Final tests pass

Author: Jason Helmick

Configurations/POC-MultiRole/VMConfiguration.ps1

@@ -339,7 +339,6 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
             ValueType = 'Dword'
             ValueData = '0'
             Ensure = 'Present'
-            DependsOn = '[xWaitForADDomain]DSCForestWait'
         }
         foreach ($Rule in @(
                 'RemoteDesktop-UserMode-In-TCP',

Configurations/TEST-SingleServer/VMConfiguration.ps1

@@ -346,8 +346,9 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
                 'RemoteDesktop-Shadow-In-TCP'
         )) {
         xFirewall $Rule {
-            Name = $Rule.name
+            Name = $Rule
             Enabled = 'True'
+            DependsOn = '[Registry]RDP'
         }
     } # End RDP
     }

Configurations/TEST-SingleServer/VMConfigurationData.psd1

@@ -127,6 +127,7 @@ demonstrations and would need to be modified for your environment.
 	        Lability_BootOrder = 20
             Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
             Lability_Media = '2016_x64_Standard_EN_Eval'
+            Lability_StartupMemory = 4GB
             Lability_MinimumMemory = 4GB
         }
 <#

Configurations/devops-powershell-fundamentals/VMConfiguration.ps1

@@ -1,6 +1,6 @@
 <# Notes:
 
-Authors: Jason Helmick and Melissa (Missy) Janusko
+Authors: Jason Helmick and Melissa (Missy) Januszko
 
 The bulk of this DC, DHCP, ADCS config is authored by Melissa (Missy) Januszko and Jason Helmick.
 Currently on her public DSC hub located here: https://github.com/majst32/DSC_public.git
@@ -32,6 +32,13 @@ demonstrations and would need to be modified for your environment.
             IPNetwork = '192.168.3.0/24'
             IPNatName = 'LabNat'
             DnsServerAddress = '192.168.3.10'
+
+            # Firewall settings to enable
+            FirewallRuleNames = @(
+                'FPS-ICMP4-ERQ-In';
+                'FPS-ICMP6-ERQ-In';
+                'FPS-SMB-In-TCP'
+            )
 
             # Domain and Domain Controller information
             DomainName = "Company.Pri"
@@ -54,10 +61,22 @@ demonstrations and would need to be modified for your environment.
             DHCPDnsServerIPAddress = '192.168.3.10'
             DHCPRouter = '192.168.3.1'
 
+ 	    # ADCS Certificate Services information
+            CACN = 'Company.Pri'
+            CADNSuffix = "C=US,L=Phoenix,S=Arizona,O=Company"
+            CADatabasePath = "C:\windows\system32\CertLog"
+            CALogPath = "C:\CA_Logs"
+            ADCSCAType = 'EnterpriseRootCA'
+            ADCSCryptoProviderName = 'RSA#Microsoft Software Key Storage Provider'
+            ADCSHashAlgorithmName = 'SHA256'
+            ADCSKeyLength = 2048
+            ADCSValidityPeriod = 'Years'
+            ADCSValidityPeriodUnits = 2
+
             # Lability default node settings
             Lability_SwitchName = 'LabNet'
             Lability_ProcessorCount = 1
-            Lability_StartupMemory = 1GB
+            Lability_MinimumMemory = 1GB
             SecureBoot = $false
             Lability_Media = '2016_x64_Standard_Core_EN_Eval' # Can be Core,Win10,2012R2,nano
                                                        # 2016_x64_Standard_EN_Eval
@@ -74,14 +93,24 @@ demonstrations and would need to be modified for your environment.
                                                        # WIN10_x64_Enterprise_EN_Eval
         }
 
