search

dsccommunity / ActiveDirectoryDsc

This module contains DSC resources for deployment and configuration of Active Directory Domain Services.
MIT License
345 stars 142 forks source link

ActiveDirectoryDsc: No reboot after new forest install #653

Closed jimchurches closed 3 years ago

jimchurches commented 3 years ago

Details of the scenario you tried and the problem that is occurring

What am I missing? Help!

Installing a brand new forest on a Windows Server 2019 server the DSC configuration seems to install ADDS without issue, however, the system does not reboot to complete installation/configuration. A reboot is required to complete the installation and configuration of the new ADDS forest.

The DSC configuration I'm using is included below.

I am running this configuration at the PowerShell command prompt interactively and not via a pull server or via the Azure DSC extension. I'm just checking my work before attempting to build into my larger build pipeline in Azure DevOps and Azure ARM templates.

For testing, along with the configuration further below, I just use this code to apply the configuration:

Install-Module -Name PackageManagement -Force
Install-Module -Name PowerShellGet -Force
Install-Module -Name  ComputerManagementDsc -Force
Install-Module -Name  StorageDsc
Install-Module -Name  ActiveDirectoryDsc

## CONFIG FROM SECTION BELOW GOES HERE

$adminCreds = Get-Credential
$safeCreds = $adminCreds

$cd = @{
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
            PSDscAllowDomainUser = $true
        }
    )
}

addsRoot -TimeZone 'AUS Eastern Standard Time' -DomainName 'contoso.com' -SafeModePassword $safeCreds -ConfigurationData $cd -AdminCredentials $adminCreds

$StartDscSplat = @{
    Path = 'C:\Users\t0-administrator\addsRoot'
    ComputerName = 'localhost'
    Force = $true
    Wait = $true
    Verbose = $true
    Debug = $true
}

