Anyway from my earlier posts you probably won't realise that I actually specialise in Active Directory, and more specifically in design. So when building test networks for various clients I did have a long commissioning document that I run through un-disturbed in about 5 or 6 hours for a 2 domain model (2 Domain Controller in each) with basic Certificate services installed and configured. However what if you wanted to automate this, on one large project that is what our build team did - fully automated AD build using VB Scripts and ADS (Automated Deployment Services). This allows for someone less knowledgable to install the AD, but more importantly it allows for consistency in the deployments with much of the possible human error removed. This scripts are all well and good, however they are not supportable due to a lack of documentation and lack of commenting in the scripts, and the ownership of the automated build process has shifted to the team I work in so we decided to rewrite it all - in Powershell.
I had played around with powershell in its earlier guise as MONAD, but not really in anger and was interested in learning about it. At this point we had decided to modularise our standard AD design into a base build and a number of extra AD modules that could be implemented depending on what was to be installed into the environment (Exchange, OCS, Sharepoint, etc).
The base build would initially contain a number of things that it would be useful to use powershell to build, the two I was concentrating on initially were GPOs and DCPromo answer file creation (from a config file).
I will concentrate on the GPO problem here though as it was the most interesting, googling for GPO management with Powershell (or similar) does not retrieve a lot of terribly useful stuff but it does return a number of useful starting points th emost useful of which initially I found to be this article from Technet Magazine (extra useful as you can download a file with the script source) - Simplify Group Policy Administration with Windows PowerShell
The main problem I saw straight away was that there are no cmdlets built into powershell to manage GPOs so I had two main options:-
- Creating my own in C#
- Interacting with the COM objects used in the scripts you get with the Group Policy Management Console (GPMC) directly from Powershell.
I am not a programmer so realistically that left me with second option, so I got stuck into the examples provided in the technet article however they didn't cover all of what I needed to do which was the following:-
- Create a number of GPOs
- Import GPOs from a backup taking from a different domain
- Link the GPOs to the relevant OUs
Over the course of the next few posts I will go through how you do this, then from there go into how to pass arguments into the scripts from text files or XML files.
3 comments:
Phil-
Just an FYI that I've created a set of free cmdlets that wrap GPMC functions already, at www.sdmsoftware.com/freeware.php
Darren
Darren
I saw that you had done thess, however, whilst they are freeware I would have been using them for large scale solutions (for implementing GPOs in Integration as well as live enivironments) so I figured this wouldn't be a fair use of freeware. The other reason is that the company I work for at the moment probably wouldn't advocate the use of unsupported freeware (although I am sure it would do the jobs I need to do far easier). Also, more importantly from my point of view it has given me the chance of playing with Powershell and getting to grips with it. Having said all that, I would obviously be interested in learning some more about cmdlet creation if you want to expand on the limited info available from Microsoft :-)
Phil
Fair enough, though just to be clear, in situations such as you mention, you can purchase support for $99/yr for these cmdlets :). This is mentioned on the page where you download them.
Post a Comment