Desktop access setup script should be idempotent

[webvictim]

What would you like Teleport to do?

The desktop access setup script that we recommend users run when adding a windows_desktop_service to their cluster using Teleport Discover is not idempotent. If it encounters an error and exits early, it cannot be rerun after the issue is fixed without manually undoing all the previous steps it completed. The script should add more error checking and become idempotent, so previous steps are skipped if they've already been completed.

What problem does this solve?

Desktop access via Teleport is complicated to set up. The script is highly likely to fail due to environment constraints and sporadic issues, which makes the setup process even more complicated.

If a workaround exists, please include it.

Ignore the script and follow the manual setup guide. Frustrating experience.

[mighty-services]

Hy there, I recommend to either change the first line to "Continue" or "SilentlyContinue"

[mighty-services]

since I had trouble with the script anyway and had to apply it several times, I created some better workarounds like "silently continue". Here´s my suggestion:

1) already existing User: before:

New-ADObject -Name "Teleport" -Type "container" -Path "CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,$DOMAIN_DN"

after:

if (-not (Get-ADObject -identity "CN=Teleport,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,$DOMAIN_DN")){
    New-ADObject -Name "Teleport" -Type "container" -Path "CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,$DOMAIN_DN"
}

2) already existing GPOs: before:

New-GPO -Name $BLOCK_GPO_NAME | New-GPLink -Target $DOMAIN_DN

after:

if (-not (Get-GPO -Name $BLOCK_GPO_NAME)) {
    New-GPO -Name $BLOCK_GPO_NAME | New-GPLink -Target $DOMAIN_DN
}

3) already existing Directory or file: simply add "-Force" to it and the item will be overwritten.

4)