This post is about setting up End User Computing infrastructure prerequisites, like ADCS, DHCP, File Services, SQL, by making use of PowerShell and Desired State Configuration, for home lab purposes.

1. Active Directory Certification Services

Active Directory Certification Services
XCPng-scenario-HomeLab - Github code

1.2. VM provisioning - ADCS - Root CA

Run in (XCP-ng terminal over SSH). It deploys Active Directory Certificate Services - RootCA VM.

/opt/scripts/vm_create_uefi.sh --VmName 'c1_adcsR' --VCpu 4 --CoresPerSocket 2 --MemoryGB 4 --DiskGB 32 --ActivationExpiration 180 --TemplateName 'Windows Server 2022 (64-bit)' --IsoName 'w2k22dtc_2302_untd_nprmpt_uefi.iso' --IsoSRName 'node4_nfs' --NetworkName 'eth1 - VLAN1342 untagged - up' --Mac '2A:47:41:C1:00:19' --StorageName 'node4_ssd_sdg' --VmDescription 'w2k22_dhcp01_ADCS_RootCA'

1.3. VM provisioning - ADCS - Sub CA

Run in (XCP-ng terminal over SSH). It deploys Active Directory Certificate Services - SubCA VM.

/opt/scripts/vm_create_uefi.sh --VmName 'c1_adcsS' --VCpu 4 --CoresPerSocket 2 --MemoryGB 4 --DiskGB 32 --ActivationExpiration 180 --TemplateName 'Windows Server 2022 (64-bit)' --IsoName 'w2k22dtc_2302_untd_nprmpt_uefi.iso' --IsoSRName 'node4_nfs' --NetworkName 'eth1 - VLAN1342 untagged - up' --Mac '2A:47:41:C1:00:18' --StorageName 'node4_ssd_sdf' --VmDescription 'w2k22_dhcp02_ADCS_SubCA'

1.4. VMTools installation - ADCS

Run in XCP-ng terminal over SSH.

xe vm-cd-eject vm='c1_adcsR'
xe vm-cd-insert vm='c1_adcsR' cd-name='Citrix_Hypervisor_821_tools.iso'

xe vm-cd-eject vm='c1_adcsS'
xe vm-cd-insert vm='c1_adcsS' cd-name='Citrix_Hypervisor_821_tools.iso'

1.5. VM initial configuration - ADCS

Run run_InitialSetup.ps1 in the elevated powershell session (VM).
Eject VMTools installation media. Run bash code (XCP-ng terminal over SSH)

xe vm-cd-eject vm='c1_adcsR'
xe vm-cd-eject vm='c1_adcsS'

Now:

login to the VM via XenOrchestra Console window, or any other way you have handy, and get it’s IP address
alternatively if you have a reservation for the mac address on your DHCP server, get the IP from there
XenServer on the CLI does not have a chance to get to know the IP, as there are no VMTools installed yet

1.6. VM DSC configuration - ADCS - RootCA

Run run_initialConfigDsc_workgroup.ps1 in the elevated powershell session (VM).
RootCA is not a member of the domain.

#cmd
#powershell
#Start-Process PowerShell -Verb RunAs
$domainName = 'lab.local'  #FIXME
Set-InitialConfigDsc -NewComputerName $env:computername -Option Workgroup -Verbose

1.7. VM DSC configuration - ADCS - SubCA

Run run_initialConfigDsc_domain.ps1 in the elevated powershell session (VM).
SubCA is member of the domain.

#cmd
#powershell
#Start-Process PowerShell -Verb RunAs
$domainName = 'lab.local'  #FIXME
Set-InitialConfigDsc -NewComputerName $env:computername -Option Domain -DomainName $domainName -Verbose

Summary

It was tested on:

Server 2022 (21H2 - 20348.1547) - Core & Desktop Experience

Last update: 2024.08.14

Tags: HomeLab Microsoft DSC

Active Directory Certificate Services setup

Setup Active Directory Certificate Services with PowerShell and Desired State Configuration

Links