
}
And then when you look in the Active Directory Sites and Services you will find all the subnets and that they correlate to the right site.