Start-DscConfiguration @StartDscSplat

Verbose logs showing the problem

[
  {"time": "2021-05-13T04:51:19.563+00:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]      "},
  {"time": "2021-05-13T04:51:23.369+00:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[TimeZone]TimeZoneSet]  "},
  {"time": "2021-05-13T04:51:23.369+00:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[TimeZone]TimeZoneSet]  "},
  {"time": "2021-05-13T04:51:23.400+00:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[TimeZone]TimeZoneSet] Testing the time zone."},
  {"time": "2021-05-13T04:51:23.603+00:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[TimeZone]TimeZoneSet]  in 0.2340 seconds."},
  {"time": "2021-05-13T04:51:23.603+00:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[TimeZone]TimeZoneSet]  "},
  {"time": "2021-05-13T04:51:23.806+00:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[TimeZone]TimeZoneSet] Setting the time zone."},
  {"time": "2021-05-13T14:51:23.822+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[TimeZone]TimeZoneSet]  in 0.2190 seconds."},
  {"time": "2021-05-13T14:51:23.822+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[TimeZone]TimeZoneSet]  "},
  {"time": "2021-05-13T14:51:23.822+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[WaitForDisk]DataDisk]  "},
  {"time": "2021-05-13T14:51:23.822+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[WaitForDisk]DataDisk]  "},
  {"time": "2021-05-13T14:51:23.837+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WaitForDisk]DataDisk] Test-TargetResource: Checking for disk with Number '2'."},
  {"time": "2021-05-13T14:51:27.541+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WaitForDisk]DataDisk] Test-TargetResource: Found disk with Number '2' named 'Msft Virtual Disk'."},
  {"time": "2021-05-13T14:51:27.556+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[WaitForDisk]DataDisk]  in 3.7340 seconds."},
  {"time": "2021-05-13T14:51:27.556+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Skip   Set      ]  [[WaitForDisk]DataDisk]  "},
  {"time": "2021-05-13T14:51:27.556+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[WaitForDisk]DataDisk]  "},
  {"time": "2021-05-13T14:51:27.556+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[Disk]DataDisk]  "},
  {"time": "2021-05-13T14:51:27.556+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[Disk]DataDisk]  "},
  {"time": "2021-05-13T14:51:27.588+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Test-TargetResource: Testing disk with Number '2' status for drive letter 'Z'."},
  {"time": "2021-05-13T14:51:27.681+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Test-TargetResource: Checking if disk with Number '2' is initialized."},
  {"time": "2021-05-13T14:51:27.884+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Test-TargetResource: Disk with Number '2' is initialized with partition style 'RAW' but 'GPT' is required."},
  {"time": "2021-05-13T14:51:27.884+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[Disk]DataDisk]  in 0.3280 seconds."},
  {"time": "2021-05-13T14:51:27.884+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[Disk]DataDisk]  "},
  {"time": "2021-05-13T14:51:27.931+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Setting disk with Number '2' status for drive letter 'Z'."},
  {"time": "2021-05-13T14:51:28.088+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Checking disk with Number '2' partition style."},
  {"time": "2021-05-13T14:51:28.088+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Initializing disk with Number '2' as 'GPT'."},
  {"time": "2021-05-13T14:51:28.588+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Disk with Number '2' does not contain a partition assigned to drive letter 'Z'."},
  {"time": "2021-05-13T14:51:28.588+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Disk with Number '2' already contains partitions, but size parameter is not specified."},
  {"time": "2021-05-13T14:51:28.634+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Creating partition on disk with Number '2' with drive letter 'Z' using all free space."},
  {"time": "2021-05-13T14:51:29.775+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: New partition '2' on disk with Number '2' is readonly. Waiting for it to become writable."},
  {"time": "2021-05-13T14:51:30.917+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: New partition '2' on disk with Number '2' is readonly. Waiting for it to become writable."},
  {"time": "2021-05-13T14:51:31.940+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: New partition '2' on disk with Number '2' is readonly. Waiting for it to become writable."},
  {"time": "2021-05-13T14:51:33.176+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[Disk]DataDisk] Set-TargetResource: Formatting the volume as 'NTFS'."},
  {"time": "2021-05-13T14:51:36.239+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[Disk]DataDisk]  in 8.3550 seconds."},
  {"time": "2021-05-13T14:51:36.239+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[Disk]DataDisk]  "},
  {"time": "2021-05-13T14:51:36.239+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[WindowsFeature]DNS]  "},
