Part I : Building an AD Domain Testlab with DSC


I often rebuild my testlab from the ground up, and have gotten to the point that setting up my Domain, DHCP, DNS and the like all is a very quick and easy task., But it wasn’t always this way, in fact, I used to spend hours trying just to get DHCP and Domain Controller working.

This is post one of a projected three part series in which we’ll use the magical power of infrastructure as code and embrace the DevOps lifestyle using PowerShell Desired State Configuration. In post one, we’ll start easily and just change the name of our machine and the workgroup, then configure a local admin account in the same doc.

In part II – we’ll configure some Windows Roles, and make this system into a Domain Controller.
In part III – we’ll pull out all of the stops and ensure that our DSC configuration handles DHCP and DNS as well, giving us a one-click DSC Testlab.

Continue reading

Solving the DSC Pull Chicken and Egg problem

My 100th Post, Thank you!

Hi guys, it’s here, my 100th post anniversary special! I want to thank all of my loyal readers, commenters, and the folks who’ve liked my blog over the last 18 months for their input, critique and exciting ideas.

I’d also like to thank my extremely talented friend Joie Brown for designing this wonderful and festive banner for my site to celebrate the occasion! She is a wonderfully skilled artist, illustrator and designer, and you can find out more about her freelance art here at She’s done work for My Little Pony, popular web comics and more, including her own printed comic book! This banner turned out great and I owe her a lot of gratitude for it.

Honestly, the feedback I’ve gotten from Reddit, Twitter and on my site itself is inspiring, and drives me to make better and better content. Thanks for sticking with me, and please, as always, feel free to e-mail me your questions, topic suggestions, or any critique!

DSC’s Chicken and Egg Problem

Part of my series on replacing and reproducing Group Policy using PowerShell Desired State Configuration.

Anyone who’s followed my blog or industry news knows that there is a lot of excitement in the Windows World about the growth of PowerShell and the introduction of Desired State Configuration. DSC will surely grow to replace at least Group Policy, and likely also begin chipping away at Configuration Manager (SCCM or ConfigMan, as it is popularly known) for ConfigMgr’s DCM and software distribution. Just my prediction ūüôā

As I’ve covered before on my blog, Desired State Configuration settings currently come to machines in one of two ways: Push or Pull. Here’s the run-down:

  • DSC Push
    ‚óč A system is built and a devop/admin/sysop pushes a config to the machine by logging on locally and pushing the config down to the system OR
    ‚óč A system is built and then an outside construct pushes the DSC config down to the system remotely, this could be a runbook or some other flavor of Service Management Automation (SMA)
  • DSC Pull
    ‚óč A system is built and then instructed by some mechanism to reach out to an SMB Share or IIS server which is configured as a DSC Pull Server, and the system downloads a configuration from there.

The differences between them highlights one of the current challenges you’ll run into with DSC: while you could write and push a DSC configuration out for every system created, it would really be better to instruct your VMs or physical infrastructure to automatically look for configuration settings as they’re being built. Continue reading

Desired State Configuration – What it is and why you should care

If you’ve been following Microsoft management news, you’ve no doubt heard of Desired State Configuration.¬† You might be wondering what it is.

Let’s start with what it’s not.¬† Many believe that DSC is a feature of PowerShell v4, but this is actually a misconception, as the feature really stems from the Windows Management Framework, but implemented using PowerShell, WMI and WMF.¬† You can use it on any OS compatible with WMF 4.0, which currently includes Server 2008 R2 SP1, Server 2012, 2012 R2, Windows 7 SP1 and Windows 8.1 but not Windows 8, for some reason.

Well, what is it?

I hope to explain that and by the end give you a practical example that isn’t the typical ‘install a web server’ sample you’ve probably seen elsewhere.¬†¬† I’m writing this to expand my own knowledge, and to help share with any who may stumble upon this.¬† If you catch an error I’ve made, please let me know.

[Desired State Configuration is] Microsoft’s Fresh Start for Configuration‚Ķ -Don Jones

When Don Jones makes a pronouncement like this, I tend to listen.¬† The idea behind DSC is to simplify the configuration of Windows, and to eliminate the overlap that exists between GPO, SCCM’s Desired Configuration Manager, Logon Scripts, and other options, and to make it all easy.¬†¬† In the end, ensuring your server configuration doesn’t deviate away from the company standard should be easy, and should be reliable.

Instead of having five or ten GPOs to look through when trying to determine how a particular setting is being inherited, there is one configuration file.  This configuration file is an industry standard Managed Object Framework document, commonly referred to as a MOF file.  Reading and creating MOF files should be an easy and accessible task even for junior level IT people.

It’s as important as Group Policy – Don Jones

DSC extends very deeply into the operating system.¬† It is still quite new, so as time goes on the possibilities for configuration will become greater and greater. ¬†Eventually you’ll be able to configure your servers cradle-to-grave with DSC, and roll out complex products with it too. ¬†Out of the box, you can use the following DSC Resources to control various aspects of your systems.

What do the default DSC Resources allow you to configure?

Registry Ensure that a registry key is present, or not
Script Provides a mechanism to run scripts and evaluate conditions
Archive Zip or unzip files
File Ensure files are present or not
WindowsFeature Ensure that Windows Features are or are not present
Package Install or remove an Application, MSI or Setup.exe
Environment Set Environmental variables
Group Make changes to localgroups
User Make changes to local users
Log Provides a mechanism to log changes enacted by DSC
Service Ensures a service is or is not running
WindowsProcess Ensures that a process is or is not running

In the last few weeks, the PowerShell team has been churning out more and more configuration possibilities.¬† Just two weeks ago, this new Module hit TechNet, allowing for the configuration of VHDs, VM switches and all aspects of Hyper-V.¬† If you’d like to see more, check out the DSC Resource Kit Wave #2, which expands the options even further, allowing for the configuration of Domain Controllers, installation of SQL and much, much more.

Stephen’s Practical Example

Now that I’ve hopefully got some of the explanation out of the way, let’s get into a practical example of the¬† power of DSC.

Continue reading