+<#    Available Roles for computers
+        DC = Domain Controller
+        DHCP = Dynamic Host Configuration Protocol
+        ADCS = Active Directory Certificate SErvices - plus autoenrollment GPO's and DSC and web server certs
+        Web = Basic web server
+        RSAT = Remote Server Administration Tools for the client
+        RDP = enables RDP and opens up required firewall rules
+        DomainJoin = joions a computer to the domain
+#>
         @{
             NodeName = 'DC1'
             IPAddress = '192.168.3.10'
-            Role = 'DC'   # multiple roles @('DC', 'DHCP')
+            Role = @('DC', 'DHCP', 'ADCS') 
             Lability_BootOrder = 10
             Lability_BootDelay = 60 # Number of seconds to delay before others
             Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
-            Lability_StartupMemory = 2GB
+            Lability_Media = '2016_x64_Standard_Core_EN_Eval'
+            Lability_MinimumMemory = 2GB
             Lability_ProcessorCount = 2
             CustomBootStrap = @'
                     # This must be set to handle larger .mof files
@@ -92,19 +121,24 @@ demonstrations and would need to be modified for your environment.
         @{
             NodeName = 'S1'
             IPAddress = '192.168.3.50'
-            Role = 'DomainJoin' # example of multiple roles @('DomainJoin', 'Web')
-            Lability_BootOrder = 20
+            #Role = 'DomainJoin' # example of multiple roles @('DomainJoin', 'Web')
+            Role = @('DomainJoin')
+	        Lability_BootOrder = 20
             Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
+            Lability_Media = '2016_x64_Standard_Core_EN_Eval'
         }
 
         @{
             NodeName = 'S2'
             IPAddress = '192.168.3.51'
-            Role = 'DomainJoin' # example of multiple roles @('DomainJoin', 'Web')
-            Lability_BootOrder = 20
+            #Role = 'DomainJoin' # example of multiple roles @('DomainJoin', 'Web')
+            Role = @('DomainJoin')
+	        Lability_BootOrder = 20
             Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
+            Lability_Media = '2016_x64_Standard_Core_EN_Eval'
         }
 
+
        @{
             NodeName = 'N1'
             IPAddress = '192.168.3.60'
@@ -118,22 +152,19 @@ demonstrations and would need to be modified for your environment.
         @{
             NodeName = 'Cli1'
             IPAddress = '192.168.3.100'
-            Role = @('domainJoin', 'RSAT')
+            Role = @('domainJoin', 'RSAT', 'RDP')
             Lability_ProcessorCount = 2
-            Lability_StartupMemory = 4GB
+            Lability_MinimumMemory = 2GB
             Lability_Media = 'WIN10_x64_Enterprise_EN_Eval'
             Lability_BootOrder = 20
             Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
             Lability_Resource = @('Win10RSAT')
             CustomBootStrap = @'
                     # To enable PSRemoting on the client
                     Enable-PSRemoting -SkipNetworkProfileCheck -Force;
-                    # To enable RDP
-                    Set-ItemProperty -Path "HKLM:\System\ControlSet001\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0;
-
 '@
         }
-
+#>
 
     );
     NonNodeData = @{
@@ -178,7 +209,6 @@ demonstrations and would need to be modified for your environment.
                 @{ Name = 'xPendingReboot'; RequiredVersion = '0.3.0.0'; },
 		        @{ Name = 'xADCSDeployment'; RequiredVersion = '1.0.0.0'; }
 
-
             );
             Resource = @(
                 @{

Configurations/devops-powershell-fundamentals/VMConfigurationData.psd1

@@ -71,9 +71,6 @@ It "[DC1] Should have a computer account for S1" {
     $computer.name -contains "S1" | Should Be "True"
 } 
 
-It "[DC1] Should have a computer account for S2" {
-    $computer.name -contains "S2" | Should Be "True"
-} 
 
 
 } #DC
@@ -97,24 +94,6 @@ It "[S1] Should have a DNS server configuration of 192.168.3.10" {
 } #S1
 
 
-Describe S2 {
-    $s2 = New-PSSession -VMName S2 -Credential $cred -ErrorAction SilentlyContinue
-It "Should accept domain admin credential" {
-    $s2.Count | Should Be 1
-}
-
-It "Should have an IP address of 192.168.3.51" {
-    $i = Invoke-command -ScriptBlock { Get-NetIPAddress -interfacealias 'Ethernet' -AddressFamily IPv4} -Session $S2
-    $i.ipv4Address | should be '192.168.3.51'
-}
-$dns = Invoke-Command {Get-DnsClientServerAddress -InterfaceAlias ethernet -AddressFamily IPv4} -session $s2
-It "Should have a DNS server configuration of 192.168.3.10" {                        
-  $dns.ServerAddresses -contains '192.168.3.10' | Should Be "True"           
-}
-
-
-} #S2
-
 Describe NanoServer {
 
 It "[Nano] Should respond to WSMan requests" {