  {"time": "2021-05-13T14:51:36.239+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[WindowsFeature]DNS]  "},
  {"time": "2021-05-13T14:51:37.115+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] The operation 'Get-WindowsFeature' started: DNS"},
  {"time": "2021-05-13T14:51:37.958+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] The operation 'Get-WindowsFeature' succeeded: DNS"},
  {"time": "2021-05-13T14:51:38.115+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[WindowsFeature]DNS]  in 1.8760 seconds."},
  {"time": "2021-05-13T14:51:38.115+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[WindowsFeature]DNS]  "},
  {"time": "2021-05-13T14:51:38.240+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Installation started... "},
  {"time": "2021-05-13T14:51:39.021+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Continue with installation?"},
  {"time": "2021-05-13T14:51:39.021+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Prerequisite processing started..."},
  {"time": "2021-05-13T14:51:41.453+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] The following recommended condition is not met for DNS: No static IP addresses were found on this computer. If the IP address changes, clients might not be able to contact this server. Please configure a static IP address on this computer before installing DNS Server."},
  {"time": "2021-05-13T14:51:41.469+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Prerequisite processing succeeded."},
  {"time": "2021-05-13T14:52:14.657+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Installation succeeded."},
  {"time": "2021-05-13T14:52:14.657+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS] Successfully installed the feature DNS."},
  {"time": "2021-05-13T14:52:14.673+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[WindowsFeature]DNS]  in 36.5580 seconds."},
  {"time": "2021-05-13T14:52:14.673+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[WindowsFeature]DNS]  "},
  {"time": "2021-05-13T14:52:14.673+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[WindowsFeature]DNS_RSAT]  "},
  {"time": "2021-05-13T14:52:14.673+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[WindowsFeature]DNS_RSAT]  "},
  {"time": "2021-05-13T14:52:14.751+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] The operation 'Get-WindowsFeature' started: RSAT-DNS-Server"},
  {"time": "2021-05-13T14:52:16.064+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] The operation 'Get-WindowsFeature' succeeded: RSAT-DNS-Server"},
  {"time": "2021-05-13T14:52:16.064+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[WindowsFeature]DNS_RSAT]  in 1.3910 seconds."},
  {"time": "2021-05-13T14:52:16.064+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[WindowsFeature]DNS_RSAT]  "},
  {"time": "2021-05-13T14:52:16.095+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Installation started... "},
  {"time": "2021-05-13T14:52:16.611+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Continue with installation?"},
  {"time": "2021-05-13T14:52:16.611+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Prerequisite processing started..."},
  {"time": "2021-05-13T14:52:18.642+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Prerequisite processing succeeded."},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Installation succeeded."},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]DNS_RSAT] Successfully installed the feature RSAT-DNS-Server."},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[WindowsFeature]DNS_RSAT]  in 29.6340 seconds."},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[WindowsFeature]DNS_RSAT]  "},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[WindowsFeature]ADDS]  "},
  {"time": "2021-05-13T14:52:45.698+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[WindowsFeature]ADDS]  "},
  {"time": "2021-05-13T14:52:45.901+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] The operation 'Get-WindowsFeature' started: AD-Domain-Services"},
  {"time": "2021-05-13T14:52:46.916+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] The operation 'Get-WindowsFeature' succeeded: AD-Domain-Services"},
  {"time": "2021-05-13T14:52:46.916+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[WindowsFeature]ADDS]  in 1.2180 seconds."},
  {"time": "2021-05-13T14:52:46.916+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[WindowsFeature]ADDS]  "},
  {"time": "2021-05-13T14:52:47.041+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Installation started... "},
  {"time": "2021-05-13T14:52:47.604+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Continue with installation?"},
  {"time": "2021-05-13T14:52:47.604+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Prerequisite processing started..."},
  {"time": "2021-05-13T14:52:50.145+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Prerequisite processing succeeded."},
  {"time": "2021-05-13T14:53:48.129+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Installation succeeded."},
