New Configurations for CDN
Last updated on September 1, 2021.
Document Status: Document Feature Complete as of September 1, 2021; PENDING EXTERNAL REVIEW.
Overview
The following document describes the configuration changes from RPS v3.1 to v4.0.0 and provides a PowerShell script which can be executed by the LSI when implementing a new RPS deployment.
Script
# We no longer need DSC resource Rps_xDFSR
$contentStoreBasePath = <Content Store Base Path>
Remove-Item (Join-Path $contentStoreBasePath -ChildPath "DSC\Modules\RPS_xDFSR") -Recurse
# The 'WebApiServiceAccount' needs to belong to the 'DFSRAdministrators' group
Add-ADGroupMember -Identity DFSRAdministrators -Members WebApiServiceAccount
# New Active Directory configurations for 'DFSRAdministrators' group
$domain = Get-RpsResourceItem -Type ADDomain -Name <domain name>
$accessEntryName = "CN=Computers,$($domain.Path)"
$accessEntry = New-RpsResourceItem -Type $Rps.ResourceTypes.ADAccessEntry -Name $accessEntryName -Properties @{
DistinguishedName = $accessEntryName
}
$accessControlList = New-RpsResourceItem -Type $Rps.ResourceTypes.ADAccessControlList -Name 'CN=Computers-AdAccessControlList1' -Parent $accessEntry -Properties @{
Principal = 'DFSRAdministrators'
}
$null = New-RpsResourceItem -Type $Rps.ResourceTypes.ADAccessRule -Name 'CN=Computers-ADAccessRule3' -Parent $accessControlList -Properties @{
AccessControlType = 'Allow'
ActiveDirectoryRights = 'GenericAll'
InheritanceType = 'Descendents'
InheritedObjectType = 'ms-DFSR-LocalSettings'
ObjectType = ''
Ensure = 'Present'
}
$null = New-RpsResourceItem -Type $Rps.ResourceTypes.ADAccessRule -Name 'CN=Computers-ADAccessRule4' -Parent $accessControlList -Properties @{
AccessControlType = 'Allow'
ActiveDirectoryRights = 'CreateChild,DeleteChild'
InheritanceType = 'Descendants'
InheritedObjectType = 'Computer'
ObjectType = 'ms-DFSR-LocalSettings'
Ensure = 'Present'
}
Note
The DFSRAdmin user account is no longer required and can be removed from the CMDB.