  {"time": "2021-05-13T14:53:48.129+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]ADDS] Successfully installed the feature AD-Domain-Services."},
  {"time": "2021-05-13T14:53:48.144+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[WindowsFeature]ADDS]  in 61.2280 seconds."},
  {"time": "2021-05-13T14:53:48.144+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[WindowsFeature]ADDS]  "},
  {"time": "2021-05-13T14:53:48.144+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[WindowsFeature]RSAT_AD_PowerShell]  "},
  {"time": "2021-05-13T14:53:48.144+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[WindowsFeature]RSAT_AD_PowerShell]  "},
  {"time": "2021-05-13T14:53:48.301+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]RSAT_AD_PowerShell] The operation 'Get-WindowsFeature' started: RSAT-AD-PowerShell"},
  {"time": "2021-05-13T14:53:49.035+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[WindowsFeature]RSAT_AD_PowerShell] The operation 'Get-WindowsFeature' succeeded: RSAT-AD-PowerShell"},
  {"time": "2021-05-13T14:53:49.035+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[WindowsFeature]RSAT_AD_PowerShell]  in 0.8910 seconds."},
  {"time": "2021-05-13T14:53:49.035+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Skip   Set      ]  [[WindowsFeature]RSAT_AD_PowerShell]  "},
  {"time": "2021-05-13T14:53:49.066+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[WindowsFeature]RSAT_AD_PowerShell]  "},
  {"time": "2021-05-13T14:53:49.098+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[RemoteDesktopAdmin]RemoteDesktopSettings]  "},
  {"time": "2021-05-13T14:53:49.098+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[RemoteDesktopAdmin]RemoteDesktopSettings]  "},
  {"time": "2021-05-13T14:53:49.176+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[RemoteDesktopAdmin]RemoteDesktopSettings] Getting Remote Desktop Admin settings."},
  {"time": "2021-05-13T14:53:49.238+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[RemoteDesktopAdmin]RemoteDesktopSettings]  in 0.1400 seconds."},
  {"time": "2021-05-13T14:53:49.238+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Skip   Set      ]  [[RemoteDesktopAdmin]RemoteDesktopSettings]  "},
  {"time": "2021-05-13T14:53:49.238+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[RemoteDesktopAdmin]RemoteDesktopSettings]  "},
  {"time": "2021-05-13T14:53:49.238+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Resource ]  [[ADDomain]contoso.com]  "},
  {"time": "2021-05-13T14:53:49.238+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Test     ]  [[ADDomain]contoso.com]  "},
  {"time": "2021-05-13T14:53:49.723+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] The domain 'contoso.com' is NOT in the desired state. (ADD0009)"},
  {"time": "2021-05-13T14:53:49.723+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Test     ]  [[ADDomain]contoso.com]  in 0.4850 seconds."},
  {"time": "2021-05-13T14:53:49.723+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ Start  Set      ]  [[ADDomain]contoso.com]  "},
  {"time": "2021-05-13T14:53:49.832+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Creating AD forest 'contoso.com'. (ADD0006)"},
  {"time": "2021-05-13T14:53:50.051+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Active Directory Domain Services Setup\n"},
  {"time": "2021-05-13T14:53:50.066+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Validating environment and parameters..."},
  {"time": "2021-05-13T14:53:50.738+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Windows Server 2019 domain controllers have a default for the security setting named \"Allow cryptography algorithms compatible with Windows NT 4.0\" that prevents weaker cryptography algorithms when establishing security channel sessions.\r\n\r\nFor more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).\r\n\r\n"},
  {"time": "2021-05-13T14:54:09.520+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] This computer has at least one physical network adapter that does not have static IP address(es) assigned to its IP Properties. If both IPv4 and IPv6 are enabled for a network adapter, both IPv4 and IPv6 static IP addresses should be assigned to both IPv4 and IPv6 Properties of the physical network adapter. Such static IP address(es) assignment should be done to all the physical network adapters for reliable Domain Name System (DNS) operation.\r\n\r\n"},
  {"time": "2021-05-13T14:54:09.676+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain \"contoso.com\". Otherwise, no action is required.\r\n\r\n"},
  {"time": "2021-05-13T14:54:09.692+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] ----------------------------------------"},
  {"time": "2021-05-13T14:54:09.692+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] The following actions will be performed:"},
  {"time": "2021-05-13T14:54:09.692+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Configure this server as the first Active Directory domain controller in a new forest.\r\n\r\nThe new domain name is \"contoso.com\". This is also the name of the new forest.\r\n\r\nThe NetBIOS name of the domain is \"CONTOSO\".\r\n\r\nForest Functional Level: Windows Server 2019\r\n\r\nDomain Functional Level: Windows Server 2019\r\n\r\nSite: Default-First-Site-Name\r\n\r\nAdditional Options:\r\n  Read-only domain controller: \"No\"\r\n  Global catalog: Yes\r\n  DNS Server: Yes\r\n\r\nCreate DNS Delegation: No\r\n\r\nDatabase folder: Z:\\Windows\\NTDS\r\nLog file folder: Z:\\Windows\\NTDS\r\nSYSVOL folder: Z:\\Windows\\Sysvol\r\n\r\nThe DNS Server service will be configured on this computer.\r\nThis computer will be configured to use this DNS server as its preferred DNS server.\r\n\r\nThe password of the new domain Administrator will be the same as the password of the local Administrator of this computer."},
  {"time": "2021-05-13T14:54:09.692+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] ----------------------------------------"},
  {"time": "2021-05-13T14:54:09.895+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Active Directory Domain Services Setup\n"},
  {"time": "2021-05-13T14:54:09.895+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Validating environment and parameters..."},
  {"time": "2021-05-13T14:54:10.457+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Windows Server 2019 domain controllers have a default for the security setting named \"Allow cryptography algorithms compatible with Windows NT 4.0\" that prevents weaker cryptography algorithms when establishing security channel sessions.\r\n\r\nFor more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).\r\n\r\n"},
  {"time": "2021-05-13T14:54:24.416+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] This computer has at least one physical network adapter that does not have static IP address(es) assigned to its IP Properties. If both IPv4 and IPv6 are enabled for a network adapter, both IPv4 and IPv6 static IP addresses should be assigned to both IPv4 and IPv6 Properties of the physical network adapter. Such static IP address(es) assignment should be done to all the physical network adapters for reliable Domain Name System (DNS) operation.\r\n\r\n"},
  {"time": "2021-05-13T14:54:24.557+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain \"contoso.com\". Otherwise, no action is required.\r\n\r\n"},
  {"time": "2021-05-13T14:54:24.557+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] ----------------------------------------"},
  {"time": "2021-05-13T14:54:24.557+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] The following actions will be performed:"},
  {"time": "2021-05-13T14:54:24.557+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Configure this server as the first Active Directory domain controller in a new forest.\r\n\r\nThe new domain name is \"contoso.com\". This is also the name of the new forest.\r\n\r\nThe NetBIOS name of the domain is \"CONTOSO\".\r\n\r\nForest Functional Level: Windows Server 2019\r\n\r\nDomain Functional Level: Windows Server 2019\r\n\r\nSite: Default-First-Site-Name\r\n\r\nAdditional Options:\r\n  Read-only domain controller: \"No\"\r\n  Global catalog: Yes\r\n  DNS Server: Yes\r\n\r\nCreate DNS Delegation: No\r\n\r\nDatabase folder: Z:\\Windows\\NTDS\r\nLog file folder: Z:\\Windows\\NTDS\r\nSYSVOL folder: Z:\\Windows\\Sysvol\r\n\r\nThe DNS Server service will be configured on this computer.\r\nThis computer will be configured to use this DNS server as its preferred DNS server.\r\n\r\nThe password of the new domain Administrator will be the same as the password of the local Administrator of this computer."},
  {"time": "2021-05-13T14:54:24.557+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] ----------------------------------------"},
  {"time": "2021-05-13T14:54:49.475+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Press CTRL-C to: Cancel"},
  {"time": "2021-05-13T14:56:59.445+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] Active Directory Domain Services is now installed on this computer for the domain \"contoso.com\".\r\n\r\nThis Active Directory domain controller is assigned to the site \"Default-First-Site-Name\". You can manage sites with the Active Directory Sites and Services administrative tool."},
  {"time": "2021-05-13T14:56:59.461+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [[ADDomain]contoso.com] AD forest 'contoso.com' created. (ADD0007)"},
  {"time": "2021-05-13T14:56:59.508+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]  [[ADDomain]contoso.com]  in 189.7850 seconds."},
  {"time": "2021-05-13T14:56:59.508+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Resource ]  [[ADDomain]contoso.com]  "},
  {"time": "2021-05-13T14:56:59.508+10:00", "type": "verbose", "message": "[vm-forrest-root]:                            [] A reboot is required to progress further. Please reboot the system."},
  {"time": "2021-05-13T14:56:59.508+10:00", "type": "warning", "message": "[vm-forrest-root]:                            [] A reboot is required to progress further. Please reboot the system."},
  {"time": "2021-05-13T14:56:59.586+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]      "},
  {"time": "2021-05-13T14:56:59.586+10:00", "type": "verbose", "message": "[vm-forrest-root]: LCM:  [ End    Set      ]    in  340.0230 seconds."}
]

Suggested solution to the issue

Target node reboots after Active Directory is installed/configured.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration Main {

    [CmdletBinding()]
    Param (

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $DomainName,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $AdminCredentials,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $SafeModePassword,

        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]
        $ADDSDataDisk = "Z",

        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]
        $TimeZone = 'AUS Eastern Standard Time',

        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]
        $Locale = 'en-AU'

    )

    # Import DSC resources
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName ComputerManagementDsc
    Import-DscResource -ModuleName StorageDsc
    Import-DscResource -ModuleName ActiveDirectoryDsc

    Node 'localhost' {

        LocalConfigurationManager {
            ConfigurationMode = 'ApplyAndAutoCorrect'
            RebootNodeIfNeeded = $true
            ActionAfterReboot = 'ContinueConfiguration'
            AllowModuleOverwrite = $true
        }

        SystemLocale SystemLocale {
            IsSingleInstance = 'Yes'
            SystemLocale = $Locale
        }

        TimeZone 'TimeZoneSet' {
            IsSingleInstance = 'Yes'
            TimeZone = $TimeZone
        }

        WaitForDisk 'DataDisk' {
            DiskId = 2
            RetryIntervalSec = 60
            RetryCount = 60
        }

        Disk 'DataDisk' {
            DiskId = 2
            DriveLetter = $ADDSDataDisk
            FSLabel = 'Data'
            FSFormat = 'NTFS'
            PartitionStyle = 'GPT'
            DependsOn = '[WaitForDisk]DataDisk'
        }

        WindowsFeature 'DNS' {
            Name = 'DNS'
            Ensure = 'Present'
        }

        WindowsFeature 'DNS_RSAT' {
            Ensure = "Present"
            Name = "RSAT-DNS-Server"
        }

        WindowsFeature 'ADDS' {
            Name = 'AD-Domain-Services'
            Ensure = 'Present'
        }

        WindowsFeature 'RSAT_AD_PowerShell' {
            Name = 'RSAT-AD-PowerShell'
            Ensure = 'Present'
        }

        ADDomain $DomainName {
            DomainName = $DomainName
            Credential = $AdminCredentials
            SafemodeAdministratorPassword = $SafeModePassword
            ForestMode = 'WinThreshold'
            DomainMode = 'WinThreshold'
            DatabasePath = "${ADDSDataDisk}:\Windows\NTDS"
            LogPath = "${ADDSDataDisk}:\Windows\NTDS"
            SysvolPath = "${ADDSDataDisk}:\Windows\Sysvol"
            DependsOn = '[Disk]DataDisk'
        }

        WaitForADDomain $DomainName {
            DomainName = $DomainName
            Credential = $AdminCredentials
            RestartCount = 1
            DependsOn = "[ADDomain]$DomainName"
        }

        ADOptionalFeature 'RecycleBin' {
            FeatureName = "Recycle Bin Feature"
            EnterpriseAdministratorCredential = $AdminCredentials
            ForestFQDN = $DomainName
            DependsOn = "[WaitForADDomain]$DomainName"
        }

        ADKDSKey 'KDSRootKey' {
            Ensure = 'Present'
            EffectiveTime = "01/01/2021"
            AllowUnsafeEffectiveTime = $true
            DependsOn = "[WaitForADDomain]$DomainName"
        }

        RemoteDesktopAdmin 'RemoteDesktopSettings' {
            IsSingleInstance = 'Yes'
            Ensure = 'Present'
            UserAuthentication = 'Secure'
            DependsOn = "[WaitForADDomain]$DomainName"
        }

    }

}

The operating system the target node is running

OsName : Microsoft Windows Server 2019 Datacenter OsOperatingSystemSKU : DatacenterServerEdition OsArchitecture : 64-bit WindowsVersion : 1809 WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434 OsLanguage : en-US OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

Name Value

PSVersion 5.1.17763.1852
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.1852
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used

6.0.1

johlju commented 3 years ago

Did you use Set-DscLocalConfigurationManager to configure the LCM on the target node with the meta configuration? See how to write the configuration here https://docs.microsoft.com/en-us/powershell/scripting/dsc/managing-nodes/metaconfig?view=powershell-5.1.

jimchurches commented 3 years ago

Doh!

That will be it!

I'm use to that being handled in my automation (I think the DSC extension takes care of that for me?) and messing around at the command prompt I have missed the step.

I will check tomorrow when back in the office. Feeling dumb.

jimchurches commented 3 years ago

So as @johlju points out, I've missed a step with Set-DscLocalConfigurationManager . This step is done for you via the Azure DSC Extension so I'd forgotten about it from my pre-Azure days. Thanks for the help.

I have updated my config in the original post above just so my fully working configuration is included in the post.

johlju commented 3 years ago

No worries. Glad I could help 😃

adamency commented 2 years ago

@jimchurches Excuse me for bothering you, would you mind explaining exactly what we are supposed to do with Set-DscLocalConfigurationManager to make DSC restart the system as part of the configuration ?